1 files changed, 289 insertions, 0 deletions
diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3
new file mode 100644
index 0000000000..e269571914
--- /dev/null
+++ b/src/lib/libcrypto/man/BN_generate_prime.3
@@ -0,0 +1,289 @@
+.Dd $Mdocdate: February 23 2015 $
+.Dt BN_GENERATE_PRIME 3
+.Os
+.Sh NAME
+.Nm BN_generate_prime_ex ,
+.Nm BN_is_prime_ex ,
+.Nm BN_is_prime_fasttest_ex ,
+.Nm BN_GENCB_call ,
+.Nm BN_GENCB_set_old ,
+.Nm BN_GENCB_set ,
+.Nm BN_generate_prime ,
+.Nm BN_is_prime ,
+.Nm BN_is_prime_fasttest
+.Nd generate primes and test for primality
+.Sh SYNOPSIS
+.In openssl/bn.h
+.Ft int
+.Fo BN_generate_prime_ex
+.Fa "BIGNUM *ret"
+.Fa "int bits"
+.Fa "int safe"
+.Fa "const BIGNUM *add"
+.Fa "const BIGNUM *rem"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest_ex
+.Fa "const BIGNUM *p"
+.Fa "int nchecks"
+.Fa "BN_CTX *ctx"
+.Fa "int do_trial_division"
+.Fa "BN_GENCB *cb"
+.Fc
+.Ft int
+.Fo BN_GENCB_call
+.Fa "BN_GENCB *cb"
+.Fa "int a"
+.Fa "int b"
+.Fc
+.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ...
+.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ...
+.Pp
+Deprecated:
+.Pp
+.Ft BIGNUM *
+.Fo BN_generate_prime
+.Fa "BIGNUM *ret"
+.Fa "int num"
+.Fa "int safe"
+.Fa "BIGNUM *add"
+.Fa "BIGNUM *rem"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fc
+.Ft int
+.Fo BN_is_prime_fasttest
+.Fa "const BIGNUM *a"
+.Fa "int checks"
+.Fa "void (*callback)(int, int, void *)"
+.Fa "BN_CTX *ctx"
+.Fa "void *cb_arg"
+.Fa "int do_trial_division"
+.Fc
+.Sh DESCRIPTION
+.Fn BN_generate_prime_ex
+generates a pseudo-random prime number of bit length
+.Fa bits .
+If
+.Fa ret
+is not
+.Dv NULL ,
+it will be used to store the number.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+it is used as follows:
+.Bl -bullet
+.It
+.Fn BN_GENCB_call cb 0 i
+is called after generating the i-th potential prime number.
+.It
+While the number is being tested for primality,
+.Fn BN_GENCB_call cb 1 j
+is called as described below.
+.It
+When a prime has been found,
+.Fn BN_GENCB_call cb 2 i
+is called.
+.El
+.Pp
+The prime may have to fulfill additional requirements for use in
+Diffie-Hellman key exchange:
+.Pp
+If
+.Fa add
+is not
+.Dv NULL ,
+the prime will fulfill the condition p %
+.Fa add
+==
+.Fa rem
+(p %
+.Fa add
+== 1 if
+.Fa rem
+==
+.Dv NULL )
+in order to suit a given generator.
+.Pp
+If
+.Fa safe
+is true, it will be a safe prime (i.e. a prime p so that (p-1)/2
+is also prime).
+.Pp
+The prime number generation has a negligible error probability.
+.Pp
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+test if the number
+.Fa p
+is prime.
+The following tests are performed until one of them shows that
+.Fa p
+is composite; if
+.Fa p
+passes all these tests, it is considered prime.
+.Pp
+.Fn BN_is_prime_fasttest_ex ,
+when called with
+.Fa do_trial_division
+== 1, first attempts trial division by a number of small primes;
+if no divisors are found by this test and
+.Fa cb
+is not
+.Dv NULL ,
+.Sy BN_GENCB_call(cb, 1, -1)
+is called.
+If
+.Fa do_trial_division
+== 0, this test is skipped.
+.Pp
+Both
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+perform a Miller-Rabin probabilistic primality test with
+.Fa nchecks
+iterations.
+If
+.Fa nchecks
+==
+.Dv BN_prime_checks ,
+a number of iterations is used that yields a false positive rate of at
+most 2^-80 for random input.
+.Pp
+If
+.Fa cb
+is not
+.Dv NULL ,
+.Fa BN_GENCB_call cb 1 j
+is called after the j-th iteration (j = 0, 1, ...).
