endecode_test.c: Add warning that 512-bit DH key size is for testing only

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13568)
2025-03-31 20:10:45 +08:00 · 2020-11-29 12:46:12 +01:00 · 2020-11-29 12:46:12 +01:00 · 1234aa7e41
commit 1234aa7e41
parent 20f8bc7255
1 changed files with 4 additions and 1 deletions
--- a/test/endecode_test.c
+++ b/test/endecode_test.c
@ -46,7 +46,10 @@ static EVP_PKEY *make_template(const char *type, OSSL_PARAM *genparams)
    EVP_PKEY_CTX *ctx = NULL;

 #ifndef OPENSSL_NO_DH
-    /* use DH(X) keys with predetermined parameters for efficiency */
+    /*
+     * Use 512-bit DH(X) keys with predetermined parameters for efficiency,
+     * for testing only. Use a minimum key size of 2048 for security purposes.
+     */
    if (strcmp(type, "DH") == 0)
        return get_dh512(NULL);
    if (strcmp(type, "X9.42 DH") == 0)