diff options
author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-11-29 12:46:12 +0100 |
---|---|---|
committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-12-01 07:49:38 +0100 |
commit | 1234aa7e415e1e239eb1c4504578ab59d90763ea (patch) | |
tree | 8bfe1de97336ffbef2893fdfd35b20ba7eaf9bf9 /test/endecode_test.c | |
parent | 20f8bc72552932393023f5bc5b436cc40cdd1348 (diff) |
endecode_test.c: Add warning that 512-bit DH key size is for testing only
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
Diffstat (limited to 'test/endecode_test.c')
-rw-r--r-- | test/endecode_test.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/test/endecode_test.c b/test/endecode_test.c index e8cdd611e6..d7edd350a1 100644 --- a/test/endecode_test.c +++ b/test/endecode_test.c @@ -46,7 +46,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams) EVP_PKEY_CTX *ctx = NULL; #ifndef OPENSSL_NO_DH - /* use DH(X) keys with predetermined parameters for efficiency */ + /* + * Use 512-bit DH(X) keys with predetermined parameters for efficiency, + * for testing only. Use a minimum key size of 2048 for security purposes. + */ if (strcmp(type, "DH") == 0) return get_dh512(NULL); if (strcmp(type, "X9.42 DH") == 0) |