Skip to content

fix: Add additional verification checks to ECDSA curves#5736

Merged
jouho merged 10 commits intomainfrom
ecdsa_fix
Feb 18, 2026
Merged

fix: Add additional verification checks to ECDSA curves#5736
jouho merged 10 commits intomainfrom
ecdsa_fix

Conversation

@maddeleine
Copy link
Copy Markdown
Contributor

@maddeleine maddeleine commented Feb 16, 2026

Goal

Adds additional verification checks to ECDSA curves.

Why

s2n-tls did not verify which specific curve was used in a cert verify/key exchange message. We consider this a bug rather than a security issue given how unrealistic signature spoofing would be within the timeframe of a TLS handshake.

How

Adds checks to make sure that we are correctly verifying which curve is used for a peer's signature in the TLS1.2 and TLS.13 codepaths.

Callouts

There exists a slight mismatch here, an s2n-tls server will still use whichever certificate it has on hand, as long as the signature type is supported by the peer. We probably should fix that behavior as well on the server side.

Testing

Adds unit tests for both TLS1.2 and TLS1.3

Related

release summary: s2n-tls now errors if a peer sent an ECDSA signature with a mislabeled curve.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@github-actions github-actions bot added the s2n-core team label Feb 16, 2026
maddeleine
maddeleine commented Feb 16, 2026
View reviewed changes
tests/unit/s2n_security_policies_test.c
/* "default_fips" */
{
const struct s2n_security_policy *versioned_policies[] = {
&security_policy_20240416,
Copy link
Copy Markdown
Contributor Author

@maddeleine maddeleine Feb 16, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, if you're wondering what's happening here, basically, this security policy only advertises support for two signature curves, p256 and p384. And this test checks all cert permutations, which means that it will try to negotiate with a p521 curve, which now fails. Unfortunately s2n_test_cert_chains_set_supported doesn't allow you to mark specific curve types as being not supported. I'm not really sure if it's worth the effort to add that in.

jmayclin
jmayclin reviewed Feb 17, 2026
View reviewed changes
@maddeleine maddeleine requested a review from jmayclin February 17, 2026 22:38
@maddeleine maddeleine changed the title bug: Add additional verification checks to ECDSA curves fix: Add additional verification checks to ECDSA curves Feb 18, 2026
@maddeleine maddeleine added this pull request to the merge queue Feb 18, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Feb 18, 2026
@jouho jouho added this pull request to the merge queue Feb 18, 2026
Merged via the queue into main with commit b2433cb Feb 18, 2026
57 checks passed
@jouho jouho deleted the ecdsa_fix branch February 18, 2026 23:37
@maddeleine maddeleine mentioned this pull request Feb 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jmayclin jmayclin jmayclin approved these changes

@CarolYeh910 CarolYeh910 CarolYeh910 approved these changes

Assignees

No one assigned

Labels

s2n-core team

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@maddeleine @jmayclin @CarolYeh910 @jouho