From: Pauli <ppzgs1@gmail.com>
Date: Mon, 24 Feb 2025 04:20:34 +0000 (+1100)
Subject: doc: document that the FIPS provider doesn't support deterministic ECDSA sigs
X-Git-Tag: openssl-3.3.4~158
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=475343cfaca8bf640829377eee6363e863f3e37e;p=thirdparty%2Fopenssl.git

doc: document that the FIPS provider doesn't support deterministic ECDSA sigs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26880)

(cherry picked from commit 53c54b13acdf0f0725fdd0b0eace82a723cc3647)
---

diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod
index b26b8b6a5b4..b5b8f54ab86 100644
--- a/doc/man7/provider-signature.pod
+++ b/doc/man7/provider-signature.pod
@@ -375,6 +375,8 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
+The FIPS provider does not support deterministic digital signature generation.
+
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
 Sets a flag to modify the sign operation to return an error if the initial