From: Dimitri John Ledkov <dimitri.ledkov@surgut.co.uk>
Date: Mon, 11 Aug 2025 13:18:53 +0000 (+0100)
Subject: fips: update provider-signature docs for DetECDSA
X-Git-Tag: openssl-3.6.0-alpha1~80
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9346a88a8fde6544b57df42a5f876eaa1356680a;p=thirdparty%2Fopenssl.git

fips: update provider-signature docs for DetECDSA

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28213)
---

diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod
index 61202b52364..f330e2d2ef3 100644
--- a/doc/man7/provider-signature.pod
+++ b/doc/man7/provider-signature.pod
@@ -501,7 +501,11 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
-The FIPS provider does not support deterministic digital signature generation.
+The FIPS provider does not support deterministic digital signature generation
+for DSA.
+
+The FIPS provider supports determinisitic digital signature generation for
+ECDSA.
 
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
@@ -633,8 +637,12 @@ L<EVP_SIGNATURE_is_a(3)>, L<ASN1_item_sign_ctx(3)>
 =head1 HISTORY
 
 The provider SIGNATURE interface was introduced in OpenSSL 3.0.
-The Signature Parameters "fips-indicator", "key-check" and "digest-check"
-were added in OpenSSL 3.4.
+
+The Signature Parameters "fips-indicator", "key-check" and "digest-check" were added in
+OpenSSL 3.4.
+
+Deterministic digital signature generation for ECDSA was added to the FIPS provider in OpenSSL
+3.6.
 
 =head1 COPYRIGHT