From: Pauli <ppzgs1@gmail.com>
Date: Mon, 24 Feb 2025 04:20:34 +0000 (+1100)
Subject: doc: document that the FIPS provider doesn't support deterministic ECDSA sigs
X-Git-Tag: openssl-3.5.0-alpha1~90
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=53c54b13acdf0f0725fdd0b0eace82a723cc3647;p=thirdparty%2Fopenssl.git

doc: document that the FIPS provider doesn't support deterministic ECDSA sigs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26880)
---

diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod
index ce6efa2cc2d..904b15815bb 100644
--- a/doc/man7/provider-signature.pod
+++ b/doc/man7/provider-signature.pod
@@ -485,6 +485,8 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
+The FIPS provider does not support deterministic digital signature generation.
+
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
 Sets a flag to modify the sign operation to return an error if the initial