From: Dr. David von Oheimb <David.von.Oheimb@siemens.com>
Date: Sun, 29 Nov 2020 11:46:12 +0000 (+0100)
Subject: endecode_test.c: Add warning that 512-bit DH key size is for testing only
X-Git-Tag: openssl-3.0.0-alpha10~218
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1234aa7e415e1e239eb1c4504578ab59d90763ea;p=thirdparty%2Fopenssl.git

endecode_test.c: Add warning that 512-bit DH key size is for testing only

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
---

diff --git a/test/endecode_test.c b/test/endecode_test.c
index e8cdd611e6f..d7edd350a18 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -46,7 +46,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
     EVP_PKEY_CTX *ctx = NULL;
 
 #ifndef OPENSSL_NO_DH
-    /* use DH(X) keys with predetermined parameters for efficiency */
+    /*
+     * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
+     * for testing only. Use a minimum key size of 2048 for security purposes.
+     */
     if (strcmp(type, "DH") == 0)
         return get_dh512(NULL);
     if (strcmp(type, "X9.42 DH") == 0)