+.Fa ctx
+is a pre-allocated
+.Vt BN_CTX
+(to save the overhead of allocating and freeing the structure in a
+loop), or
+.Dv NULL .
+.Pp
+.Fn BN_GENCB_call
+calls the callback function held in the
+.Vt BN_GENCB
+structure and passes the ints
+.Fa a
+and
+.Fa b
+as arguments.
+There are two types of
+.Vt BN_GENCB
+structures that are supported: "new" style and "old" style.
+New programs should prefer the "new" style, whilst the "old" style is
+provided for backwards compatibility purposes.
+.Pp
+For "new" style callbacks a
+.Vt BN_GENCB
+structure should be initialised with a call to
+.Fn BN_GENCB_set ,
+where
+.Fa gencb
+is a
+.Vt BN_GENCB * ,
+.Fa callback
+is of type
+.Vt int (*callback)(int, int, BN_GENCB *)
+and
+.Fa cb_arg
+is a
+.Vt void * .
+"Old" style callbacks are the same except they are initialised with a
+call to
+.Fn BN_GENCB_set_old
+and
+.Fa callback
+is of type
+.Vt void (*callback)(int, int, void *) .
+.Pp
+A callback is invoked through a call to
+.Fn BN_GENCB_call .
+This will check the type of the callback and will invoke
+.Fn callback a b gencb
+for new style callbacks or
+.Fn callback a b cb_arg
+for old style.
+.Pp
+.Fn BN_generate_prime
+(deprecated) works in the same way as
+.Fn BN_generate_prime_ex
+but expects an old style callback function directly in the
+.Fa callback
+parameter, and an argument to pass to it in the
+.Fa cb_arg .
+Similarly
+.Fn BN_is_prime
+and
+.Fn BN_is_prime_fasttest
+are deprecated and can be compared to
+.Fn BN_is_prime_ex
+and
+.Fn BN_is_prime_fasttest_ex
+respectively.
+.Sh RETURN VALUES
+.Fn BN_generate_prime_ex
+returns 1 on success or 0 on error.
+.Pp
+.Fn BN_is_prime_ex ,
+.Fn BN_is_prime_fasttest_ex ,
+.Fn BN_is_prime ,
+and
+.Fn BN_is_prime_fasttest
+return 0 if the number is composite, 1 if it is prime with an error
+probability of less than
+.Pf 0.25^ Fa nchecks ,
+and -1 on error.
+.Pp
+.Fn BN_generate_prime
+returns the prime number on success,
+.Dv NULL
+otherwise.
+.Pp
+Callback functions should return 1 on success or 0 on error.
+.Pp
+The error codes can be obtained by
+.Xr ERR_get_error 3 .
+.Sh SEE ALSO
+.Xr bn 3 ,
+.Xr ERR_get_error 3 ,
+.Xr rand 3
+.Sh HISTORY
+The
+.Fa cb_arg
+arguments to
+.Fn BN_generate_prime
+and to
+.Fn BN_is_prime
+were added in SSLeay 0.9.0.
+The
+.Fa ret
+argument to
+.Fn BN_generate_prime
+was added in SSLeay 0.9.1.
+.Fn BN_is_prime_fasttest
+was added in OpenSSL 0.9.5.

diff --git a/src/lib/libcrypto/man/BN_generate_prime.3 b/src/lib/libcrypto/man/BN_generate_prime.3 new file mode 100644 index 0000000000..e269571914 --- /dev/null +++ b/src/lib/libcrypto/man/BN_generate_prime.3
@@ -0,0 +1,289 @@
	1	.Dd $Mdocdate: February 23 2015 $
	2	.Dt BN_GENERATE_PRIME 3
	3	.Os
	4	.Sh NAME
	5	.Nm BN_generate_prime_ex ,
	6	.Nm BN_is_prime_ex ,
	7	.Nm BN_is_prime_fasttest_ex ,
	8	.Nm BN_GENCB_call ,
	9	.Nm BN_GENCB_set_old ,
	10	.Nm BN_GENCB_set ,
	11	.Nm BN_generate_prime ,
	12	.Nm BN_is_prime ,
	13	.Nm BN_is_prime_fasttest
	14	.Nd generate primes and test for primality
	15	.Sh SYNOPSIS
	16	.In openssl/bn.h
	17	.Ft int
	18	.Fo BN_generate_prime_ex
	19	.Fa "BIGNUM *ret"
	20	.Fa "int bits"
	21	.Fa "int safe"
	22	.Fa "const BIGNUM *add"
	23	.Fa "const BIGNUM *rem"
	24	.Fa "BN_GENCB *cb"
	25	.Fc
	26	.Ft int
	27	.Fo BN_is_prime_ex
	28	.Fa "const BIGNUM *p"
	29	.Fa "int nchecks"
	30	.Fa "BN_CTX *ctx"
	31	.Fa "BN_GENCB *cb"
	32	.Fc
	33	.Ft int
	34	.Fo BN_is_prime_fasttest_ex
	35	.Fa "const BIGNUM *p"
	36	.Fa "int nchecks"
	37	.Fa "BN_CTX *ctx"
	38	.Fa "int do_trial_division"
	39	.Fa "BN_GENCB *cb"
	40	.Fc
	41	.Ft int
	42	.Fo BN_GENCB_call
	43	.Fa "BN_GENCB *cb"
	44	.Fa "int a"
	45	.Fa "int b"
	46	.Fc
	47	.Fd #define BN_GENCB_set_old(gencb, callback, cb_arg) ...
