*Ralf S. Engelschall*
* Incorporated the popular no-RSA/DSA-only patches
- which allow to compile a RSA-free SSLeay.
+ which allow to compile an RSA-free SSLeay.
*Andrew Cooke / Interrader Ldt., Ralf S. Engelschall*
void ossl_rsa_multip_info_free(RSA_PRIME_INFO *pinfo)
{
- /* free a RSA_PRIME_INFO structure */
+ /* free an RSA_PRIME_INFO structure */
BN_clear_free(pinfo->r);
BN_clear_free(pinfo->d);
BN_clear_free(pinfo->t);
{
RSA_PRIME_INFO *pinfo;
- /* create a RSA_PRIME_INFO structure */
+ /* create an RSA_PRIME_INFO structure */
if ((pinfo = OPENSSL_zalloc(sizeof(RSA_PRIME_INFO))) == NULL)
return NULL;
if ((pinfo->r = BN_secure_new()) == NULL)
}
/*
- * Store a RSA public or private key to a file using PEM encoding.
+ * Store an RSA public or private key to a file using PEM encoding.
*
* If a passphrase is supplied, the file is encrypted, otherwise
* it is unencrypted.
need to create a private key.
Private keys are generated with 'openssl genrsa -out privkey.pem' if
-you want a RSA private key, or if you want a DSA private key:
+you want an RSA private key, or if you want a DSA private key:
'openssl dsaparam -out dsaparam.pem 2048; openssl gendsa -out privkey.pem dsaparam.pem'.
The private keys created by these commands are not passphrase protected;
RSA and DSA, and this HOWTO will show how to generate each of them.
-2. To generate a RSA key
+2. To generate an RSA key
-A RSA key can be used both for encryption and for signing.
+An RSA key can be used both for encryption and for signing.
Generating a key for the RSA algorithm is quite easy, all you have to
do is the following:
ADH ciphers don't need a certificate, but DH-parameters must have been set.
All other ciphers need a corresponding certificate and key.
-A RSA cipher can only be chosen, when a RSA certificate is available.
+An RSA cipher can only be chosen, when an RSA certificate is available.
RSA ciphers using DHE need a certificate and key and additional DH-parameters
(see L<SSL_CTX_set_tmp_dh_callback(3)>).
SSL_CTX_check_private_key() checks the consistency of a private key with
the corresponding certificate loaded into B<ctx>. If more than one
key/certificate pair (RSA/DSA) is installed, the last item installed will
-be checked. If e.g. the last item was a RSA certificate or key, the RSA
+be checked. If e.g. the last item was an RSA certificate or key, the RSA
key/certificate pair will be checked. SSL_check_private_key() performs
the same check for B<ssl>. If no key/certificate was explicitly added for
this B<ssl>, the last item added into B<ctx> will be checked.
If more than one certificate (RSA/DSA) is installed using
SSL_CTX_use_certificate(), the serverinfo extension will be loaded into the
-last certificate installed. If e.g. the last item was a RSA certificate, the
+last certificate installed. If e.g. the last item was an RSA certificate, the
loaded serverinfo extension data will be loaded for that certificate. To
use the serverinfo extension for multiple certificates,
SSL_CTX_use_serverinfo() needs to be called multiple times, once B<after>
while (dup_pk == NULL) {
ret = 0;
km = km3;
- /* Check that we can't export an RSA key into a RSA-PSS keymanager */
+ /* Check that we can't export an RSA key into an RSA-PSS keymanager */
if (!TEST_ptr_null(provkey2 = evp_pkey_export_to_provider(pk, NULL,
&km,
NULL)))
* Now we want to test that our output data was vaguely sensible. We
* do that by using strtok and confirming that we have more or less the
* data we expect. For both client and server, we expect to see one master
- * secret. The client should also see a RSA key exchange.
+ * secret. The client should also see an RSA key exchange.
*/
expected.rsa_key_exchange_count = 1;
expected.master_secret_count = 1;