From 1234aa7e415e1e239eb1c4504578ab59d90763ea Mon Sep 17 00:00:00 2001
From: "Dr. David von Oheimb" <David.von.Oheimb@siemens.com>
Date: Sun, 29 Nov 2020 12:46:12 +0100
Subject: endecode_test.c: Add warning that 512-bit DH key size is for testing
 only

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13568)
---
 test/endecode_test.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'test/endecode_test.c')

diff --git a/test/endecode_test.c b/test/endecode_test.c
index e8cdd611e6..d7edd350a1 100644
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@@ -46,7 +46,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
     EVP_PKEY_CTX *ctx = NULL;
 
 #ifndef OPENSSL_NO_DH
-    /* use DH(X) keys with predetermined parameters for efficiency */
+    /*
+     * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
+     * for testing only. Use a minimum key size of 2048 for security purposes.
+     */
     if (strcmp(type, "DH") == 0)
         return get_dh512(NULL);
     if (strcmp(type, "X9.42 DH") == 0)
-- 
cgit v1.2.3