forked from wolfSSL/wolfssl
Expand WOLFSSL_NO_CRL_DATE_CHECK to the process cert CRL next date check. Fix typo for DEBUG_CRYPTOCB. Add comments for wc_ValidateDate arguments. Improve linker script example for FIPS to put stdlib before FIPS and not force KEEP.
This commit is contained in:
David Garske
@@ -54,23 +54,23 @@ SECTIONS
|
|||||||
. = ALIGN(4);
|
. = ALIGN(4);
|
||||||
} > FLASH
|
} > FLASH
|
||||||
|
|
||||||
/* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing
|
/* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing
|
||||||
when application code changes are made */
|
when application code changes are made */
|
||||||
.wolfCryptNonFIPS_text :
|
.wolfCryptNonFIPS_text :
|
||||||
{
|
{
|
||||||
. = ALIGN(4);
|
. = ALIGN(4);
|
||||||
KEEP(*wolf*src*.o(.text .text*))
|
|
||||||
lib_a* ( .text .text*)
|
lib_a* ( .text .text*)
|
||||||
|
*wolf*src*.o(.text .text*)
|
||||||
. = ALIGN(4);
|
. = ALIGN(4);
|
||||||
} > FLASH
|
} > FLASH
|
||||||
.wolfCryptNonFIPS_rodata :
|
.wolfCryptNonFIPS_rodata :
|
||||||
{
|
{
|
||||||
. = ALIGN(4);
|
. = ALIGN(4);
|
||||||
KEEP(*wolf*src*.o(.rodata .rodata*))
|
|
||||||
lib_a* (.rodata .rodata*)
|
lib_a* (.rodata .rodata*)
|
||||||
|
*wolf*src*.o(.rodata .rodata*)
|
||||||
. = ALIGN(4);
|
. = ALIGN(4);
|
||||||
} > FLASH
|
} > FLASH
|
||||||
|
|
||||||
.sys : { *(.sys*) } > FLASH
|
.sys : { *(.sys*) } > FLASH
|
||||||
.text : { *(.text*) } > FLASH
|
.text : { *(.text*) } > FLASH
|
||||||
.rodata : { *(.text*) } > FLASH
|
.rodata : { *(.text*) } > FLASH
|
||||||
|
|||||||
@@ -393,7 +393,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
|
|||||||
if (crle->nextDateFormat != ASN_OTHER_TYPE)
|
if (crle->nextDateFormat != ASN_OTHER_TYPE)
|
||||||
#endif
|
#endif
|
||||||
{
|
{
|
||||||
#ifndef NO_ASN_TIME
|
#if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
|
||||||
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
|
if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
|
||||||
WOLFSSL_MSG("CRL next date is no longer valid");
|
WOLFSSL_MSG("CRL next date is no longer valid");
|
||||||
ret = ASN_AFTER_DATE_E;
|
ret = ASN_AFTER_DATE_E;
|
||||||
|
|||||||
@@ -14707,6 +14707,9 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
|
|||||||
|
|
||||||
/* like atoi but only use first byte */
|
/* like atoi but only use first byte */
|
||||||
/* Make sure before and after dates are valid */
|
/* Make sure before and after dates are valid */
|
||||||
|
/* date = ASN.1 raw */
|
||||||
|
/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
|
||||||
|
/* dateType = AFTER or BEFORE */
|
||||||
int wc_ValidateDate(const byte* date, byte format, int dateType)
|
int wc_ValidateDate(const byte* date, byte format, int dateType)
|
||||||
{
|
{
|
||||||
time_t ltime;
|
time_t ltime;
|
||||||
|
|||||||
@@ -33,7 +33,7 @@
|
|||||||
* WOLF_CRYPTO_CB_CMD
|
* WOLF_CRYPTO_CB_CMD
|
||||||
*
|
*
|
||||||
* enable debug InfoString functions
|
* enable debug InfoString functions
|
||||||
* DEBUG_CRYPTO_CB
|
* DEBUG_CRYPTOCB
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#ifdef HAVE_CONFIG_H
|
#ifdef HAVE_CONFIG_H
|
||||||
|
|||||||
Reference in New Issue
Block a user