Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OpenSSL Implementation of ValidateCertificateChain(). #18125

Merged
merged 1 commit into from
May 10, 2022
Merged

Fix OpenSSL Implementation of ValidateCertificateChain(). #18125

merged 1 commit into from
May 10, 2022

Conversation

emargolis
Copy link
Contributor

Problem

In the OpenSSL Implementation of ValidateCertificateChain() function the
intermediate certificate is loaded as a trusted certificate, which opens
door to various security attacks.

Change overview

Updated implementation: now loading intermediate certificate as
untrusted certificate part of cert chain.

Testing

Added test case that would identify this issue in the previous implementation.

all existing tests

@boring-cyborg boring-cyborg bot added the crypto label May 5, 2022
@github-actions
Copy link

github-actions bot commented May 5, 2022
edited
Loading

PR #18125: Size comparison from 8faa780 to cb7351f

Increases above 0.2%:

platform target config section 8faa780 cb7351f change % change
linux chip-tool debug .got 4952 4968 16 0.3
tv-app debug .got 4696 4712 16 0.3
Increases (2 builds for linux)
platform target config section 8faa780 cb7351f change % change
linux chip-tool debug (read only) 8981461 8981821 360 0.0
.got 4952 4968 16 0.3
.text 7193429 7193589 160 0.0
tv-app debug (read only) 2850417 2850793 376 0.0
.got 4696 4712 16 0.3
.text 2449650 2449826 176 0.0
Full report (34 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 8faa780 cb7351f change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 690947 690947 0 0.0
(read/write) 161404 161404 0 0.0
.bss 75332 75332 0 0.0
.data 3412 3412 0 0.0
.rodata 102979 102979 0 0.0
.text 587484 587484 0 0.0
lock-ftd LP_CC2652R7 (read only) 678503 678503 0 0.0
(read/write) 164952 164952 0 0.0
.bss 73492 73492 0 0.0
.data 3236 3236 0 0.0
.rodata 94767 94767 0 0.0
.text 583256 583256 0 0.0
lock-mtd LP_CC2652R7 (read only) 627255 627255 0 0.0
(read/write) 146308 146308 0 0.0
.bss 69212 69212 0 0.0
.data 3236 3236 0 0.0
.rodata 94647 94647 0 0.0
.text 532120 532120 0 0.0
pump-app LP_CC2652R7 (read only) 663051 663051 0 0.0
(read/write) 181700 181700 0 0.0
.bss 73764 73764 0 0.0
.data 3268 3268 0 0.0
.rodata 80971 80971 0 0.0
.text 581596 581596 0 0.0
pump-controller-app LP_CC2652R7 (read only) 655943 655943 0 0.0
(read/write) 188608 188608 0 0.0
.bss 73820 73820 0 0.0
.data 3232 3232 0 0.0
.rodata 83911 83911 0 0.0
.text 571548 571548 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 627602 627602 0 0.0
.app_xip_area 530184 530184 0 0.0
.bss 80060 80060 0 0.0
.data 708 708 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 626482 626482 0 0.0
.app_xip_area 530528 530528 0 0.0
.bss 78628 78628 0 0.0
.data 672 672 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 575242 575242 0 0.0
.app_xip_area 469572 469572 0 0.0
.bss 88048 88048 0 0.0
.data 584 584 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 910096 910096 0 0.0
(read/write) 134520 134520 0 0.0
.bss 132456 132456 0 0.0
.data 2064 2064 0 0.0
.text 910088 910088 0 0.0
BRD4161A+rpc (read only) 944440 944440 0 0.0
(read/write) 151208 151208 0 0.0
.bss 148936 148936 0 0.0
.data 2268 2268 0 0.0
.text 944432 944432 0 0.0
BRD4161A+rs911x (read only) 787304 787304 0 0.0
(read/write) 129780 129780 0 0.0
.bss 127708 127708 0 0.0
.data 2068 2068 0 0.0
.text 787296 787296 0 0.0
lock-app BRD4161A+wf200 (read only) 946436 946436 0 0.0
(read/write) 124268 124268 0 0.0
.bss 122244 122244 0 0.0
.data 2024 2024 0 0.0
.text 946428 946428 0 0.0
window-app BRD4161A (read only) 886516 886516 0 0.0
(read/write) 134468 134468 0 0.0
.bss 132416 132416 0 0.0
.data 2052 2052 0 0.0
.text 886508 886508 0 0.0
esp32 all-clusters-app c3devkit (read only) 1001030 1001030 0 0.0
(read/write) 1475354 1475354 0 0.0
.dram0.bss 68472 68472 0 0.0
.dram0.data 14444 14444 0 0.0
.flash.rodata 207984 207984 0 0.0
.flash.text 1001030 1001030 0 0.0
.iram0.text 62020 62020 0 0.0
m5stack (read only) 1056027 1056027 0 0.0
(read/write) 477768 477768 0 0.0
.dram0.bss 73984 73984 0 0.0
.dram0.data 34184 34184 0 0.0
.flash.rodata 237764 237764 0 0.0
.flash.text 1050643 1050643 0 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 685144 685144 0 0.0
.bss 81256 81256 0 0.0
.data 2020 2020 0 0.0
.text 600164 600164 0 0.0
