On Wed, Apr 17, 2013, Ken Goldman wrote:

> On 4/10/2013 5:14 PM, Dr. Stephen Henson wrote:
> >>
> >>Does openssl have any elegant way to cancel an RSA key generation
> >>that's taking too long?
> >
> >At the EVP_PKEY level you can return 0 from the key generation callback to
> >cancel the operation. See EVP_PKEY_set_cb().
> 
> Thanks as always.  But where can I 'see' it?
> 
> I checked the openssl docs, the http://www.openssl.org/docs/crypto/
> which often lists unlinked commands, and googled.  No references.
> 
> I did find one uncommented sample under EVP_PKEY_keygen, but it
> didn't say when it's called, what the parameters are, or what to
> return.
> 

It is mentioned in the EVP_PKEY_keygen manual page:

http://www.openssl.org/docs/crypto/EVP_PKEY_keygen.html

Specifically:

"The function EVP_PKEY_set_cb() sets the key or parameter generation callback
to cb. The function EVP_PKEY_CTX_get_cb() returns the key or parameter
generation callback.

The function EVP_PKEY_CTX_get_keygen_info() returns parameters associated with
the generation operation. If idx is -1 the total number of parameters
available is returned. Any non negative value returns the value of that
parameter. EVP_PKEY_CTX_gen_keygen_info() with a non-negative value for idx
should only be called within the generation callback.

If the callback returns 0 then the key genration operation is aborted and an
error occurs. This might occur during a time consuming operation where a user
clicks on a ``cancel'' button.

The functions EVP_PKEY_CTX_set_app_data() and EVP_PKEY_CTX_get_app_data() set
and retrieve an opaque pointer. This can be used to set some application
defined value which can be retrieved in the callback: for example a handle
which is used to update a ``progress dialog''."

It unfortunately doesn't include a reference to the function parameters of the
callback (i.e. the type EVP_PKEY_gen_cb) but there is an example at the
bottom of the page.

If you're just interested in cancelling the operation you just return 1 or 0
from the callback.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to