From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001

From: "djm@openbsd.org" <djm@openbsd.org>

Date: Fri, 24 Jan 2020 00:27:04 +0000

Subject: [PATCH] upstream: when signing a certificate with an RSA key, default

 to

a safe signature algorithm (rsa-sha-512) if not is explicitly specified by

the user; ok markus@

OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9

---

 ssh-keygen.c | 14 +++++++++-----

 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/ssh-keygen.c b/ssh-keygen.c

index 564c3c481..f2192edb9 100644

--- a/ssh-keygen.c

+++ b/ssh-keygen.c

@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,

 	}

 	free(tmp);

-	if (key_type_name != NULL &&

-	    sshkey_type_from_name(key_type_name) != ca->type)  {

-		fatal("CA key type %s doesn't match specified %s",

-		    sshkey_ssh_name(ca), key_type_name);

+	if (key_type_name != NULL) {

+		if (sshkey_type_from_name(key_type_name) != ca->type) {

+			fatal("CA key type %s doesn't match specified %s",

+			    sshkey_ssh_name(ca), key_type_name);

+		}

+	} else if (ca->type == KEY_RSA) {

+		/* Default to a good signature algorithm */

+		key_type_name = "rsa-sha2-512";

 	}

 	for (i = 0; i < argc; i++) {

From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001

From: "djm@openbsd.org" <djm@openbsd.org>

Date: Mon, 20 May 2019 00:20:35 +0000

Subject: [PATCH] upstream: When signing certificates with an RSA key, default

 to

using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys

will therefore be incompatible with OpenSSH < 7.2 unless the default is

overridden.

Document the ability of the ssh-keygen -t flag to override the

signature algorithm when signing certificates, and the new default.

ok deraadt@

OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95

---

 ssh-keygen.1 | 13 +++++++++++--

 sshkey.c     |  9 ++++++++-

 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/ssh-keygen.1 b/ssh-keygen.1

index f29774249..673bf6e2f 100644

--- a/ssh-keygen.1

+++ b/ssh-keygen.1

@@ -35,7 +35,7 @@

 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF

 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

 .\"

-.Dd $Mdocdate: March 5 2019 $

+.Dd $Mdocdate: May 20 2019 $

 .Dt SSH-KEYGEN 1

 .Os

 .Sh NAME

@@ -577,6 +577,15 @@ The possible values are

 .Dq ed25519 ,

 or

 .Dq rsa .

+.Pp

+This flag may also be used to specify the desired signature type when

+signing certificates using a RSA CA key.

+The available RSA signature variants are

+.Dq ssh-rsa

+(SHA1 signatures, not recommended),

+.Dq rsa-sha2-256

+.Dq rsa-sha2-512

+(the default).

 .It Fl U

 When used in combination with

 .Fl s ,

diff --git a/sshkey.c b/sshkey.c

index 9849cb237..379a579cf 100644

--- a/sshkey.c

+++ b/sshkey.c

@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,

 	    strcmp(alg, k->cert->signature_type) != 0)

 		return SSH_ERR_INVALID_ARGUMENT;

+	/*

+	 * If no signing algorithm or signature_type was specified and we're

+	 * using a RSA key, then default to a good signature algorithm.

+	 */

+	if (alg == NULL && ca->type == KEY_RSA)

+		alg = "rsa-sha2-512";

+

 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)

 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;