diff options
| author | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-02 07:05:15 +0000 |
|---|---|---|
| committer | Theo Buehler <tb@cvs.openbsd.org> | 2023-07-02 07:05:15 +0000 |
| commit | db455c938c36fe1ea232a658e5b5c22a92453551 (patch) | |
| tree | e9e806cdfce4f4a02f2b9797048858a04fce4de5 /usr.bin/openssl | |
| parent | 3af73549c3e3516405c88224ccdfa8f659700d1c (diff) | |
Teach openssl req about EdDSA certs
After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.
ok beck
Diffstat (limited to 'usr.bin/openssl')
| -rw-r--r-- | usr.bin/openssl/req.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/openssl/req.c b/usr.bin/openssl/req.c index 0994d0b288e..b75ba92f743 100644 --- a/usr.bin/openssl/req.c +++ b/usr.bin/openssl/req.c @@ -1,4 +1,4 @@ -/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */ +/* $OpenBSD: req.c,v 1.28 2023/07/02 07:05:14 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1736,8 +1736,15 @@ do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey, const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts) { EVP_PKEY_CTX *pkctx = NULL; + int default_nid; int i; + if (EVP_PKEY_get_default_digest_nid(pkey, &default_nid) == 2 && + default_nid == NID_undef) { + /* The digest is required to be EVP_md_null() (EdDSA). */ + md = EVP_md_null(); + } + if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey)) return 0; for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) { |