Bug 3198

Summary:

Custom critical options and extensions are not lexically ordered

Product:

Portable OpenSSH

Reporter:

Mariano Cano <mariano.cano>

Component:

ssh-keygen

Assignee:

Damien Miller <djm>

Status:

CLOSED FIXED

Severity:

normal

CC:

djm, dtucker

Priority:

Version:

-current

Hardware:

amd64

OS:

Mac OS X

Bug Depends on:

Bug Blocks:

3162

Attachments:

Description	Flags
explicitly sort certificate extensions sections	dtucker: ok+

Description Mariano Cano 2020-07-28 07:50:05 AEST

According to PROTOCOL.certkeys critical options must be lexically ordered by name:

```
Options must be lexically ordered by "name" if they appear in the
sequence. Each named option may only appear once in a certificate.
```

This works for the well-known options 'source-address' and 'force-command' but if custom critical options are passed, they will appear in the order passed in:

```
$ ssh-keygen -I key-id -O critical:a@foo.com=a -O critical:c@foo.com=c -O critical:b@foo.com=b -s ca.key user.pub
Signed user key user-cert.pub: id "key-id" serial 0 valid forever
```

They will be stored in the same order and will appear in that order when inspecting the certificate:
```
user-cert.pub:
        Type: ssh-rsa-cert-v01@openssh.com user certificate
        Public key: RSA-CERT SHA256:5XSDsn5usZ40pRyDsJnR2KWKacRc29ufR+U8KLYBqGw
        Signing CA: ECDSA SHA256:rmAjupXaId7QQode/ThbhY/t427k9EKtTfNQHn5AkPk (using ecdsa-sha2-nistp256)
        Key ID: "key-id"
        Serial: 0
        Valid: forever
        Principals: (none)
        Critical Options:
                a@foo.com UNKNOWN OPTION (len 5)
                c@foo.com UNKNOWN OPTION (len 5)
                b@foo.com UNKNOWN OPTION (len 5)
        Extensions:
                permit-X11-forwarding
                permit-agent-forwarding
                permit-port-forwarding
                permit-pty
                permit-user-rc
```

Comment 1 Mariano Cano 2020-07-28 08:10:53 AEST

The same will occur on regular extension, PROTOCOL.certkeys states:

... The encoding and ordering of extensions in this field is 
identical to that of the critical options, as is the requirement
that each name appear only once. 

But a certificate created with the following command will have the specified extension at the end of the standard ones:

ssh-keygen -s ca-key -I key-id -O extension:login@github.com=username user-key.pub

Comment 2 Damien Miller 2020-07-29 13:42:36 AEST

Created attachment 3434 [details]
explicitly sort certificate extensions sections

Nice catch. This should fix it.

Comment 3 Darren Tucker 2020-07-31 14:00:55 AEST

Comment on attachment 3434 [details]
explicitly sort certificate extensions sections

assuming the tests pass :-)

Comment 4 Damien Miller 2020-08-03 12:54:01 AEST

patch applied - thanks

Comment 5 Darren Tucker 2020-10-02 14:55:01 AEST

Mass close of all bugs fixed in 8.4 release.