lock k32w061+release (read/write) 730492 730492 0 0.0
.bss 81688 81688 0 0.0
.data 1980 1980 0 0.0
.text 645120 645120 0 0.0
linux all-clusters-app debug (read only) 2739609 2739609 0 0.0
(read/write) 174264 174264 0 0.0
.bss 83680 83680 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 82392 82392 0 0.0
.dynamic 608 608 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 1008 1008 0 0.0
.rodata 236005 236005 0 0.0
.text 2328402 2328402 0 0.0
bridge-app debug+rpc (read only) 1893745 1893745 0 0.0
(read/write) 120984 120984 0 0.0
.bss 71520 71520 0 0.0
.data 3488 3488 0 0.0
.data.rel.ro 40648 40648 0 0.0
.dynamic 592 592 0 0.0
.got 4032 4032 0 0.0
.init 27 27 0 0.0
.init_array 688 688 0 0.0
.rodata 161273 161273 0 0.0
.text 1609618 1609618 0 0.0
chip-tool debug (read only) 8981461 8981821 360 0.0
(read/write) 576944 576944 0 0.0
.bss 22816 22816 0 0.0
.data 1136 1136 0 0.0
.data.rel.ro 546728 546728 0 0.0
.dynamic 624 624 0 0.0
.got 4952 4968 16 0.3
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 464213 464213 0 0.0
.text 7193429 7193589 160 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 8820788 8820788 0 0.0
(read/write) 643137 643137 0 0.0
.bss 41105 41105 0 0.0
.data 1192 1192 0 0.0
.data.rel.ro 582048 582048 0 0.0
.dynamic 560 560 0 0.0
.got 14968 14968 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 431780 431780 0 0.0
.text 6929732 6929732 0 0.0
lighting-app debug+rpc (read only) 2327825 2327825 0 0.0
(read/write) 151936 151936 0 0.0
.bss 73568 73568 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 70568 70568 0 0.0
.dynamic 608 608 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 792 792 0 0.0
.rodata 185401 185401 0 0.0
.text 1975714 1975714 0 0.0
lock-app debug (read only) 2235121 2235121 0 0.0
(read/write) 146520 146520 0 0.0
.bss 72192 72192 0 0.0
.data 1568 1568 0 0.0
.data.rel.ro 67080 67080 0 0.0
.dynamic 592 592 0 0.0
.got 4312 4312 0 0.0
.init 27 27 0 0.0
.init_array 752 752 0 0.0
.rodata 195145 195145 0 0.0
.text 1879618 1879618 0 0.0
ota-provider-app debug (read only) 2063449 2063449 0 0.0
(read/write) 139632 139632 0 0.0
.bss 71680 71680 0 0.0
.data 1736 1736 0 0.0
.data.rel.ro 60440 60440 0 0.0
.dynamic 608 608 0 0.0
.got 4480 4480 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 176147 176147 0 0.0
.text 1729410 1729410 0 0.0
ota-requestor-app debug (read only) 2094593 2094593 0 0.0
(read/write) 142440 142440 0 0.0
.bss 72320 72320 0 0.0
.data 1992 1992 0 0.0
.data.rel.ro 62504 62504 0 0.0
.dynamic 592 592 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 172444 172444 0 0.0
.text 1762770 1762770 0 0.0
shell debug (read only) 2564585 2564585 0 0.0
(read/write) 198160 198160 0 0.0
.bss 114408 114408 0 0.0
.data 1376 1376 0 0.0
.data.rel.ro 76656 76656 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 217458 217458 0 0.0
.text 2185026 2185026 0 0.0
thermostat-no-ble arm64 (read only) 2368188 2368188 0 0.0
(read/write) 175121 175121 0 0.0
.bss 86417 86417 0 0.0
.data 1520 1520 0 0.0
.data.rel.ro 79376 79376 0 0.0
.dynamic 560 560 0 0.0
.got 4768 4768 0 0.0
.init 24 24 0 0.0
.init_array 376 376 0 0.0
.rodata 146524 146524 0 0.0
.text 1991920 1991920 0 0.0
tv-app debug (read only) 2850417 2850793 376 0.0
(read/write) 277248 277248 0 0.0
.bss 189464 189464 0 0.0
.data 4672 4672 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 592 592 0 0.0
.got 4696 4712 16 0.3
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 218091 218091 0 0.0
.text 2449650 2449826 176 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2419700 2419700 0 0.0
.bss 205828 205828 0 0.0
.data 5872 5872 0 0.0
.text 1382300 1382300 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1179787 1179787 0 0.0
bss 139684 139684 0 0.0
rodata 151532 151532 0 0.0
text 809860 809860 0 0.0
p6 all-clusters-app default (read/write) 2531160 2531160 0 0.0
.bss 139336 139336 0 0.0
.data 2808 2808 0 0.0
.text 1489424 1489424 0 0.0
light-app default (read/write) 2421224 2421224 0 0.0
.bss 132656 132656 0 0.0
.data 2608 2608 0 0.0
.text 1379488 1379488 0 0.0
lock-app default (read/write) 2430728 2430728 0 0.0
.bss 132480 132480 0 0.0
.data 2568 2568 0 0.0
.text 1388992 1388992 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 806032 806032 0 0.0
bss 72180 72180 0 0.0
noinit 40416 40416 0 0.0
text 572432 572432 0 0.0

