aedd00
From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001
aedd00
From: "djm@openbsd.org" <djm@openbsd.org>
aedd00
Date: Fri, 24 Jan 2020 00:27:04 +0000
aedd00
Subject: [PATCH] upstream: when signing a certificate with an RSA key, default
aedd00
 to
aedd00
aedd00
a safe signature algorithm (rsa-sha-512) if not is explicitly specified by
aedd00
the user; ok markus@
aedd00
aedd00
OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9
aedd00
---
aedd00
 ssh-keygen.c | 14 +++++++++-----
aedd00
 1 file changed, 9 insertions(+), 5 deletions(-)
aedd00
aedd00
diff --git a/ssh-keygen.c b/ssh-keygen.c
aedd00
index 564c3c481..f2192edb9 100644
aedd00
--- a/ssh-keygen.c
aedd00
+++ b/ssh-keygen.c
aedd00
@@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent,
aedd00
 	}
aedd00
 	free(tmp);
aedd00
 
aedd00
-	if (key_type_name != NULL &&
aedd00
-	    sshkey_type_from_name(key_type_name) != ca->type)  {
aedd00
-		fatal("CA key type %s doesn't match specified %s",
aedd00
-		    sshkey_ssh_name(ca), key_type_name);
aedd00
+	if (key_type_name != NULL) {
aedd00
+		if (sshkey_type_from_name(key_type_name) != ca->type) {
aedd00
+			fatal("CA key type %s doesn't match specified %s",
aedd00
+			    sshkey_ssh_name(ca), key_type_name);
aedd00
+		}
aedd00
+	} else if (ca->type == KEY_RSA) {
aedd00
+		/* Default to a good signature algorithm */
aedd00
+		key_type_name = "rsa-sha2-512";
aedd00
 	}
aedd00
 
aedd00
 	for (i = 0; i < argc; i++) {
aedd00
aedd00
From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001
aedd00
From: "djm@openbsd.org" <djm@openbsd.org>
aedd00
Date: Mon, 20 May 2019 00:20:35 +0000
aedd00
Subject: [PATCH] upstream: When signing certificates with an RSA key, default
aedd00
 to
aedd00
aedd00
using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
aedd00
will therefore be incompatible with OpenSSH < 7.2 unless the default is
aedd00
overridden.
aedd00
aedd00
Document the ability of the ssh-keygen -t flag to override the
aedd00
signature algorithm when signing certificates, and the new default.
aedd00
aedd00
ok deraadt@
aedd00
aedd00
OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
aedd00
---
aedd00
 ssh-keygen.1 | 13 +++++++++++--
aedd00
 sshkey.c     |  9 ++++++++-
aedd00
 2 files changed, 19 insertions(+), 3 deletions(-)
aedd00
aedd00
diff --git a/ssh-keygen.1 b/ssh-keygen.1
aedd00
index f29774249..673bf6e2f 100644
aedd00
--- a/ssh-keygen.1
aedd00
+++ b/ssh-keygen.1
aedd00
@@ -35,7 +35,7 @@
aedd00
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
aedd00
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
aedd00
 .\"
aedd00
-.Dd $Mdocdate: March 5 2019 $
aedd00
+.Dd $Mdocdate: May 20 2019 $
aedd00
 .Dt SSH-KEYGEN 1
aedd00
 .Os
aedd00
 .Sh NAME
aedd00
@@ -577,6 +577,15 @@ The possible values are
aedd00
 .Dq ed25519 ,
aedd00
 or
aedd00
 .Dq rsa .
aedd00
+.Pp
aedd00
+This flag may also be used to specify the desired signature type when
aedd00
+signing certificates using a RSA CA key.
aedd00
+The available RSA signature variants are
aedd00
+.Dq ssh-rsa
aedd00
+(SHA1 signatures, not recommended),
aedd00
+.Dq rsa-sha2-256
aedd00
+.Dq rsa-sha2-512
aedd00
+(the default).
aedd00
 .It Fl U
aedd00
 When used in combination with
aedd00
 .Fl s ,
aedd00
diff --git a/sshkey.c b/sshkey.c
aedd00
index 9849cb237..379a579cf 100644
aedd00
--- a/sshkey.c
aedd00
+++ b/sshkey.c
aedd00
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
aedd00
 	    strcmp(alg, k->cert->signature_type) != 0)
aedd00
 		return SSH_ERR_INVALID_ARGUMENT;
aedd00
 
aedd00
+	/*
aedd00
+	 * If no signing algorithm or signature_type was specified and we're
aedd00
+	 * using a RSA key, then default to a good signature algorithm.
aedd00
+	 */
aedd00
+	if (alg == NULL && ca->type == KEY_RSA)
aedd00
+		alg = "rsa-sha2-512";
aedd00
+
aedd00
 	if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
aedd00
 		return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
aedd00
 
aedd00