From 8028a514303f7cbc818094c05df33d1bbb3adb5a Mon Sep 17 00:00:00 2001
From: Roland Shoemaker <roland@golang.org>
Date: Mon, 23 Mar 2026 12:09:47 -0700
Subject: [release-branch.go1.26] crypto/x509: hoist policy pruning out of loop

We only need to do this once, not once per mapping.

Thanks to Jakub Ciolek for reporting this issue.

Updates #78281
Fixes #78360
Fixes CVE-2026-32281

Change-Id: Ic26f5f14d2a5e42ca8c24b8ae47bc3c5cc601863
Reviewed-on: https://go-review.googlesource.com/c/go/+/758061
Reviewed-by: Damien Neil <dneil@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Neal Patel <nealpatel@google.com>
Reviewed-by: Jakub Ciolek <jakub@ciolek.dev>
(cherry picked from commit 312541b783ceae00471573da83367cae26ca255b)
Reviewed-on: https://go-review.googlesource.com/c/go/+/759220
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
---
 src/crypto/x509/verify.go | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index 3d9c115dba..5f4fc0b6f3 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -1284,12 +1284,12 @@ func policiesValid(chain []*Certificate, opts VerifyOptions) bool {
 						} else {
 							// 6.1.4 (b) (3) (i) -- as updated by RFC 9618
 							pg.deleteLeaf(mapping.IssuerDomainPolicy)
-
-							// 6.1.4 (b) (3) (ii) -- as updated by RFC 9618
-							pg.prune()
 						}
 					}
 
+					// 6.1.4 (b) (3) (ii) -- as updated by RFC 9618
+					pg.prune()
+
 					for issuerStr, subjectPolicies := range mappings {
 						// 6.1.4 (b) (1) -- as updated by RFC 9618
 						if matching := pg.leafWithPolicy(OID{der: []byte(issuerStr)}); matching != nil {
-- 
cgit v1.3