for all the RNG in Keras. We plan to switch on the new code path by
        default in tf 2.8, and the behavior change will likely to cause some
        breakage on user side (eg if the test is checking against some golden
        number). These 3 APIs will allow user to disable and switch back to
        legacy behavior if they prefer. In future (eg TF 2.10), we expect to

= p - q diff.ExpandFor(p).Sub(qP, p) } // A tiny bit of leakage is acceptable because it's not adaptive, an // attacker only learns the magnitude of p - q. if diff.BitLenVarTime() <= N.BitLen()/2-100 { return errors.New("crypto/rsa: |p - q| too small") } // Check that d > 2^(nlen/2). // // See section 3 of https://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf // for more details about attacks on small d values. // // Likewise, the leakage of the magnitude of d is not adaptive. if priv.d.BitLenVarTime()...

= p - q diff.ExpandFor(p).Sub(qP, p) } // A tiny bit of leakage is acceptable because it's not adaptive, an // attacker only learns the magnitude of p - q. if diff.BitLenVarTime() <= N.BitLen()/2-100 { return errors.New("crypto/rsa: |p - q| too small") } // Check that d > 2^(nlen/2). // // See section 3 of https://crypto.stanford.edu/~dabo/papers/RSA-survey.pdf // for more details about attacks on small d values. // // Likewise, the leakage of the magnitude of d is not adaptive. if priv.d.BitLenVarTime()...