From d348a60a32161f336abe40dc404c3c6429ab5f9b Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 2 Jul 2023 07:05:14 +0000
Subject: [PATCH] Teach openssl req about EdDSA certs

After a few things in libcrypto were adjusted, this diff makes issuing
certificate requests with Ed25519 work.

ok beck
---
 usr.bin/openssl/req.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/usr.bin/openssl/req.c b/usr.bin/openssl/req.c
index 0994d0b288e..b75ba92f743 100644
--- a/usr.bin/openssl/req.c
+++ b/usr.bin/openssl/req.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: req.c,v 1.27 2023/03/06 14:32:06 tb Exp $ */
+/* $OpenBSD: req.c,v 1.28 2023/07/02 07:05:14 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1736,8 +1736,15 @@ do_sign_init(BIO * err, EVP_MD_CTX * ctx, EVP_PKEY * pkey,
     const EVP_MD * md, STACK_OF(OPENSSL_STRING) * sigopts)
 {
 	EVP_PKEY_CTX *pkctx = NULL;
+	int default_nid;
 	int i;
 
+	if (EVP_PKEY_get_default_digest_nid(pkey, &default_nid) == 2 &&
+	    default_nid == NID_undef) {
+		/* The digest is required to be EVP_md_null() (EdDSA). */
+		md = EVP_md_null();
+	}
+
 	if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
 		return 0;
 	for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
-- 
2.20.1