Move DN upper bound function to X509_DN static function

Avoids another public header, and it just makes sense that it be
declared there.

5 files changed, 17 insertions, 32 deletions

diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp
index 1561a10f9..d07344aae 100644
--- a/src/lib/x509/x509_dn.cpp
+++ b/src/lib/x509/x509_dn.cpp
@@ -11,7 +11,6 @@
 #include <botan/parsing.h>
 #include <botan/internal/stl_util.h>
 #include <botan/oids.h>
-#include <botan/x509_dn_ub.h>
 #include <ostream>
 #include <cctype>
 
diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h
index cbd89de7c..88117a110 100644
--- a/src/lib/x509/x509_dn.h
+++ b/src/lib/x509/x509_dn.h
@@ -1,6 +1,7 @@
 /*
 * X.509 Distinguished Name
 * (C) 1999-2010 Jack Lloyd
+* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
 *
 * Botan is released under the Simplified BSD License (see license.txt)
 */
@@ -38,6 +39,15 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object
 
       static std::string deref_info_field(const std::string& key);
 
+      /**
+      * Lookup upper bounds in characters for the length of distinguished name fields
+      * as given in RFC 5280, Appendix A.
+      *
+      * @param oid the oid of the DN to lookup
+      * @return the upper bound, or zero if no ub is known to Botan
+      */
+      static size_t lookup_ub(const OID& oid);
+
       /*
       * Return the BER encoded data, if any
       */
diff --git a/src/lib/x509/x509_dn_ub.cpp b/src/lib/x509/x509_dn_ub.cpp
index 20c88d97e..cf8714320 100644
--- a/src/lib/x509/x509_dn_ub.cpp
+++ b/src/lib/x509/x509_dn_ub.cpp
@@ -1,7 +1,7 @@
 /*
 * DN_UB maps: Upper bounds on the length of DN strings
 *
-* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20
+* This file was automatically generated by ./src/scripts/oids.py on 2017-12-23
 *
 * All manual edits to this file will be lost. Edit the script
 * then regenerate this source file.
@@ -9,10 +9,9 @@
 * Botan is released under the Simplified BSD License (see license.txt)
 */
 
+#include <botan/x509_dn.h>
 #include <botan/asn1_oid.h>
-#include <botan/x509_dn_ub.h>
 #include <map>
-#include <stdint.h>
 
 namespace {
 /**
@@ -42,7 +41,8 @@ static const std::map<Botan::OID, size_t> DN_UB =
 
 namespace Botan {
 
-size_t lookup_ub(const OID& oid)
+//static
+size_t X509_DN::lookup_ub(const OID& oid)
    {
    auto ub_entry = DN_UB.find(oid);
    if(ub_entry != DN_UB.end())
@@ -51,7 +51,7 @@ size_t lookup_ub(const OID& oid)
       }
    else
       {
-      return SIZE_MAX;
+      return 0;
       }
    }
 }
diff --git a/src/lib/x509/x509_dn_ub.h b/src/lib/x509/x509_dn_ub.h
deleted file mode 100644
index b4433eb53..000000000
--- a/src/lib/x509/x509_dn_ub.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-#ifndef BOTAN_X509_DN_UB_H_
-#define BOTAN_X509_DN_UB_H_
-
-#include <botan/asn1_oid.h>
-
-namespace Botan {
-
-/**
-* Lookup upper bounds in characters for the length of distinguished name fields
-* as given in RFC 5280, Appendix A.
-*
-* @param oid the oid of the DN to lookup
-* @return the upper bound, or SIZE_MAX if no ub is known to Botan
-*/
-size_t lookup_ub(const OID& oid);
-
-}
-
-#endif
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 1ee4385fd..168acf144 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -8,7 +8,6 @@
 
 #include <botan/x509path.h>
 #include <botan/x509_ext.h>
-#include <botan/x509_dn_ub.h>
 #include <botan/pk_keys.h>
 #include <botan/ocsp.h>
 #include <botan/oids.h>
@@ -95,8 +94,9 @@ PKIX::check_chain(const std::vector<std::shared_ptr<const X509_Certificate>>& ce
       // Check the subject's DN components' length
       for(const auto& dn_pair : subject->subject_dn().get_attributes())
          {
+         const size_t dn_ub = X509_DN::lookup_ub(dn_pair.first);
          // dn_pair = <OID,str>
-         if(lookup_ub(dn_pair.first) < dn_pair.second.size())
+         if(dn_ub > 0 && dn_pair.second.size() > dn_ub)
             {
             status.insert(Certificate_Status_Code::DN_TOO_LONG);
             }