The vulnerability CVE-2023-0464 concerns excessive resource consumption during X.509 certificate policy chain verification, leading to a Denial of Service. This occurs due to the potentially exponential growth of the policy tree when policy constraints are processed. The provided patches (e.g., 2017771e2db3e2b96f89bbe8766c3209f6a99545 for one branch, 2dcd4f1e3115f38cefa43e3efbe9b801c27e642e for another) address this by introducing a maximum limit on the number of nodes (node_maximum) in the policy tree structure (X509_POLICY_TREE_st) and checking this limit before adding new nodes.

The core of the vulnerability lies in the functions directly responsible for adding nodes to this tree. Before the patches, these functions did not check if adding a new node would exceed a predefined maximum. A malicious certificate chain could thereby cause the tree to grow excessively large.

The functions ossl_policy_level_add_node (found in crypto/x509/pcy_node.c) and level_add_node (found in crypto/x509v3/pcy_node.c for a different OpenSSL version/branch) are the specific functions modified to include this crucial check (if (tree->node_maximum > 0 && tree->node_count >= tree->node_maximum) return NULL;) and to increment the tree->node_count. The absence of this check in their previous versions constitutes the vulnerability. These functions would be repeatedly called during the processing of a malicious certificate chain when policy processing is enabled (e.g., via X509_VERIFY_PARAM_set1_policies() or the -policy command-line argument), leading to the Denial of Service. Therefore, these are identified as the vulnerable functions.