Ignore the digest in req app if using EdDSA

This follows on from the previous commit, and makes the same change to ignore the digest if we are using EdDSA. Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6901)
author: Matt Caswell <matt@openssl.org> 2018-08-09 16:01:20 +0100
committer: Matt Caswell <matt@openssl.org> 2018-08-22 16:35:54 +0100
commit: f112dc82a44729d3f7c853c01047f6bfeb8f90ce (patch)
tree: c91e23fd51d06e676a2a8b7fc190e4a19341e87a /apps/req.c
parent: aabbc24e424382bb44ed6f88a134e50c2ef6d897 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/apps/req.c b/apps/req.c
index 48f3a3ab98..08a1468ef4 100644
--- a/apps/req.c
+++ b/apps/req.c
@@ -1601,10 +1601,19 @@ static int do_sign_init(EVP_MD_CTX *ctx, EVP_PKEY *pkey,
                         const EVP_MD *md, STACK_OF(OPENSSL_STRING) *sigopts)
 {
     EVP_PKEY_CTX *pkctx = NULL;
-    int i;
+    int i, def_nid;
 
     if (ctx == NULL)
         return 0;
+    /*
+     * EVP_PKEY_get_default_digest_nid() returns 2 if the digest is mandatory
+     * for this algorithm.
+     */
+    if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) == 2
+            && def_nid == NID_undef) {
+        /* The signing algorithm requires there to be no digest */
+        md = NULL;
+    }
     if (!EVP_DigestSignInit(ctx, &pkctx, md, NULL, pkey))
         return 0;
     for (i = 0; i < sk_OPENSSL_STRING_num(sigopts); i++) {
author	Matt Caswell <matt@openssl.org>	2018-08-09 16:01:20 +0100
committer	Matt Caswell <matt@openssl.org>	2018-08-22 16:35:54 +0100
commit	f112dc82a44729d3f7c853c01047f6bfeb8f90ce (patch)
tree	c91e23fd51d06e676a2a8b7fc190e4a19341e87a /apps/req.c
parent	aabbc24e424382bb44ed6f88a134e50c2ef6d897 (diff)