Cypherpunks.ru repositories - gostls13.git/commit

author	Filippo Valsorda <filippo@golang.org>
	Wed, 5 Dec 2018 03:23:22 +0000 (22:23 -0500)
committer	Dmitri Shuralyov <dmitshur@golang.org>
	Fri, 14 Dec 2018 01:04:07 +0000 (01:04 +0000)
commit	770130659b6fb2acf271476579a3644e093dda7f
tree	668352a12fb2461542e8c4e6848587c9ad4c0a5f	tree
parent	9c075b7c71703f6c4d815c5f7d5177476412c2ca	commit \| diff

crypto/x509: limit number of signature checks for each verification

That number grows quadratically with the number of intermediate
certificates in certain pathological cases (for example if they all have
the same Subject) leading to a CPU DoS. Set a fixed budget that should
fit all real world chains, given we only look at intermediates provided
by the peer.

The algorithm can be improved, but that's left for follow-up CLs:

    * the cache logic should be reviewed for correctness, as it seems to
      override the entire chain with the cached one
    * the equality check should compare Subject and public key, not the
      whole certificate
    * certificates with the right SKID but the wrong Subject should not
      be considered, and in particular should not take priority over
      certificates with the right Subject

Fixes #29233

Change-Id: Ib257c12cd5563df7723f9c81231d82b882854213
Reviewed-on: https://team-review.git.corp.google.com/c/370475
Reviewed-by: Andrew Bonventre <andybons@google.com>
Reviewed-on: https://go-review.googlesource.com/c/154105
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>

src/crypto/x509/cert_pool.go		diff \| blob \| history
src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history