verify_cert: enforce maximum number of signatures.

[cpu]

Pathbuilding complexity can be quadratic, particularly when the set of intermediates all have subjects matching a trust anchor. In these cases we need to bound the number of expensive signature validation operations that are performed to avoid a DoS on CPU usage.

This commit implements a simple maximum signature check limit inspired by the approach taken in the Golang x509 package. No more than 100 signatures will be evaluated while pathbuilding. This limit works in practice for Go when processing real world certificate chains and so should be appropriate for our use case as well.

Without the limit in place, the test_too_many_signatures unit test has very long runtime and quickly pegs my local CPU. With the limit in place the test returns the expected error quickly.

[codecov]

Codecov Report

Merging #152 (abbb05f) into main (eb1a4dd) will increase coverage by 0.08%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##             main     #152      +/-   ##
==========================================
+ Coverage   96.46%   96.54%   +0.08%     
==========================================
  Files          15       15              
  Lines        4304     4376      +72     
==========================================
+ Hits         4152     4225      +73     
+ Misses        152      151       -1     

Files Changed	Coverage Δ
src/error.rs	55.10% <100.00%> (+0.93%)	⬆️
src/verify_cert.rs	97.31% <100.00%> (+0.70%)	⬆️

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[ctz]

lgtm!