From 0b13238052a5ec5a8bd9af468657556c0ec66bdc Mon Sep 17 00:00:00 2001
From: Pauli <ppzgs1@gmail.com>
Date: Mon, 24 Feb 2025 15:20:34 +1100
Subject: [PATCH] doc: document that the FIPS provider doesn't support
 deterministic ECDSA sigs

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26880)

(cherry picked from commit 53c54b13acdf0f0725fdd0b0eace82a723cc3647)
---
 doc/man7/provider-signature.pod | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod
index ce6efa2cc2d..904b15815bb 100644
--- a/doc/man7/provider-signature.pod
+++ b/doc/man7/provider-signature.pod
@@ -485,6 +485,8 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
+The FIPS provider does not support deterministic digital signature generation.
+
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
 Sets a flag to modify the sign operation to return an error if the initial
-- 
2.47.2