v0.100.3 preparation

Cargo.toml

@@ -21,7 +21,7 @@ license-file = "LICENSE"
 name = "rustls-webpki"
 readme = "README.md"
 repository = "https://github.com/rustls/webpki"
-version = "0.100.2"
+version = "0.100.3"
 
 include = [
     "Cargo.toml",

src/end_entity.rs

@@ -97,8 +97,6 @@ impl<'a> EndEntityCert<'a> {
             intermediate_certs,
             &self.inner,
             time,
-            0,
-            &mut 0_usize,
         )
     }
 
@@ -130,8 +128,6 @@ impl<'a> EndEntityCert<'a> {
             intermediate_certs,
             &self.inner,
             time,
-            0,
-            &mut 0_usize,
         )
     }
 

src/error.rs

@@ -13,6 +13,7 @@
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
 use core::fmt;
+use core::ops::ControlFlow;
 
 /// An error that occurs during certificate validation or name validation.
 #[derive(Clone, Copy, Debug, PartialEq, Eq)]
@@ -48,23 +49,47 @@ pub enum Error {
     /// the notAfter time is earlier than the notBefore time.
     InvalidCertValidity,
 
+    /// A iPAddress name constraint was invalid:
+    /// - it had a sparse network mask (ie, cannot be written in CIDR form).
+    /// - it was too long or short
+    InvalidNetworkMaskConstraint,
+
     /// The signature is invalid for the given public key.
     InvalidSignatureForPublicKey,
 
+    /// The certificate extensions are malformed.
+    ///
+    /// In particular, webpki requires the DNS name(s) be in the subjectAltName
+    /// extension as required by the CA/Browser Forum Baseline Requirements
+    /// and as recommended by RFC6125.
+    MalformedExtensions,
+
+    /// The maximum number of name constraint comparisons has been reached.
+    MaximumNameConstraintComparisonsExceeded,
+
+    /// The maximum number of internal path building calls has been reached. Path complexity is too great.
+    MaximumPathBuildCallsExceeded,
+
+    /// The path search was terminated because it became too deep.
+    MaximumPathDepthExceeded,
+
+    /// The maximum number of signature checks has been reached. Path complexity is too great.
+    MaximumSignatureChecksExceeded,
+
     /// The certificate violates one or more name constraints.
     NameConstraintViolation,
 
     /// The certificate violates one or more path length constraints.
     PathLenConstraintViolated,
 
-    /// The algorithm in the TBSCertificate "signature" field of a certificate
-    /// does not match the algorithm in the signature of the certificate.
-    SignatureAlgorithmMismatch,
-
     /// The certificate is not valid for the Extended Key Usage for which it is
     /// being validated.
     RequiredEkuNotFound,
 
+    /// The algorithm in the TBSCertificate "signature" field of a certificate
+    /// does not match the algorithm in the signature of the certificate.
+    SignatureAlgorithmMismatch,
+
     /// A valid issuer for the certificate could not be found.
     UnknownIssuer,
 
@@ -74,19 +99,13 @@ pub enum Error {
     /// is malformed.
     UnsupportedCertVersion,
 
-    /// The certificate extensions are malformed.
-    ///
-    /// In particular, webpki requires the DNS name(s) be in the subjectAltName
-    /// extension as required by the CA/Browser Forum Baseline Requirements
-    /// and as recommended by RFC6125.
-    MalformedExtensions,
-
-    /// The maximum number of signature checks has been reached. Path complexity is too great.
-    MaximumSignatureChecksExceeded,
-
     /// The certificate contains an unsupported critical extension.
     UnsupportedCriticalExtension,
 
+    /// The signature algorithm for a signature is not in the set of supported
+    /// signature algorithms given.
+    UnsupportedSignatureAlgorithm,
+
     /// The signature's algorithm does not match the algorithm of the public
     /// key it is being validated for. This may be because the public key
     /// algorithm's OID isn't recognized (e.g. DSA), or the public key
@@ -95,15 +114,31 @@ pub enum Error {
     /// algorithm and the signature algorithm simply don't match (e.g.
     /// verifying an RSA signature with an ECC public key).
     UnsupportedSignatureAlgorithmForPublicKey,
+}
 
-    /// The signature algorithm for a signature is not in the set of supported
-    /// signature algorithms given.
-    UnsupportedSignatureAlgorithm,
+impl Error {
+    /// Returns true for errors that should be considered fatal during path building. Errors of
+    /// this class should halt any further path building and be returned immediately.
+    #[inline]
+    pub(crate) fn is_fatal(&self) -> bool {
+        matches!(
+            self,
+            Error::MaximumSignatureChecksExceeded
+                | Error::MaximumPathBuildCallsExceeded
+                | Error::MaximumNameConstraintComparisonsExceeded
+        )
+    }
+}
 
-    /// A iPAddress name constraint was invalid:
-    /// - it had a sparse network mask (ie, cannot be written in CIDR form).
-    /// - it was too long or short
-    InvalidNetworkMaskConstraint,
+impl From<Error> for ControlFlow<Error, Error> {
+    fn from(value: Error) -> Self {
+        match value {
+            // If an error is fatal, we've exhausted the potential for continued search.
+            err if err.is_fatal() => Self::Break(err),
+            // Otherwise we've rejected one candidate chain, but may continue to search for others.
+            err => Self::Continue(err),
+        }
+    }
 }
 
 impl fmt::Display for Error {

src/signed_data.rs

@@ -12,6 +12,7 @@
 // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
+use crate::verify_cert::Budget;
 use crate::{der, Error};
 use ring::signature;
 
