From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 9 Jul 2024 07:17:05 +0000 (+0200)
Subject: Document that DH and DHX key types cannot be used together in KEX
X-Git-Tag: openssl-3.1.7~42
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9b178329734b96d170524bf82f1281dc9a0811c2;p=thirdparty%2Fopenssl.git

Document that DH and DHX key types cannot be used together in KEX

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/24819)

(cherry picked from commit 45611a8a8962c06e1d7ba0e5c00974da17e9c37a)
---

diff --git a/doc/man7/EVP_KEYEXCH-DH.pod b/doc/man7/EVP_KEYEXCH-DH.pod
index a6927afefb2..04ac08bce29 100644
--- a/doc/man7/EVP_KEYEXCH-DH.pod
+++ b/doc/man7/EVP_KEYEXCH-DH.pod
@@ -7,9 +7,14 @@ EVP_KEYEXCH-DH
 
 =head1 DESCRIPTION
 
-Key exchange support for the B<DH> key type.
+Key exchange support for the B<DH> and B<DHX> key types.
 
-=head2 DH key exchange parameters
+Please note that although both key types support the same key exchange
+operations, they cannot be used together in a single key exchange. It
+is not possible to use a private key of the B<DH> type in key exchange
+with the public key of B<DHX> type and vice versa.
+
+=head2 DH and DHX key exchange parameters
 
 =over 4