Document that private and pairwise checks are not bounded by key size

Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/24049)
2024-04-05 16:31:05 +02:00 · 2024-04-05 16:31:05 +02:00 · 27005cecc7
parent 9fc61ba0a7
commit 27005cecc7
1 changed files with 5 additions and 0 deletions
--- a/doc/man3/EVP_PKEY_check.pod
+++ b/doc/man3/EVP_PKEY_check.pod
@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke
 generation method, but may be required for assurance purposes when receiving
 keys from a third party.

+The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded
+by any key size limits as private keys are not expected to be supplied by
+attackers. For that reason they might take an unbounded time if run on
+arbitrarily large keys.
+
 =head1 RETURN VALUES

 All functions return 1 for success or others for failure.