	48	.Fd #define BN_GENCB_set(gencb, callback, cb_arg) ...
	49	.Pp
	50	Deprecated:
	51	.Pp
	52	.Ft BIGNUM *
	53	.Fo BN_generate_prime
	54	.Fa "BIGNUM *ret"
	55	.Fa "int num"
	56	.Fa "int safe"
	57	.Fa "BIGNUM *add"
	58	.Fa "BIGNUM *rem"
	59	.Fa "void (callback)(int, int, void )"
	60	.Fa "void *cb_arg"
	61	.Fc
	62	.Ft int
	63	.Fo BN_is_prime
	64	.Fa "const BIGNUM *a"
	65	.Fa "int checks"
	66	.Fa "void (callback)(int, int, void )"
	67	.Fa "BN_CTX *ctx"
	68	.Fa "void *cb_arg"
	69	.Fc
	70	.Ft int
	71	.Fo BN_is_prime_fasttest
	72	.Fa "const BIGNUM *a"
	73	.Fa "int checks"
	74	.Fa "void (callback)(int, int, void )"
	75	.Fa "BN_CTX *ctx"
	76	.Fa "void *cb_arg"
	77	.Fa "int do_trial_division"
	78	.Fc
	79	.Sh DESCRIPTION
	80	.Fn BN_generate_prime_ex
	81	generates a pseudo-random prime number of bit length
	82	.Fa bits .
	83	If
	84	.Fa ret
	85	is not
	86	.Dv NULL ,
	87	it will be used to store the number.
	88	.Pp
	89	If
	90	.Fa cb
	91	is not
	92	.Dv NULL ,
	93	it is used as follows:
	94	.Bl -bullet
	95	.It
	96	.Fn BN_GENCB_call cb 0 i
	97	is called after generating the i-th potential prime number.
	98	.It
	99	While the number is being tested for primality,
	100	.Fn BN_GENCB_call cb 1 j
	101	is called as described below.
	102	.It
	103	When a prime has been found,
	104	.Fn BN_GENCB_call cb 2 i
	105	is called.
	106	.El
	107	.Pp
	108	The prime may have to fulfill additional requirements for use in
	109	Diffie-Hellman key exchange:
	110	.Pp
	111	If
	112	.Fa add
	113	is not
	114	.Dv NULL ,
	115	the prime will fulfill the condition p %
	116	.Fa add
	117	==
	118	.Fa rem
	119	(p %
	120	.Fa add
	121	== 1 if
	122	.Fa rem
	123	==
	124	.Dv NULL )
	125	in order to suit a given generator.
	126	.Pp
	127	If
	128	.Fa safe
	129	is true, it will be a safe prime (i.e. a prime p so that (p-1)/2
	130	is also prime).
	131	.Pp
	132	The prime number generation has a negligible error probability.
	133	.Pp
	134	.Fn BN_is_prime_ex
	135	and
	136	.Fn BN_is_prime_fasttest_ex
	137	test if the number
	138	.Fa p
	139	is prime.
	140	The following tests are performed until one of them shows that
	141	.Fa p
	142	is composite; if
	143	.Fa p
	144	passes all these tests, it is considered prime.
	145	.Pp
	146	.Fn BN_is_prime_fasttest_ex ,
	147	when called with
	148	.Fa do_trial_division
	149	== 1, first attempts trial division by a number of small primes;
	150	if no divisors are found by this test and
	151	.Fa cb
	152	is not
	153	.Dv NULL ,
	154	.Sy BN_GENCB_call(cb, 1, -1)
	155	is called.
