fipsSelfTest() // Random ECDSA is dangerous, because a failure of the RNG would immediately // leak the private key. Instead, we use a "hedged" approach, as specified // in draft-irtf-cfrg-det-sigs-with-noise-04, Section 4. This has also the // advantage of closely resembling Deterministic ECDSA. Z := make([]byte, len(priv.d)) if err := drbg.ReadWithReader(rand, Z); err != nil { return nil, err } // See https://github.com/cfrg/draft-irtf-cfrg-det-sigs-with-noise/issues/6 // for the FIPS compliance of this method....