From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 3 Oct 2023 12:43:13 +0000 (+0200)
Subject: DH_check: Emphasize the importance of return value check
X-Git-Tag: openssl-3.2.0-beta1~122
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f7b80136a3df4396b19ebb86d4814d8cefe6d6db;p=thirdparty%2Fopenssl.git

DH_check: Emphasize the importance of return value check

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22262)
---

diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod
index bbcfe24ae6b..e677885597a 100644
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -128,6 +128,10 @@ The parameter B<j> is invalid.
 
 =back
 
+If 0 is returned or B<*codes> is set to a nonzero value the supplied
+parameters should not be used for Diffie-Hellman operations otherwise
+the security properties of the key exchange are not guaranteed.
+
 DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to
 DH_check() and DH_check_params() respectively, but the error reasons are added
 to the thread's error queue instead of provided as return values from the