Home Explore Help
Register Sign In
OWEALs
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
2
0
Fork 0
Files Issues 8 Wiki
Browse Source

Expand `WOLFSSL_NO_CRL_DATE_CHECK` to the process cert CRL next date check. Fix typo for DEBUG_CRYPTOCB. Add comments for `wc_ValidateDate` arguments. Improve linker script example for FIPS to put stdlib before FIPS and not force KEEP.

David Garske 4 months ago
parent
2c9208b0c6
commit
434526c345
4 changed files with 9 additions and 6 deletions
Split View Show Diff Stats
  1. 4 4
      IDE/GCC-ARM/linker_fips.ld
  2. 1 1
      src/crl.c
  3. 3 0
      wolfcrypt/src/asn.c
  4. 1 1
      wolfcrypt/src/cryptocb.c

+ 4 - 4
IDE/GCC-ARM/linker_fips.ld
View File 

@@ -54,23 +54,23 @@ SECTIONS
 
         . = ALIGN(4);
 
     } > FLASH
 
 
-    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing 
+    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing
 
         when application code changes are made */
 
     .wolfCryptNonFIPS_text :
 
     {
 
         . = ALIGN(4);
 
-        KEEP(*wolf*src*.o(.text .text*))
 
         lib_a* ( .text .text*)
 
+        *wolf*src*.o(.text .text*)
 
         . = ALIGN(4);
 
     } > FLASH
 
     .wolfCryptNonFIPS_rodata :
 
     {
 
         . = ALIGN(4);
 
-        KEEP(*wolf*src*.o(.rodata .rodata*))
 
         lib_a* (.rodata .rodata*)
 
+        *wolf*src*.o(.rodata .rodata*)
 
         . = ALIGN(4);
 
     } > FLASH
 
-    
+
 
 	.sys    : { *(.sys*) }    > FLASH
 
     .text   : { *(.text*) }   > FLASH
 
     .rodata : { *(.text*) }   > FLASH

+ 1 - 1
src/crl.c
View File 

@@ -393,7 +393,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
 
             if (crle->nextDateFormat != ASN_OTHER_TYPE)
 
         #endif
 
             {
 
-            #ifndef NO_ASN_TIME
 
+            #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
 
                 if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
 
                     WOLFSSL_MSG("CRL next date is no longer valid");
 
                     ret = ASN_AFTER_DATE_E;

+ 3 - 0
wolfcrypt/src/asn.c
View File 

@@ -14707,6 +14707,9 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
 
 
 /* like atoi but only use first byte */
 
 /* Make sure before and after dates are valid */
 
+/* date = ASN.1 raw */
 
+/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
 
+/* dateType = AFTER or BEFORE */
 
 int wc_ValidateDate(const byte* date, byte format, int dateType)
 
 {
 
     time_t ltime;

+ 1 - 1
wolfcrypt/src/cryptocb.c
View File 

@@ -33,7 +33,7 @@
 
  * WOLF_CRYPTO_CB_CMD
 
  *
 
  * enable debug InfoString functions
 
- * DEBUG_CRYPTO_CB
 
+ * DEBUG_CRYPTOCB
 
  */
 
 
 #ifdef HAVE_CONFIG_H