diff options
Diffstat (limited to 'src/lib/x509')
-rw-r--r-- | src/lib/x509/x509_dn.cpp | 1 | ||||
-rw-r--r-- | src/lib/x509/x509_dn.h | 10 | ||||
-rw-r--r-- | src/lib/x509/x509_dn_ub.cpp | 10 | ||||
-rw-r--r-- | src/lib/x509/x509_dn_ub.h | 24 | ||||
-rw-r--r-- | src/lib/x509/x509path.cpp | 4 |
5 files changed, 17 insertions, 32 deletions
diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp index 1561a10f9..d07344aae 100644 --- a/src/lib/x509/x509_dn.cpp +++ b/src/lib/x509/x509_dn.cpp @@ -11,7 +11,6 @@ #include <botan/parsing.h> #include <botan/internal/stl_util.h> #include <botan/oids.h> -#include <botan/x509_dn_ub.h> #include <ostream> #include <cctype> diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h index cbd89de7c..88117a110 100644 --- a/src/lib/x509/x509_dn.h +++ b/src/lib/x509/x509_dn.h @@ -1,6 +1,7 @@ /* * X.509 Distinguished Name * (C) 1999-2010 Jack Lloyd +* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity * * Botan is released under the Simplified BSD License (see license.txt) */ @@ -38,6 +39,15 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object static std::string deref_info_field(const std::string& key); + /** + * Lookup upper bounds in characters for the length of distinguished name fields + * as given in RFC 5280, Appendix A. + * + * @param oid the oid of the DN to lookup + * @return the upper bound, or zero if no ub is known to Botan + */ + static size_t lookup_ub(const OID& oid); + /* * Return the BER encoded data, if any */ diff --git a/src/lib/x509/x509_dn_ub.cpp b/src/lib/x509/x509_dn_ub.cpp index 20c88d97e..cf8714320 100644 --- a/src/lib/x509/x509_dn_ub.cpp +++ b/src/lib/x509/x509_dn_ub.cpp @@ -1,7 +1,7 @@ /* * DN_UB maps: Upper bounds on the length of DN strings * -* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20 +* This file was automatically generated by ./src/scripts/oids.py on 2017-12-23 * * All manual edits to this file will be lost. Edit the script * then regenerate this source file. @@ -9,10 +9,9 @@ * Botan is released under the Simplified BSD License (see license.txt) */ +#include <botan/x509_dn.h> #include <botan/asn1_oid.h> -#include <botan/x509_dn_ub.h> #include <map> -#include <stdint.h> namespace { /** @@ -42,7 +41,8 @@ static const std::map<Botan::OID, size_t> DN_UB = namespace Botan { -size_t lookup_ub(const OID& oid) +//static +size_t X509_DN::lookup_ub(const OID& oid) { auto ub_entry = DN_UB.find(oid); if(ub_entry != DN_UB.end()) @@ -51,7 +51,7 @@ size_t lookup_ub(const OID& oid) } else { - return SIZE_MAX; + return 0; } } } diff --git a/src/lib/x509/x509_dn_ub.h b/src/lib/x509/x509_dn_ub.h deleted file mode 100644 index b4433eb53..000000000 --- a/src/lib/x509/x509_dn_ub.h +++ /dev/null @@ -1,24 +0,0 @@ -/* -* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity -* -* Botan is released under the Simplified BSD License (see license.txt) -*/ -#ifndef BOTAN_X509_DN_UB_H_ -#define BOTAN_X509_DN_UB_H_ - -#include <botan/asn1_oid.h> - -namespace Botan { - -/** -* Lookup upper bounds in characters for the length of distinguished name fields -* as given in RFC 5280, Appendix A. -* -* @param oid the oid of the DN to lookup -* @return the upper bound, or SIZE_MAX if no ub is known to Botan -*/ -size_t lookup_ub(const OID& oid); - -} - -#endif diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp index 1ee4385fd..168acf144 100644 --- a/src/lib/x509/x509path.cpp +++ b/src/lib/x509/x509path.cpp @@ -8,7 +8,6 @@ #include <botan/x509path.h> #include <botan/x509_ext.h> -#include <botan/x509_dn_ub.h> #include <botan/pk_keys.h> #include <botan/ocsp.h> #include <botan/oids.h> @@ -95,8 +94,9 @@ PKIX::check_chain(const std::vector<std::shared_ptr<const X509_Certificate>>& ce // Check the subject's DN components' length for(const auto& dn_pair : subject->subject_dn().get_attributes()) { + const size_t dn_ub = X509_DN::lookup_ub(dn_pair.first); // dn_pair = <OID,str> - if(lookup_ub(dn_pair.first) < dn_pair.second.size()) + if(dn_ub > 0 && dn_pair.second.size() > dn_ub) { status.insert(Certificate_Status_Code::DN_TOO_LONG); } |