aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/x509
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/x509')
-rw-r--r--src/lib/x509/x509_dn.cpp1
-rw-r--r--src/lib/x509/x509_dn.h10
-rw-r--r--src/lib/x509/x509_dn_ub.cpp10
-rw-r--r--src/lib/x509/x509_dn_ub.h24
-rw-r--r--src/lib/x509/x509path.cpp4
5 files changed, 17 insertions, 32 deletions
diff --git a/src/lib/x509/x509_dn.cpp b/src/lib/x509/x509_dn.cpp
index 1561a10f9..d07344aae 100644
--- a/src/lib/x509/x509_dn.cpp
+++ b/src/lib/x509/x509_dn.cpp
@@ -11,7 +11,6 @@
#include <botan/parsing.h>
#include <botan/internal/stl_util.h>
#include <botan/oids.h>
-#include <botan/x509_dn_ub.h>
#include <ostream>
#include <cctype>
diff --git a/src/lib/x509/x509_dn.h b/src/lib/x509/x509_dn.h
index cbd89de7c..88117a110 100644
--- a/src/lib/x509/x509_dn.h
+++ b/src/lib/x509/x509_dn.h
@@ -1,6 +1,7 @@
/*
* X.509 Distinguished Name
* (C) 1999-2010 Jack Lloyd
+* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
*
* Botan is released under the Simplified BSD License (see license.txt)
*/
@@ -38,6 +39,15 @@ class BOTAN_PUBLIC_API(2,0) X509_DN final : public ASN1_Object
static std::string deref_info_field(const std::string& key);
+ /**
+ * Lookup upper bounds in characters for the length of distinguished name fields
+ * as given in RFC 5280, Appendix A.
+ *
+ * @param oid the oid of the DN to lookup
+ * @return the upper bound, or zero if no ub is known to Botan
+ */
+ static size_t lookup_ub(const OID& oid);
+
/*
* Return the BER encoded data, if any
*/
diff --git a/src/lib/x509/x509_dn_ub.cpp b/src/lib/x509/x509_dn_ub.cpp
index 20c88d97e..cf8714320 100644
--- a/src/lib/x509/x509_dn_ub.cpp
+++ b/src/lib/x509/x509_dn_ub.cpp
@@ -1,7 +1,7 @@
/*
* DN_UB maps: Upper bounds on the length of DN strings
*
-* This file was automatically generated by ./src/scripts/oids.py on 2017-12-20
+* This file was automatically generated by ./src/scripts/oids.py on 2017-12-23
*
* All manual edits to this file will be lost. Edit the script
* then regenerate this source file.
@@ -9,10 +9,9 @@
* Botan is released under the Simplified BSD License (see license.txt)
*/
+#include <botan/x509_dn.h>
#include <botan/asn1_oid.h>
-#include <botan/x509_dn_ub.h>
#include <map>
-#include <stdint.h>
namespace {
/**
@@ -42,7 +41,8 @@ static const std::map<Botan::OID, size_t> DN_UB =
namespace Botan {
-size_t lookup_ub(const OID& oid)
+//static
+size_t X509_DN::lookup_ub(const OID& oid)
{
auto ub_entry = DN_UB.find(oid);
if(ub_entry != DN_UB.end())
@@ -51,7 +51,7 @@ size_t lookup_ub(const OID& oid)
}
else
{
- return SIZE_MAX;
+ return 0;
}
}
}
diff --git a/src/lib/x509/x509_dn_ub.h b/src/lib/x509/x509_dn_ub.h
deleted file mode 100644
index b4433eb53..000000000
--- a/src/lib/x509/x509_dn_ub.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
-* (C) 2017 Fabian Weissberg, Rohde & Schwarz Cybersecurity
-*
-* Botan is released under the Simplified BSD License (see license.txt)
-*/
-#ifndef BOTAN_X509_DN_UB_H_
-#define BOTAN_X509_DN_UB_H_
-
-#include <botan/asn1_oid.h>
-
-namespace Botan {
-
-/**
-* Lookup upper bounds in characters for the length of distinguished name fields
-* as given in RFC 5280, Appendix A.
-*
-* @param oid the oid of the DN to lookup
-* @return the upper bound, or SIZE_MAX if no ub is known to Botan
-*/
-size_t lookup_ub(const OID& oid);
-
-}
-
-#endif
diff --git a/src/lib/x509/x509path.cpp b/src/lib/x509/x509path.cpp
index 1ee4385fd..168acf144 100644
--- a/src/lib/x509/x509path.cpp
+++ b/src/lib/x509/x509path.cpp
@@ -8,7 +8,6 @@
#include <botan/x509path.h>
#include <botan/x509_ext.h>
-#include <botan/x509_dn_ub.h>
#include <botan/pk_keys.h>
#include <botan/ocsp.h>
#include <botan/oids.h>
@@ -95,8 +94,9 @@ PKIX::check_chain(const std::vector<std::shared_ptr<const X509_Certificate>>& ce
// Check the subject's DN components' length
for(const auto& dn_pair : subject->subject_dn().get_attributes())
{
+ const size_t dn_ub = X509_DN::lookup_ub(dn_pair.first);
// dn_pair = <OID,str>
- if(lookup_ub(dn_pair.first) < dn_pair.second.size())
+ if(dn_ub > 0 && dn_pair.second.size() > dn_ub)
{
status.insert(Certificate_Status_Code::DN_TOO_LONG);
}