问题
I have not been able to find an answer as to what is used to generate the primes with BN_generate_prime in openssl/bn.h. Also, how would I seed whatever PRNG that this function uses?
Separate question but relevant to my code (I'm writing a program to generate RSA key pairs): how would I check if the high order bit is set in a BIGNUM? Say I generate a 512 bit prime. Would I use BN_is_bit_set(prime, 512)?
Thanks
回答1:
BN_generate_prime is a deprecated function, says here. Also, it is defined in crypto/bn_depr.c. You shouldn't use it to generate primes. Instead, you should use BN_generate_prime_ex. Here's the sample usage of BN_generate_prime_ex:
BIGNUM *r;
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
r = BN_new();
RAND_seed(rnd_seed, sizeof rnd_seed); /* or BN_generate_prime_ex may fail */
BN_generate_prime_ex(r, 512, 0, NULL, NULL, NULL);
BN_free(r);
Then you'll have a 512-bit pseudo-random prime number. As the above example, you can seed the PRNG by RAND_seed.
For the second question, try BN_num_bits.
来源:https://stackoverflow.com/questions/18245901/how-to-seed-the-prng-for-bn-generate-prime