crmf_lib.c: Make sure Ed signature for POPO is called without digest

Fixes #18184

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18230)

1 files changed, 6 insertions, 0 deletions

diff --git a/crypto/crmf/crmf_lib.c b/crypto/crmf/crmf_lib.c
index ea1e2dda09..11351e33d1 100644
--- a/crypto/crmf/crmf_lib.c
+++ b/crypto/crmf/crmf_lib.c
@@ -369,6 +369,8 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
                                  EVP_PKEY *pkey, const EVP_MD *digest,
                                  OSSL_LIB_CTX *libctx, const char *propq)
 {
+    char name[80] = "";
+
     if (ps == NULL || cr == NULL || pkey == NULL) {
         ERR_raise(ERR_LIB_CRMF, CRMF_R_NULL_ARGUMENT);
         return 0;
@@ -379,6 +381,10 @@ static int create_popo_signature(OSSL_CRMF_POPOSIGNINGKEY *ps,
         return 0;
     }
 
+    if (EVP_PKEY_get_default_digest_name(pkey, name, sizeof(name)) > 0
+            && strcmp(name, "UNDEF") == 0) /* at least for Ed25519, Ed448 */
+        digest = NULL;
+
     return ASN1_item_sign_ex(ASN1_ITEM_rptr(OSSL_CRMF_CERTREQUEST),
                              ps->algorithmIdentifier, NULL, ps->signature, cr,
                              NULL, pkey, digest, libctx, propq);