diff options
author | James Muir <james@openssl.org> | 2024-01-09 22:38:43 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-01-11 10:15:03 +0100 |
commit | ff7b32e1d7af590eab3163f0c6be7792876c36bc (patch) | |
tree | 4aa8657dafee999a23eb4b588832c47e309f16f8 | |
parent | 0a40b23cb86d41b27aea67c648e35cd420d39674 (diff) |
doc: "digest" must be explicitly set with deterministic ECDSA/DSA
Fixes #23205
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23250)
-rw-r--r-- | doc/man7/provider-signature.pod | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/doc/man7/provider-signature.pod b/doc/man7/provider-signature.pod index 3e900677d3..38d3320d18 100644 --- a/doc/man7/provider-signature.pod +++ b/doc/man7/provider-signature.pod @@ -365,12 +365,15 @@ signature algorithm and digest algorithm for the signature operation. =item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer> -Set this to 1 to use a deterministic ECDSA or DSA digital signature as -defined in RFC #6979 (See Section 3.2 "Generation of k"). -The default value of 0 uses a random value for the nonce B<k> as defined in -FIPS 186-4 Section 6.3 "Secret Number Generation". -Before using deterministic digital signature please read -RFC #6979 Section 4 "Security Considerations". +Set this to 1 to use deterministic digital signature generation with +ECDSA or DSA, as defined in RFC 6979 (see Section 3.2 "Generation of +k"). In this case, the "digest" parameter must be explicitly set +(otherwise, deterministic nonce generation will fail). Before using +deterministic digital signature generation, please read RFC 6979 +Section 4 "Security Considerations". The default value for +"nonce-type" is 0 and results in a random value being used for the +nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number +Generation". =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer> |