upstream: When signing certificates with an RSA key, default to

using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.

Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.

ok deraadt@

OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95
This commit is contained in:
djm@openbsd.org 2019-05-20 00:20:35 +00:00 committed by Damien Miller
parent 606077ee1e
commit 476e3551b2
2 changed files with 19 additions and 3 deletions

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.158 2019/04/19 05:47:44 dtucker Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.159 2019/05/20 00:20:35 djm Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: April 19 2019 $
.Dd $Mdocdate: May 20 2019 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -577,6 +577,15 @@ The possible values are
.Dq ed25519 ,
or
.Dq rsa .
.Pp
This flag may also be used to specify the desired signature type when
signing certificates using a RSA CA key.
The available RSA signature variants are
.Dq ssh-rsa
(SHA1 signatures, not recommended),
.Dq rsa-sha2-256
.Dq rsa-sha2-512
(the default).
.It Fl U
When used in combination with
.Fl s ,

View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshkey.c,v 1.74 2019/05/03 03:25:18 dtucker Exp $ */
/* $OpenBSD: sshkey.c,v 1.75 2019/05/20 00:20:35 djm Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Alexander von Gernler. All rights reserved.
@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
strcmp(alg, k->cert->signature_type) != 0)
return SSH_ERR_INVALID_ARGUMENT;
/*
* If no signing algorithm or signature_type was specified and we're
* using a RSA key, then default to a good signature algorithm.
*/
if (alg == NULL && ca->type == KEY_RSA)
alg = "rsa-sha2-512";
if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;