From 476e3551b2952ef73acc43d995e832539bf9bc4d Mon Sep 17 00:00:00 2001 From: "djm@openbsd.org" Date: Mon, 20 May 2019 00:20:35 +0000 Subject: [PATCH] upstream: When signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH < 7.2 unless the default is overridden. Document the ability of the ssh-keygen -t flag to override the signature algorithm when signing certificates, and the new default. ok deraadt@ OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95 --- ssh-keygen.1 | 13 +++++++++++-- sshkey.c | 9 ++++++++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/ssh-keygen.1 b/ssh-keygen.1 index f29774249..673bf6e2f 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ssh-keygen.1,v 1.158 2019/04/19 05:47:44 dtucker Exp $ +.\" $OpenBSD: ssh-keygen.1,v 1.159 2019/05/20 00:20:35 djm Exp $ .\" .\" Author: Tatu Ylonen .\" Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -35,7 +35,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.Dd $Mdocdate: April 19 2019 $ +.Dd $Mdocdate: May 20 2019 $ .Dt SSH-KEYGEN 1 .Os .Sh NAME @@ -577,6 +577,15 @@ The possible values are .Dq ed25519 , or .Dq rsa . +.Pp +This flag may also be used to specify the desired signature type when +signing certificates using a RSA CA key. +The available RSA signature variants are +.Dq ssh-rsa +(SHA1 signatures, not recommended), +.Dq rsa-sha2-256 +.Dq rsa-sha2-512 +(the default). .It Fl U When used in combination with .Fl s , diff --git a/sshkey.c b/sshkey.c index 9849cb237..379a579cf 100644 --- a/sshkey.c +++ b/sshkey.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshkey.c,v 1.74 2019/05/03 03:25:18 dtucker Exp $ */ +/* $OpenBSD: sshkey.c,v 1.75 2019/05/20 00:20:35 djm Exp $ */ /* * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved. * Copyright (c) 2008 Alexander von Gernler. All rights reserved. @@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg, strcmp(alg, k->cert->signature_type) != 0) return SSH_ERR_INVALID_ARGUMENT; + /* + * If no signing algorithm or signature_type was specified and we're + * using a RSA key, then default to a good signature algorithm. + */ + if (alg == NULL && ca->type == KEY_RSA) + alg = "rsa-sha2-512"; + if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0) return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;