rust
/
webpki
mirror of https://github.com/briansmith/webpki
1
0
Fork 0
Code Issues Releases Wiki Activity
353 Commits 13 Branches 12 Tags 1.3 MiB
Rust 93.7%
Shell 6.3%
Go to file
Daniel McCarney 30a108e080 verify_cert: enforce maximum number of signatures. 
Cherry-picked from e473ee1ecb335d8efa3d4ceb2feb369f46b125f2 and modified
by Brian Smith. The main modifications were:

1. Maintain API compatibility with webpki 0.22.0.
2. (In `build_chain_inner`), stop immediately on fatal error, without
   considering any more paths. The point of having such fatal errors
   is to fail ASAP and avoid unneeded work in the failure case.
3. The test uses rcgen which requires Rust 1.67.0 or later. (I don't
   think the non-test MSRV of webpki changes though.)

The original commit message is below:

Pathbuilding complexity can be quadratic, particularly when the set of
intermediates all have subjects matching a trust anchor. In these cases
we need to bound the number of expensive signature validation operations
that are performed to avoid a DoS on CPU usage.

This commit implements a simple maximum signature check limit inspired
by the approach taken in the Golang x509 package. No more than 100
signatures will be evaluated while pathbuilding. This limit works in
practice for Go when processing real world certificate chains and so
should be appropriate for our use case as well.
 		2023-08-30 14:08:00 -07:00
.github/workflows verify_cert: enforce maximum number of signatures. 2023-08-30 14:08:00 -07:00
mk verify_cert: enforce maximum number of signatures. 2023-08-30 14:08:00 -07:00
src verify_cert: enforce maximum number of signatures. 2023-08-30 14:08:00 -07:00
tests Revert main branch crate contents to the 0.22.0 release contents. 2023-08-30 08:31:51 -07:00
third-party/chromium Remove unused annotate_test_data.py script. 2017-02-07 11:42:44 -10:00
.gitattributes Treat *.der as binary in .gitattributes. 2016-11-21 12:30:09 -10:00
.gitignore Add IntelliJ IDEA stuff to .gitignore. 2017-04-27 12:53:54 -10:00
Cargo.toml verify_cert: enforce maximum number of signatures. 2023-08-30 14:08:00 -07:00
LICENSE Import Chromium's |verify_signed_data| test data. 2015-08-27 10:23:28 -07:00
README.md Remove outdated "Online Automated Testing" section of README.md. 2020-12-29 18:05:10 -08:00
deny.toml CI: Use Ubuntu 22.04 on GitHub Actions & update Clippy config. 2023-08-29 17:47:00 -07:00
rustfmt.toml Remove use of unstable features from rustfmt.toml. 2020-12-29 13:09:55 -08:00

README.md

THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

What is webpki?

webpki is a library that validates Web PKI (TLS/SSL) certificates. webpki is designed to provide a full implementation of the client side of the Web PKI to a diverse range of applications and devices, including embedded (IoT) applications, mobile apps, desktop applications, and server infrastructure. webpki is intended to not only be the best implementation of the Web PKI, but to also precisely define what the Web PKI is.

webpki is written in Rust and uses ring for signature verification.

webpki is strongly influenced by mozilla::pkix. You can read a little about the ideas underlying both mozilla::pkix and webpki in insanity::pkix: A New Certificate Path Building & Validation Library.

The Rust compiler statically guarantees there are no buffer overflows, uses-after-free, double-frees, data races, etc. in webpki. webpki takes advantage of Rust's borrow checker to ensure that its zero-copy parsing strategy is safe and efficient. webpki never allocates memory on the heap, and it maintains a tight bound on the amount of stack memory it uses. webpki avoids all superfluous PKIX features in order to keep its object code size small. Further reducing the code size of webpki is an important goal.

This release is the very first prototype. Lots of improvements are planned, including:

  • An extensive automated test suite.
  • Key pinning.
  • Certificate Transparency support.
  • Short-lived certificate, OCSP stapling, and CRLSet support.
  • Customization of the supported algorithms, key sizes, and elliptic curves allowed during a validation.
  • A C language wrapper interface to allow using webpki in non-Rust applications.
  • A specification of precisely what the Web PKI is.

Demo

See https://github.com/ctz/rustls#example-code for an example of using webpki.

License

See LICENSE. This project happily accepts pull requests without any formal copyright/contributor license agreement. Pull requests must explicitly indicate who owns the copyright to the code being contributed and that the code is being licensed under the same terms as the existing webpki code.

Bug Reporting

Please report bugs either as pull requests or as issues in the issue tracker. webpki has a full disclosure vulnerability policy. Please do NOT attempt to report any security vulnerability in this code privately to anybody.