From 1c37b7116876e1b0105564593ee03e36ae0a194e Mon Sep 17 00:00:00 2001
From: tb <>
Date: Sun, 2 Jul 2023 07:05:14 +0000
Subject: Teach openssl req about EdDSA certs

After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.

ok beck
---
 src/usr.bin/openssl/req.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

(limited to 'src/usr.bin/openssl/req.c')

diff --git a/src/usr.bin/openssl/req.c b/src/usr.bin/openssl/req.c
index 0994d0b288..b75ba92f74 100644
--- a/src/usr.bin/openssl/req.c
+++ b/src/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: req.c,v 1.28 2023/07/02 07:05:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1736,8 +1736,15 @@ do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey,
     const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts)
 {
 	EVP_PKEY_CTX *pkctx = NULL;
+	int default_nid;
 	int i;
 
+	if (EVP_PKEY_get_default_digest_nid(pkey, &default_nid) == 2 &&
+	    default_nid == NID_undef) {
+		/* The digest is required to be EVP_md_null() (EdDSA). */
+		md = EVP_md_null();
+	}
+
 	if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
 		return 0;
 	for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
-- 
cgit v1.2.3-55-g6feb