git.feebdaed.xyz Git - 0xmirror/go.git/commit

author	Roland Shoemaker <roland@golang.org>
	Fri, 26 Sep 2025 02:13:23 +0000 (19:13 -0700)
committer	Gopher Robot <gobot@golang.org>
	Tue, 25 Nov 2025 16:54:23 +0000 (08:54 -0800)
commit	12d437c09a2ea871333547c8ac3ea536f433891b
tree	59ce20e8b5ff372e1511c214bd6933b5d29129f8	tree \| snapshot
parent	ed4deb157eb044bab58e23928830a26faf438958	commit \| diff

crypto/x509: sub-quadratic name constraint checking

Previously, we implemented ~quadratic name constraint checking, wherein
we would check every SAN against every respective constraint in the
chain. This is the technique _basically everyone_ implements, because
it's easy, but it requires also capping the total number of constraint
checking operations to prevent denial of service.

Instead, this change implements a log-linear checking technique, as
originally described by davidben@google.com with some minor
modifications. The comment at the top of crypto/x509/constraints.go
describes this technique in detail.

This technique is faster than the existing quadratic approach in all but
one specific case, where there are a large number of constraints but
only a single name, since our previous algorithm resolves to linear in
that case.

Change-Id: Icb761f5f9898c04e266c0d0c2b07ab2637f03418
Reviewed-on: https://go-review.googlesource.com/c/go/+/711421
Reviewed-by: Nicholas Husin <nsh@golang.org>
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Roland Shoemaker <roland@golang.org>
Reviewed-by: Nicholas Husin <husin@google.com>

src/crypto/x509/constraints.go	[new file with mode: 0644]	blob
src/crypto/x509/verify.go		diff \| blob \| history
src/crypto/x509/verify_test.go		diff \| blob \| history