Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce maximum signature count #273

Merged
merged 2 commits into from
Aug 30, 2023
Merged

Enforce maximum signature count #273

merged 2 commits into from
Aug 30, 2023

Commits on Aug 30, 2023

  1. Cherry pick f0259b9: verify: break out build_chain recursion. 

    [`git cherry-pick f0259b9`, merged by Brian Smith.]

Crate-internal consumers of `build_chain` always pass `0` as the sub CA
count, only the `verify_cert.rs` internal recursion changes this
parameter.

This commit separates the external interface from the internal
recursion to remove one extra parameter from an already complicated
interface.
    @cpu @briansmith
    cpu authored and briansmith committed Aug 30, 2023
    Configuration menu
    Copy the full SHA
    179e0db View commit details
    Browse the repository at this point in the history

  2. verify_cert: enforce maximum number of signatures. 

    Cherry-picked from e473ee1 and modified
by Brian Smith. The main modifications were:

1. Maintain API compatibility with webpki 0.22.0.
2. (In `build_chain_inner`), stop immediately on fatal error, without
   considering any more paths. The point of having such fatal errors
   is to fail ASAP and avoid unneeded work in the failure case.
3. The test uses rcgen which requires Rust 1.67.0 or later. (I don't
   think the non-test MSRV of webpki changes though.)

The original commit message is below:

Pathbuilding complexity can be quadratic, particularly when the set of
intermediates all have subjects matching a trust anchor. In these cases
we need to bound the number of expensive signature validation operations
that are performed to avoid a DoS on CPU usage.

This commit implements a simple maximum signature check limit inspired
by the approach taken in the Golang x509 package. No more than 100
signatures will be evaluated while pathbuilding. This limit works in
practice for Go when processing real world certificate chains and so
should be appropriate for our use case as well.
    @cpu @briansmith
    cpu authored and briansmith committed Aug 30, 2023
    Configuration menu
    Copy the full SHA
    5512b6e View commit details
    Browse the repository at this point in the history