0d83e7
From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
0d83e7
From: "djm@openbsd.org" <djm@openbsd.org>
0d83e7
Date: Fri, 24 Jan 2020 00:27:04 +0000
0d83e7
Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
0d83e7
 to
0d83e7
0d83e7
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
0d83e7
the user; ok markus@
0d83e7
0d83e7
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
0d83e7
---
0d83e7
 ssh-keygen.c | 14 +++++++++-----
0d83e7
 1 file changed, 9 insertions(+), 5 deletions(-)
0d83e7
0d83e7
diff --git a/ssh-keygen.c b/ssh-keygen.c
0d83e7
index 564c3c481..f2192edb9 100644
0d83e7
--- a/ssh-keygen.c
0d83e7
+++ b/ssh-keygen.c
0d83e7
@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
0d83e7
 	}
0d83e7
 	free(tmp);
0d83e7
 
0d83e7
-	if (key_type_name != NULL &&
0d83e7
-	    sshkey_type_from_name(key_type_name) != ca->type)  {
0d83e7
-		fatal("CA key type %s doesn't match specified %s",
0d83e7
-		    sshkey_ssh_name(ca), key_type_name);
0d83e7
+	if (key_type_name != NULL) {
0d83e7
+		if (sshkey_type_from_name(key_type_name) != ca->type) {
0d83e7
+			fatal("CA key type %s doesn't match specified %s",
0d83e7
+			    sshkey_ssh_name(ca), key_type_name);
0d83e7
+		}
0d83e7
+	} else if (ca->type == KEY_RSA) {
0d83e7
+		/* Default to a good signature algorithm */
0d83e7
+		key_type_name = "rsa-sha2-512";
0d83e7
 	}
0d83e7
 
0d83e7
 	for (i = 0; i < argc; i++) {
0d83e7
0d83e7
From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
0d83e7
From: "djm@openbsd.org" <djm@openbsd.org>
0d83e7
Date: Mon, 20 May 2019 00:20:35 +0000
0d83e7
Subject: [PATCH] upstream: When signing certificates with an RSA key, default
0d83e7
 to
0d83e7
0d83e7
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
0d83e7
will therefore be incompatible with OpenSSH < 7.2 unless the default is
0d83e7
overridden.
0d83e7
0d83e7
Document the ability of the ssh-keygen -t flag to override the
0d83e7
signature algorithm when signing certificates, and the new default.
0d83e7
0d83e7
ok deraadt@
0d83e7
0d83e7
OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
0d83e7
---
0d83e7
 ssh-keygen.1 | 13 +++++++++++--
0d83e7
 sshkey.c     |  9 ++++++++-
0d83e7
 2 files changed, 19 insertions(+), 3 deletions(-)
0d83e7
0d83e7
diff --git a/ssh-keygen.1 b/ssh-keygen.1
0d83e7
index f29774249..673bf6e2f 100644
0d83e7
--- a/ssh-keygen.1
0d83e7
+++ b/ssh-keygen.1
0d83e7
@@ -35,7 +35,7 @@
0d83e7
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
0d83e7
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
0d83e7
 .\"
0d83e7
-.Dd $Mdocdate: March 5 2019 $
0d83e7
+.Dd $Mdocdate: May 20 2019 $
0d83e7
 .Dt SSH-KEYGEN 1
0d83e7
 .Os
0d83e7
 .Sh NAME
0d83e7
@@ -577,6 +577,15 @@ The possible values are
0d83e7
 .Dq ed25519 ,
0d83e7
 or
0d83e7
 .Dq rsa .
0d83e7
+.Pp
0d83e7
+This flag may also be used to specify the desired signature type when
0d83e7
+signing certificates using a RSA CA key.
0d83e7
+The available RSA signature variants are
0d83e7
+.Dq ssh-rsa
0d83e7
+(SHA1 signatures, not recommended),
0d83e7
+.Dq rsa-sha2-256
0d83e7
+.Dq rsa-sha2-512
0d83e7
+(the default).
0d83e7
 .It Fl U
0d83e7
 When used in combination with
0d83e7
 .Fl s ,
0d83e7
diff --git a/sshkey.c b/sshkey.c
0d83e7
index 9849cb237..379a579cf 100644
0d83e7
--- a/sshkey.c
0d83e7
+++ b/sshkey.c
0d83e7
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
0d83e7
 	    strcmp(alg, k->cert->signature_type) != 0)
0d83e7
 		return SSH_ERR_INVALID_ARGUMENT;
0d83e7
 
0d83e7
+	/*
0d83e7
+	 * If no signing algorithm or signature_type was specified and we're
0d83e7
+	 * using a RSA key, then default to a good signature algorithm.
0d83e7
+	 */
0d83e7
+	if (alg == NULL && ca->type == KEY_RSA)
0d83e7
+		alg = "rsa-sha2-512";
0d83e7
+
0d83e7
 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
0d83e7
 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
0d83e7
 
0d83e7