Document that private and pairwise checks are not bounded by key size

author Tomas Mraz <tomas@openssl.org>

Fri, 5 Apr 2024 14:31:05 +0000 (16:31 +0200)

committer Tomas Mraz <tomas@openssl.org>

Wed, 10 Apr 2024 07:31:07 +0000 (09:31 +0200)
author Tomas Mraz <tomas@openssl.org>
Fri, 5 Apr 2024 14:31:05 +0000 (16:31 +0200)
committer Tomas Mraz <tomas@openssl.org>
Wed, 10 Apr 2024 07:31:07 +0000 (09:31 +0200)
diff --git a/doc/man3/EVP_PKEY_check.pod b/doc/man3/EVP_PKEY_check.pod

index a16fdbbd508f04663a00204f22fa86d61c64c3f3..198a0923c5f98861a972a2d36b3b565c38cc7d5b 100644 (file)
--- a/doc/man3/EVP_PKEY_check.pod
+++ b/doc/man3/EVP_PKEY_check.pod
@@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke
  generation method, but may be required for assurance purposes when receiving
  keys from a third party.
  
+The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded
+by any key size limits as private keys are not expected to be supplied by
+attackers. For that reason they might take an unbounded time if run on
+arbitrarily large keys.
+
  =head1 RETURN VALUES
  
  All functions return 1 for success or others for failure.
author	Tomas Mraz <tomas@openssl.org>
	Fri, 5 Apr 2024 14:31:05 +0000 (16:31 +0200)
committer	Tomas Mraz <tomas@openssl.org>
	Wed, 10 Apr 2024 07:31:07 +0000 (09:31 +0200)