@@ -96,7 +97,10 @@ pub(crate) fn verify_signed_data(
     supported_algorithms: &[&SignatureAlgorithm],
     spki_value: untrusted::Input,
     signed_data: &SignedData,
+    budget: &mut Budget,
 ) -> Result<(), Error> {
+    budget.consume_signature()?;
+
     // We need to verify the signature in `signed_data` using the public key
     // in `public_key`. In order to know which *ring* signature verification
     // algorithm to use, we need to know the public key algorithm (ECDSA,
@@ -438,7 +442,8 @@ mod tests {
             signed_data::verify_signed_data(
                 SUPPORTED_ALGORITHMS_IN_TESTS,
                 spki_value,
-                &signed_data
+                &signed_data,
+                &mut Budget::default()
             )
         );
     }
@@ -735,6 +740,7 @@ mod tests {
         }
     }
 
+    use crate::verify_cert::Budget;
     use alloc::str::Lines;
 
     fn read_pem_section(lines: &mut Lines, section_name: &str) -> Vec<u8> {

src/subject_name/verify.rs

@@ -19,7 +19,9 @@ use super::{
 };
 use crate::{
     cert::{Cert, EndEntityOrCa},
-    der, Error,
+    der,
+    verify_cert::Budget,
+    Error,
 };
 
 pub(crate) fn verify_cert_dns_name(
@@ -33,7 +35,7 @@ pub(crate) fn verify_cert_dns_name(
         cert.subject_alt_name,
         SubjectCommonNameContents::Ignore,
         Err(Error::CertNotValidForName),
-        &|name| {
+        &mut |name| {
             if let GeneralName::DnsName(presented_id) = name {
                 match dns_name::presented_id_matches_reference_id(presented_id, dns_name) {
                     Some(true) => return NameIteration::Stop(Ok(())),
@@ -67,7 +69,7 @@ pub(crate) fn verify_cert_subject_name(
         cert.inner().subject_alt_name,
         SubjectCommonNameContents::Ignore,
         Err(Error::CertNotValidForName),
-        &|name| {
+        &mut |name| {
             if let GeneralName::IpAddress(presented_id) = name {
                 match ip_address::presented_id_matches_reference_id(presented_id, ip_address) {
                     Ok(true) => return NameIteration::Stop(Ok(())),
@@ -87,6 +89,7 @@ pub(crate) fn check_name_constraints(
     input: Option<&mut untrusted::Reader>,
     subordinate_certs: &Cert,
     subject_common_name_contents: SubjectCommonNameContents,
+    budget: &mut Budget,
 ) -> Result<(), Error> {
     let input = match input {
         Some(input) => input,
@@ -115,11 +118,12 @@ pub(crate) fn check_name_constraints(
             child.subject_alt_name,
             subject_common_name_contents,
             Ok(()),
-            &|name| {
+            &mut |name| {
                 check_presented_id_conforms_to_constraints(
                     name,
                     permitted_subtrees,
                     excluded_subtrees,
+                    budget,
                 )
             },
         )?;
@@ -139,11 +143,13 @@ fn check_presented_id_conforms_to_constraints(
     name: GeneralName,
     permitted_subtrees: Option<untrusted::Input>,
     excluded_subtrees: Option<untrusted::Input>,
+    budget: &mut Budget,
 ) -> NameIteration {
     match check_presented_id_conforms_to_constraints_in_subtree(
         name,
         Subtrees::PermittedSubtrees,
         permitted_subtrees,
+        budget,
     ) {
         stop @ NameIteration::Stop(..) => {
             return stop;
@@ -155,6 +161,7 @@ fn check_presented_id_conforms_to_constraints(
         name,
         Subtrees::ExcludedSubtrees,
         excluded_subtrees,
+        budget,
     )
 }
 
@@ -168,6 +175,7 @@ fn check_presented_id_conforms_to_constraints_in_subtree(
     name: GeneralName,
     subtrees: Subtrees,
     constraints: Option<untrusted::Input>,
+    budget: &mut Budget,
 ) -> NameIteration {
     let mut constraints = match constraints {
         Some(constraints) => untrusted::Reader::new(constraints),
@@ -180,6 +188,10 @@ fn check_presented_id_conforms_to_constraints_in_subtree(
     let mut has_permitted_subtrees_mismatch = false;
 
     while !constraints.at_end() {
+        if let Err(e) = budget.consume_name_constraint_comparison() {
+            return NameIteration::Stop(Err(e));
+        }
+
         // http://tools.ietf.org/html/rfc5280#section-4.2.1.10: "Within this
         // profile, the minimum and maximum fields are not used with any name
         // forms, thus, the minimum MUST be zero, and maximum MUST be absent."
@@ -307,7 +319,7 @@ fn iterate_names(
     subject_alt_name: Option<untrusted::Input>,
     subject_common_name_contents: SubjectCommonNameContents,
     result_if_never_stopped_early: Result<(), Error>,
-    f: &dyn Fn(GeneralName) -> NameIteration,
+    f: &mut dyn FnMut(GeneralName) -> NameIteration,
 ) -> Result<(), Error> {
     if let Some(subject_alt_name) = subject_alt_name {
         let mut subject_alt_name = untrusted::Reader::new(subject_alt_name);