3009ed
From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
3009ed
From: "djm@openbsd.org" <djm@openbsd.org>
3009ed
Date: Fri, 24 Jan 2020 00:27:04 +0000
3009ed
Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
3009ed
 to
3009ed
3009ed
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
3009ed
the user; ok markus@
3009ed
3009ed
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
3009ed
---
3009ed
 ssh-keygen.c | 14 +++++++++-----
3009ed
 1 file changed, 9 insertions(+), 5 deletions(-)
3009ed
3009ed
diff --git a/ssh-keygen.c b/ssh-keygen.c
3009ed
index 564c3c481..f2192edb9 100644
3009ed
--- a/ssh-keygen.c
3009ed
+++ b/ssh-keygen.c
3009ed
@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
3009ed
 	}
3009ed
 	free(tmp);
3009ed
 
3009ed
-	if (key_type_name != NULL &&
3009ed
-	    sshkey_type_from_name(key_type_name) != ca->type)  {
3009ed
-		fatal("CA key type %s doesn't match specified %s",
3009ed
-		    sshkey_ssh_name(ca), key_type_name);
3009ed
+	if (key_type_name != NULL) {
3009ed
+		if (sshkey_type_from_name(key_type_name) != ca->type) {
3009ed
+			fatal("CA key type %s doesn't match specified %s",
3009ed
+			    sshkey_ssh_name(ca), key_type_name);
3009ed
+		}
3009ed
+	} else if (ca->type == KEY_RSA) {
3009ed
+		/* Default to a good signature algorithm */
3009ed
+		key_type_name = "rsa-sha2-512";
3009ed
 	}
3009ed
 
3009ed
 	for (i = 0; i < argc; i++) {
3009ed
3009ed
From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
3009ed
From: "djm@openbsd.org" <djm@openbsd.org>
3009ed
Date: Mon, 20 May 2019 00:20:35 +0000
3009ed
Subject: [PATCH] upstream: When signing certificates with an RSA key, default
3009ed
 to
3009ed
3009ed
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
3009ed
will therefore be incompatible with OpenSSH < 7.2 unless the default is
3009ed
overridden.
3009ed
3009ed
Document the ability of the ssh-keygen -t flag to override the
3009ed
signature algorithm when signing certificates, and the new default.
3009ed
3009ed
ok deraadt@
3009ed
3009ed
OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
3009ed
---
3009ed
 ssh-keygen.1 | 13 +++++++++++--
3009ed
 sshkey.c     |  9 ++++++++-
3009ed
 2 files changed, 19 insertions(+), 3 deletions(-)
3009ed
3009ed
diff --git a/ssh-keygen.1 b/ssh-keygen.1
3009ed
index f29774249..673bf6e2f 100644
3009ed
--- a/ssh-keygen.1
3009ed
+++ b/ssh-keygen.1
3009ed
@@ -35,7 +35,7 @@
3009ed
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
3009ed
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
3009ed
 .\"
3009ed
-.Dd $Mdocdate: March 5 2019 $
3009ed
+.Dd $Mdocdate: May 20 2019 $
3009ed
 .Dt SSH-KEYGEN 1
3009ed
 .Os
3009ed
 .Sh NAME
3009ed
@@ -577,6 +577,15 @@ The possible values are
3009ed
 .Dq ed25519 ,
3009ed
 or
3009ed
 .Dq rsa .
3009ed
+.Pp
3009ed
+This flag may also be used to specify the desired signature type when
3009ed
+signing certificates using a RSA CA key.
3009ed
+The available RSA signature variants are
3009ed
+.Dq ssh-rsa
3009ed
+(SHA1 signatures, not recommended),
3009ed
+.Dq rsa-sha2-256
3009ed
+.Dq rsa-sha2-512
3009ed
+(the default).
3009ed
 .It Fl U
3009ed
 When used in combination with
3009ed
 .Fl s ,
3009ed
diff --git a/sshkey.c b/sshkey.c
3009ed
index 9849cb237..379a579cf 100644
3009ed
--- a/sshkey.c
3009ed
+++ b/sshkey.c
3009ed
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
3009ed
 	    strcmp(alg, k->cert->signature_type) != 0)
3009ed
 		return SSH_ERR_INVALID_ARGUMENT;
3009ed
 
3009ed
+	/*
3009ed
+	 * If no signing algorithm or signature_type was specified and we're
3009ed
+	 * using a RSA key, then default to a good signature algorithm.
3009ed
+	 */
3009ed
+	if (alg == NULL && ca->type == KEY_RSA)
3009ed
+		alg = "rsa-sha2-512";
3009ed
+
3009ed
 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
3009ed
 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
3009ed
 
3009ed