Document that private and pairwise checks are not bounded by key size

[openssl.git] / doc / man3 / EVP_PKEY_check.pod

diff --git a/doc/man3/EVP_PKEY_check.pod b/doc/man3/EVP_PKEY_check.pod
index 485d350529ee0efdf6231344b19451bc069fcd9d..47c57e7971eab49e60ab97e607af312b45e5d9f5 100644 (file)
--- a/doc/man3/EVP_PKEY_check.pod
+++ b/doc/man3/EVP_PKEY_check.pod
@@ -61,6 +61,11 @@ It is not necessary to call these functions after locally calling an approved ke
 generation method, but may be required for assurance purposes when receiving
 keys from a third party.
 
+The EVP_PKEY_pairwise_check() and EVP_PKEY_private_check() might not be bounded
+by any key size limits as private keys are not expected to be supplied by
+attackers. For that reason they might take an unbounded time if run on
+arbitrarily large keys.
+
 =head1 RETURN VALUES
 
 All functions return 1 for success or others for failure.