On Fri, Jan 31, 2003 at 08:12:41AM +0100, Cameron Gregory via RT wrote: > for num < 15 .. always get the same result.. and it's larger than > expected...
Reason: The internal OpenSSL function 'probable_prime' (in crypto/bn/bn_prime.c) uses a built-in list of small primes for sieving out candidate random numbers that cannot be prime. But the test does not correctly the handle the special case that the candidate *is* one of small primes in the list -- they will be falsely rejected. Generally the design cannot handle generation of *short* primes well, the desired bit-length is actually treated as a lower limit: if a candidate is rejected, some delta will be added to obtain a new candidate. For very short numbers, this addition is likely to increase the bit-length of the candidate. (Your code requests safe primes, so it is in general impossible to exactly meet the requested bit-length -- there is a two-bit prime, namely 3, but it is not a safe prime.) -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
