diff options
author | Tomas Mraz <tomas@openssl.org> | 2024-04-05 16:31:05 +0200 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-10 09:29:56 +0200 |
commit | 249a7135d0c91f0aa7051e5a066731fafe387e1a (patch) | |
tree | e7c9f0e514de7e3cf953e44e4135a74730997f20 | |
parent | 5309311a79df6550043a73286f80fa8f63c5fd81 (diff) |
Document that private and pairwise checks are not bounded by key size
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/24049)
(cherry picked from commit 27005cecc75ec7a22a673d57fc35a11dea30ac0a)
-rw-r--r-- | doc/man3/EVP_PKEY_check.pod | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/man3/EVP_PKEY_check.pod b/doc/man3/EVP_PKEY_check.pod index 485d350529..47c57e7971 100644 --- a/doc/man3/EVP_PKEY_check.pod +++ b/doc/man3/EVP_PKEY_check.pod @@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke generation method, but may be required for assurance purposes when receiving keys from a third party. +The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded +by any key size limits as private keys are not expected to be supplied by +attackers. For that reason they might take an unbounded time if run on +arbitrarily large keys. + =head1 RETURN VALUES All functions return 1 for success or others for failure. |