Allow the ca application to use EdDSA

Using the ca application to sign certificates with EdDSA failed because it is not possible to set the digest to "null". This adds the capability and updates the documentation accordingly. Fixes #6201 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6286)
author: Matt Caswell <matt@openssl.org> 2018-05-17 16:24:29 +0100
committer: Matt Caswell <matt@openssl.org> 2018-05-18 10:14:29 +0100
commit: f3021aca4a154c2ff9bd0030f7974eb6a719550d (patch)
tree: 357805e6c31ea2d2035c7e119ae52c214e336c7f /apps
parent: 8a59c08583424d59ac30c1261eedff40d653f8b0 (diff)
1 files changed, 13 insertions, 9 deletions
diff --git a/apps/ca.c b/apps/ca.c
index afc5e349b4..60c8f6c373 100644
--- a/apps/ca.c
+++ b/apps/ca.c
@@ -735,17 +735,21 @@ end_of_options:
     if (md == NULL && (md = lookup_conf(conf, section, ENV_DEFAULT_MD)) == NULL)
         goto end;
 
-    if (strcmp(md, "default") == 0) {
-        int def_nid;
-        if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
-            BIO_puts(bio_err, "no default digest\n");
-            goto end;
+    if (strcmp(md, "null") == 0) {
+        dgst = EVP_md_null();
+    } else {
+        if (strcmp(md, "default") == 0) {
+            int def_nid;
+            if (EVP_PKEY_get_default_digest_nid(pkey, &def_nid) <= 0) {
+                BIO_puts(bio_err, "no default digest\n");
+                goto end;
+            }
+            md = (char *)OBJ_nid2sn(def_nid);
         }
-        md = (char *)OBJ_nid2sn(def_nid);
-    }
 
-    if (!opt_md(md, &dgst)) {
-        goto end;
+        if (!opt_md(md, &dgst)) {
+            goto end;
+        }
     }
 
     if (req) {
author	Matt Caswell <matt@openssl.org>	2018-05-17 16:24:29 +0100
committer	Matt Caswell <matt@openssl.org>	2018-05-18 10:14:29 +0100
commit	f3021aca4a154c2ff9bd0030f7974eb6a719550d (patch)
tree	357805e6c31ea2d2035c7e119ae52c214e336c7f /apps
parent	8a59c08583424d59ac30c1261eedff40d653f8b0 (diff)