Add POLARSSL_X509_MAX_INTERMEDIATE_CA

ChangeLog

@@ -22,6 +22,8 @@ Bugfix
 Changes
    * Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
    * Forbid repeated extensions in X.509 certificates.
+   * Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
+     length of an X.509 verification chain (default = 8).
 
 = Version 1.2.12 released 2014-10-24
 

include/polarssl/config.h

@@ -1021,6 +1021,10 @@
 //
 #define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
 
+// X509 options
+//
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA   8 /**< Maximum number of intermediate CAs in a verification chain. */
+
 #endif /* POLARSSL_CONFIG_OPTIONS */
 
 /* \} name */

include/polarssl/x509.h

@@ -36,6 +36,18 @@
  * \{ 
  */
  
+#if !defined(POLARSSL_CONFIG_OPTIONS)
+/**
+ * Maximum number of intermediate CAs in a verification chain.
+ * That is, maximum length of the chain, excluding the end-entity certificate
+ * and the trusted root certificate.
+ *
+ * Set this to a low value to prevent an adversary from making you waste
+ * resources verifying an overlong certificate chain.
+ */
+#define POLARSSL_X509_MAX_INTERMEDIATE_CA   8
+#endif
+
 /** 
  * \name X509 Error codes
  * \{

library/x509parse.c

@@ -3502,6 +3502,13 @@ static int x509parse_verify_child(
     unsigned char hash[64];
     x509_cert *grandparent;
 
+    /* path_cnt is 0 for the first intermediate CA */
+    if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
+    {
+        *flags |= BADCERT_NOT_TRUSTED;
+        return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
+    }
+
     if( x509parse_time_expired( &child->valid_to ) )
         *flags |= BADCERT_EXPIRED;