	156	If
	157	.Fa do_trial_division
	158	== 0, this test is skipped.
	159	.Pp
	160	Both
	161	.Fn BN_is_prime_ex
	162	and
	163	.Fn BN_is_prime_fasttest_ex
	164	perform a Miller-Rabin probabilistic primality test with
	165	.Fa nchecks
	166	iterations.
	167	If
	168	.Fa nchecks
	169	==
	170	.Dv BN_prime_checks ,
	171	a number of iterations is used that yields a false positive rate of at
	172	most 2^-80 for random input.
	173	.Pp
	174	If
	175	.Fa cb
	176	is not
	177	.Dv NULL ,
	178	.Fa BN_GENCB_call cb 1 j
	179	is called after the j-th iteration (j = 0, 1, ...).
	180	.Fa ctx
	181	is a pre-allocated
	182	.Vt BN_CTX
	183	(to save the overhead of allocating and freeing the structure in a
	184	loop), or
	185	.Dv NULL .
	186	.Pp
	187	.Fn BN_GENCB_call
	188	calls the callback function held in the
	189	.Vt BN_GENCB
	190	structure and passes the ints
	191	.Fa a
	192	and
	193	.Fa b
	194	as arguments.
	195	There are two types of
	196	.Vt BN_GENCB
	197	structures that are supported: "new" style and "old" style.
	198	New programs should prefer the "new" style, whilst the "old" style is
	199	provided for backwards compatibility purposes.
	200	.Pp
	201	For "new" style callbacks a
	202	.Vt BN_GENCB
	203	structure should be initialised with a call to
	204	.Fn BN_GENCB_set ,
	205	where
	206	.Fa gencb
	207	is a
	208	.Vt BN_GENCB * ,
	209	.Fa callback
	210	is of type
	211	.Vt int (callback)(int, int, BN_GENCB )
	212	and
	213	.Fa cb_arg
	214	is a
	215	.Vt void * .
	216	"Old" style callbacks are the same except they are initialised with a
	217	call to
	218	.Fn BN_GENCB_set_old
	219	and
	220	.Fa callback
	221	is of type
	222	.Vt void (callback)(int, int, void ) .
	223	.Pp
	224	A callback is invoked through a call to
	225	.Fn BN_GENCB_call .
	226	This will check the type of the callback and will invoke
	227	.Fn callback a b gencb
	228	for new style callbacks or
	229	.Fn callback a b cb_arg
	230	for old style.
	231	.Pp
	232	.Fn BN_generate_prime
	233	(deprecated) works in the same way as
	234	.Fn BN_generate_prime_ex
	235	but expects an old style callback function directly in the
	236	.Fa callback
	237	parameter, and an argument to pass to it in the
	238	.Fa cb_arg .
	239	Similarly
	240	.Fn BN_is_prime
	241	and
	242	.Fn BN_is_prime_fasttest
	243	are deprecated and can be compared to
	244	.Fn BN_is_prime_ex
	245	and
	246	.Fn BN_is_prime_fasttest_ex
	247	respectively.
	248	.Sh RETURN VALUES
	249	.Fn BN_generate_prime_ex
	250	returns 1 on success or 0 on error.
	251	.Pp
	252	.Fn BN_is_prime_ex ,
	253	.Fn BN_is_prime_fasttest_ex ,
	254	.Fn BN_is_prime ,
	255	and
	256	.Fn BN_is_prime_fasttest
	257	return 0 if the number is composite, 1 if it is prime with an error
	258	probability of less than
	259	.Pf 0.25^ Fa nchecks ,
	260	and -1 on error.
	261	.Pp
	262	.Fn BN_generate_prime
	263	returns the prime number on success,
	264	.Dv NULL
	265	otherwise.
	266	.Pp
	267	Callback functions should return 1 on success or 0 on error.
	268	.Pp
	269	The error codes can be obtained by
	270	.Xr ERR_get_error 3 .
	271	.Sh SEE ALSO
	272	.Xr bn 3 ,
	273	.Xr ERR_get_error 3 ,
	274	.Xr rand 3
	275	.Sh HISTORY
	276	The
	277	.Fa cb_arg
	278	arguments to
	279	.Fn BN_generate_prime
	280	and to
	281	.Fn BN_is_prime
	282	were added in SSLeay 0.9.0.
	283	The
	284	.Fa ret
	285	argument to
	286	.Fn BN_generate_prime
	287	was added in SSLeay 0.9.1.
	288	.Fn BN_is_prime_fasttest
	289	was added in OpenSSL 0.9.5.