Skip to content

fix: reject ambiguous cert signature wrappers#53

Merged
leopoldjoy merged 4 commits into
mainfrom
security/strict-cert-signature-wrapper
Jul 7, 2026
Merged

fix: reject ambiguous cert signature wrappers#53
leopoldjoy merged 4 commits into
mainfrom
security/strict-cert-signature-wrapper

Conversation

@leopoldjoy

Copy link
Copy Markdown
Contributor

Summary

  • require the certificate signature BIT STRING to contain exactly one ASN.1 SEQUENCE
  • require that sequence to contain exactly two INTEGER children for r and s
  • reject substituted signature-wrapper tags and trailing ignored signature fields

Security value

This closes an outside-TBS certificate malleability surface where alternate signature wrappers could be accepted and interpreted differently from strict DER/X.509 parsers.

Tests

  • forge fmt --check src test
  • forge test --match-test 'test_VerifyCACertWithHints_RejectsSignatureWrapperTagSubstitution|test_VerifyCACertWithHints_RejectsTrailingSignatureFields|test_VerifyCACertWithHints_ShortS_Regression' -vvv

Note

Latest main already fails test_DeployableContractsFitEIP170 locally with CertManager runtime bytes 24,708 > 24,576, so full-suite verification remains blocked by that pre-existing size issue.

leopoldjoy and others added 4 commits June 26, 2026 12:46
Co-authored-by: OpenCode <opencode-noreply@coinbase.com>
Co-authored-by: OpenCode <opencode-noreply@coinbase.com>
Co-authored-by: OpenCode <opencode-noreply@coinbase.com>
Co-authored-by: OpenCode <opencode-noreply@coinbase.com>
@leopoldjoy leopoldjoy merged commit c504bd1 into main Jul 7, 2026
8 checks passed
@leopoldjoy leopoldjoy deleted the security/strict-cert-signature-wrapper branch July 7, 2026 13:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants