Commit 77013065 authored Dec 04, 2018 by Filippo Valsorda Committed by Dmitri Shuralyov Dec 14, 2018

crypto/x509: limit number of signature checks for each verification

That number grows quadratically with the number of intermediate
certificates in certain pathological cases (for example if they all have
the same Subject) leading to a CPU DoS. Set a fixed budget that should
fit all real world chains, given we only look at intermediates provided
by the peer.

The algorithm can be improved, but that's left for follow-up CLs:

    * the cache logic should be reviewed for correctness, as it seems to
      override the entire chain with the cached one
    * the equality check should compare Subject and public key, not the
      whole certificate
    * certificates with the right SKID but the wrong Subject should not
      be considered, and in particular should not take priority over
      certificates with the right Subject

Fixes #29233

Change-Id: Ib257c12cd5563df7723f9c81231d82b882854213
Reviewed-on: https://team-review.git.corp.google.com/c/370475


Reviewed-by: Andrew Bonventre <andybons@google.com>
Reviewed-on: https://go-review.googlesource.com/c/154105


Reviewed-by: Filippo Valsorda <filippo@golang.org>
Run-TryBot: Filippo Valsorda <filippo@golang.org>

parent 9c075b7c

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit aa95a1eb
· Feb 17, 2021

mentioned in commit aa95a1eb

mentioned in commit aa95a1eb5a3423d96873946d47c663bdc8f3565e

Toggle commit list

Please to comment