]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 20f8bc7)
endecode_test.c: Add warning that 512-bit DH key size is for testing only
authorDr. David von Oheimb <David.von.Oheimb@siemens.com>
Sun, 29 Nov 2020 11:46:12 +0000 (12:46 +0100)
committerDr. David von Oheimb <David.von.Oheimb@siemens.com>
Tue, 1 Dec 2020 06:49:38 +0000 (07:49 +0100)
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)

test/endecode_test.c patch | blob | blame | history

diff --git a/test/endecode_test.c b/test/endecode_test.c
index e8cdd611e6f184c2ba7e3de7033f93c5ea28c2a7..d7edd350a189437631df5abf5762a63208a4ee0e 100644 (file)
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -46,7 +46,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
     EVP_PKEY_CTX *ctx = NULL;
 
 #ifndef OPENSSL_NO_DH
-    /* use DH(X) keys with predetermined parameters for efficiency */
+    /*
+     * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
+     * for testing only. Use a minimum key size of 2048 for security purposes.
+     */
     if (strcmp(type, "DH") == 0)
         return get_dh512(NULL);
     if (strcmp(type, "X9.42 DH") == 0)
Mirror of https://github.com/openssl/openssl.git