From 4a41d245d6b13bd3882c8dc058dbd2e2b39a9f67 Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Fri, 24 Jan 2020 00:27:04 +0000 Subject: [PATCH] upstream: when signing a certificate with an RSA key, default to a safe signature algorithm (rsa-sha-512) if not is explicitly specified by the user; ok markus@ OpenBSD-Commit-ID: e05f638f0be6c0266e1d3d799716b461011e83a9 --- ssh-keygen.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/ssh-keygen.c b/ssh-keygen.c index 564c3c481..f2192edb9 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -1788,10 +1788,14 @@ do_ca_sign(struct passwd *pw, const char *ca_key_path, int prefer_agent, } free(tmp); - if (key_type_name != NULL && - sshkey_type_from_name(key_type_name) != ca->type) { - fatal("CA key type %s doesn't match specified %s", - sshkey_ssh_name(ca), key_type_name); + if (key_type_name != NULL) { + if (sshkey_type_from_name(key_type_name) != ca->type) { + fatal("CA key type %s doesn't match specified %s", + sshkey_ssh_name(ca), key_type_name); + } + } else if (ca->type == KEY_RSA) { + /* Default to a good signature algorithm */ + key_type_name = "rsa-sha2-512"; } for (i = 0; i < argc; i++) { From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 20 May 2019 00:20:35 +0000 Subject: [PATCH] upstream: When signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95 --- ssh-keygen.1 | 13 +++++++++++-- sshkey.c | 9 ++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f29774249..673bf6e2f 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: March 5 2019 $ +.Dd $Mdocdate: May 20 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -577,6 +577,15 @@ The possible values are .Dq ed25519 , or .Dq rsa . +.Pp +This flag may also be used to specify the desired signature type when +signing certificates using a RSA CA key. +The available RSA signature variants are +.Dq ssh-rsa +(SHA1 signatures, not recommended), +.Dq rsa-sha2-256 +.Dq rsa-sha2-512 +(the default). .It Fl U When used in combination with .Fl s , diff --git a/sshkey.c b/sshkey.c index 9849cb237..379a579cf 100644 --- a/sshkey.c +++ b/sshkey.c @@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, strcmp(alg, k->cert->signature_type) != 0) return SSH_ERR_INVALID_ARGUMENT; + /* + * If no signing algorithm or signature_type was specified and we're + * using a RSA key, then default to a good signature algorithm. + */ + if (alg == NULL && ca->type == KEY_RSA) + alg = "rsa-sha2-512"; + if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;