upstream: When signing certificates with an RSA key, default to

using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys
will therefore be incompatible with OpenSSH < 7.2 unless the default is
overridden.

Document the ability of the ssh-keygen -t flag to override the
signature algorithm when signing certificates, and the new default.

ok deraadt@

OpenBSD-Commit-ID: 400c9c15013978204c2cb80f294b03ae4cfc8b95

1 files changed, 8 insertions, 1 deletions

diff --git a/sshkey.c b/sshkey.c
index 9849cb237..379a579cf 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.74 2019/05/03 03:25:18 dtucker Exp $ */
+/* $OpenBSD: sshkey.c,v 1.75 2019/05/20 00:20:35 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -2528,6 +2528,13 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
             strcmp(alg, k->cert->signature_type) != 0)
                 return SSH_ERR_INVALID_ARGUMENT;
 
+        /*
+         * If no signing algorithm or signature_type was specified and we're
+         * using a RSA key, then default to a good signature algorithm.
+         */
+        if (alg == NULL && ca->type == KEY_RSA)
+                alg = "rsa-sha2-512";
+
         if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
                 return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;