DH_check: Emphasize the importance of return value check

Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22262)
author: Tomas Mraz <tomas@openssl.org> 2023-10-03 14:43:13 +0200
committer: Tomas Mraz <tomas@openssl.org> 2023-10-05 11:24:35 +0200
commit: f7b80136a3df4396b19ebb86d4814d8cefe6d6db (patch)
tree: 16c921ad606f908624833bf9198d244463b61a9d
parent: e8e2b131ca253f9e28c511c8294e27ddbd0b60c6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/man3/DH_generate_parameters.pod b/doc/man3/DH_generate_parameters.pod
index bbcfe24ae6..e677885597 100644
--- a/doc/man3/DH_generate_parameters.pod
+++ b/doc/man3/DH_generate_parameters.pod
@@ -128,6 +128,10 @@ The parameter B<j> is invalid.
 
 =back
 
+If 0 is returned or B<*codes> is set to a nonzero value the supplied
+parameters should not be used for Diffie-Hellman operations otherwise
+the security properties of the key exchange are not guaranteed.
+
 DH_check_ex(), DH_check_params() and DH_check_pub_key_ex() are similar to
 DH_check() and DH_check_params() respectively, but the error reasons are added
 to the thread's error queue instead of provided as return values from the
author	Tomas Mraz <tomas@openssl.org>	2023-10-03 14:43:13 +0200
committer	Tomas Mraz <tomas@openssl.org>	2023-10-05 11:24:35 +0200
commit	f7b80136a3df4396b19ebb86d4814d8cefe6d6db (patch)
tree	16c921ad606f908624833bf9198d244463b61a9d
parent	e8e2b131ca253f9e28c511c8294e27ddbd0b60c6 (diff)