Expand WOLFSSL_NO_CRL_DATE_CHECK to the process cert CRL next date check. Fix typo for DEBUG_CRYPTOCB. Add comments for wc_ValidateDate arguments. Improve linker script example for FIPS to put stdlib before FIPS and not force KEEP.

dgarske · dgarske · commit 434526c34502 · 2023-12-07T14:45:16.000-08:00
diff --git a/IDE/GCC-ARM/linker_fips.ld b/IDE/GCC-ARM/linker_fips.ld
@@ -54,23 +54,23 @@ SECTIONS
         . = ALIGN(4);
     } > FLASH
 
-    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing 
+    /* Custom section for wolfCrypt and LibC to prevent FIPS hash from changing
         when application code changes are made */
     .wolfCryptNonFIPS_text :
     {
         . = ALIGN(4);
-        KEEP(*wolf*src*.o(.text .text*))
         lib_a* ( .text .text*)
+        *wolf*src*.o(.text .text*)
         . = ALIGN(4);
     } > FLASH
     .wolfCryptNonFIPS_rodata :
     {
         . = ALIGN(4);
-        KEEP(*wolf*src*.o(.rodata .rodata*))
         lib_a* (.rodata .rodata*)
+        *wolf*src*.o(.rodata .rodata*)
         . = ALIGN(4);
     } > FLASH
-    
+
 	.sys    : { *(.sys*) }    > FLASH
     .text   : { *(.text*) }   > FLASH
     .rodata : { *(.text*) }   > FLASH
diff --git a/src/crl.c b/src/crl.c
@@ -393,7 +393,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,
             if (crle->nextDateFormat != ASN_OTHER_TYPE)
         #endif
             {
-            #ifndef NO_ASN_TIME
+            #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)
                 if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {
                     WOLFSSL_MSG("CRL next date is no longer valid");
                     ret = ASN_AFTER_DATE_E;
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
@@ -14707,6 +14707,9 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)
 
 /* like atoi but only use first byte */
 /* Make sure before and after dates are valid */
+/* date = ASN.1 raw */
+/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */
+/* dateType = AFTER or BEFORE */
 int wc_ValidateDate(const byte* date, byte format, int dateType)
 {
     time_t ltime;
diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c
@@ -33,7 +33,7 @@
  * WOLF_CRYPTO_CB_CMD
  *
  * enable debug InfoString functions
- * DEBUG_CRYPTO_CB
+ * DEBUG_CRYPTOCB
  */
 
 #ifdef HAVE_CONFIG_H

Original file line number	Diff line number	Diff line change
`@@ -393,7 +393,7 @@ static int CheckCertCRLList(WOLFSSL_CRL* crl, byte* issuerHash, byte* serial,`
`393`	`393`	`if (crle->nextDateFormat != ASN_OTHER_TYPE)`
`394`	`394`	`#endif`
`395`	`395`	`{`
`396`		`- #ifndef NO_ASN_TIME`
	`396`	`+ #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_CRL_DATE_CHECK)`
`397`	`397`	`if (!XVALIDATE_DATE(crle->nextDate,crle->nextDateFormat, AFTER)) {`
`398`	`398`	`WOLFSSL_MSG("CRL next date is no longer valid");`
`399`	`399`	`ret = ASN_AFTER_DATE_E;`
Original file line number	Diff line number	Diff line change
`@@ -14707,6 +14707,9 @@ static WC_INLINE int DateLessThan(const struct tm* a, const struct tm* b)`
`14707`	`14707`
`14708`	`14708`	`/* like atoi but only use first byte */`
`14709`	`14709`	`/* Make sure before and after dates are valid */`
	`14710`	`+/* date = ASN.1 raw */`
	`14711`	`+/* format = ASN_UTC_TIME or ASN_GENERALIZED_TIME */`
	`14712`	`+/* dateType = AFTER or BEFORE */`
`14710`	`14713`	`int wc_ValidateDate(const byte* date, byte format, int dateType)`
`14711`	`14714`	`{`
`14712`	`14715`	`time_t ltime;`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@`
`33`	`33`	`* WOLF_CRYPTO_CB_CMD`
`34`	`34`	`*`
`35`	`35`	`* enable debug InfoString functions`
`36`		`- * DEBUG_CRYPTO_CB`
	`36`	`+ * DEBUG_CRYPTOCB`
`37`	`37`	`*/`
`38`	`38`
`39`	`39`	`#ifdef HAVE_CONFIG_H`