What does cb_arg in old versions of OpenSSL mean?

Question

I installed archaic OpenSSL_0_9_6-beta3 version of OpenSSL. The function RSA_generate_key is defined in there as follows:

RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg)

This is my test code:

#include <openssl/rsa.h>

int main(){

    unsigned long   e = RSA_F4;

    RSA *r = RSA_generate_key(512, e, NULL, NULL);
    const BIGNUM *n = r->n;
    BN_print_fp(stdout, n);
    RSA_free(r);

    return  0;
}

When I run it, it just loops forever. When run under Valgrind I can see why:

Conditional jump or move depends on uninitialized value(s)

I guess that is because I don't understand what the function signature really means and I am passing incorrect parameters into it - there have been problems with methods looping when being fed incorrect parameters since forever in OpenSSL. That is why I came here to ask you if you understand the function signature, because I can't find any guides on the internet.

Answer 1

What does cb_arg in old versions of OpenSSL mean?
RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg)

Its a function callback. It allows you to implement a progress bar during RSA key generation because the operation can take a long time.

RSA_generate_key is deprecated. You should use RSA_generate_key_ex instead.

Also see How to generate RSA private key using openssl? on Stack Overflow, RSA_generate_key man page and RSA_generate_key_ex man page.

---

Conditional jump or move depends on uninitialized value(s)

You should provide the context of the finding. Also, be sure to compile OpenSSL and your program with -O1. If optimizations are too high, then Valgrind generates false positives. Also see The Valgrind Quick Start Guide.