DH_check: Emphasize the importance of return value check

author Tomas Mraz <tomas@openssl.org>

Tue, 3 Oct 2023 12:43:13 +0000 (14:43 +0200)

committer Tomas Mraz <tomas@openssl.org>

Thu, 5 Oct 2023 09:24:35 +0000 (11:24 +0200)
author Tomas Mraz <tomas@openssl.org>
Tue, 3 Oct 2023 12:43:13 +0000 (14:43 +0200)
committer Tomas Mraz <tomas@openssl.org>
Thu, 5 Oct 2023 09:24:35 +0000 (11:24 +0200)
diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod

index bbcfe24ae6b4d200d7c7a89178cadf769cb40b49..e677885597ae6a5a90522c1b5e6dd64769a26b30 100644 (file)
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -128,6 +128,10 @@ The parameter B<j> is invalid.
  
  =back
  
+If 0 is returned or B<*codes> is set to a nonzero value the supplied
+parameters should not be used for Diffie-Hellman operations otherwise
+the security properties of the key exchange are not guaranteed.
+
  DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to
  DH_check() and DH_check_params() respectively, but the error reasons are added
  to the thread's error queue instead of provided as return values from the
author	Tomas Mraz <tomas@openssl.org>
	Tue, 3 Oct 2023 12:43:13 +0000 (14:43 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 5 Oct 2023 09:24:35 +0000 (11:24 +0200)