@emargolis emargolis force-pushed the emargolis/feature/openssl-validate-certificate-chain branch from cb7351f to daf6d4f Compare May 6, 2022 00:43
@github-actions
Copy link

github-actions bot commented May 6, 2022
edited
Loading

PR #18125: Size comparison from 8faa780 to daf6d4f

Increases above 0.2%:

platform target config section 8faa780 daf6d4f change % change
linux chip-tool debug .got 4952 4976 24 0.5
tv-app debug .got 4696 4720 24 0.5
Increases (2 builds for linux)
platform target config section 8faa780 daf6d4f change % change
linux chip-tool debug (read only) 8981461 8981973 512 0.0
(read/write) 576944 576976 32 0.0
.got 4952 4976 24 0.5
.text 7193429 7193653 224 0.0
tv-app debug (read only) 2850417 2850937 520 0.0
(read/write) 277248 277280 32 0.0
.got 4696 4720 24 0.5
.text 2449650 2449874 224 0.0
Full report (34 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 8faa780 daf6d4f change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 690947 690947 0 0.0
(read/write) 161404 161404 0 0.0
.bss 75332 75332 0 0.0
.data 3412 3412 0 0.0
.rodata 102979 102979 0 0.0
.text 587484 587484 0 0.0
lock-ftd LP_CC2652R7 (read only) 678503 678503 0 0.0
(read/write) 164952 164952 0 0.0
.bss 73492 73492 0 0.0
.data 3236 3236 0 0.0
.rodata 94767 94767 0 0.0
.text 583256 583256 0 0.0
lock-mtd LP_CC2652R7 (read only) 627255 627255 0 0.0
(read/write) 146308 146308 0 0.0
.bss 69212 69212 0 0.0
.data 3236 3236 0 0.0
.rodata 94647 94647 0 0.0
.text 532120 532120 0 0.0
pump-app LP_CC2652R7 (read only) 663051 663051 0 0.0
(read/write) 181700 181700 0 0.0
.bss 73764 73764 0 0.0
.data 3268 3268 0 0.0
.rodata 80971 80971 0 0.0
.text 581596 581596 0 0.0
pump-controller-app LP_CC2652R7 (read only) 655943 655943 0 0.0
(read/write) 188608 188608 0 0.0
.bss 73820 73820 0 0.0
.data 3232 3232 0 0.0
.rodata 83911 83911 0 0.0
.text 571548 571548 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 627602 627602 0 0.0
.app_xip_area 530184 530184 0 0.0
.bss 80060 80060 0 0.0
.data 708 708 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 626482 626482 0 0.0
.app_xip_area 530528 530528 0 0.0
.bss 78628 78628 0 0.0
.data 672 672 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 575242 575242 0 0.0
.app_xip_area 469572 469572 0 0.0
.bss 88048 88048 0 0.0
.data 584 584 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 910096 910096 0 0.0
(read/write) 134520 134520 0 0.0
.bss 132456 132456 0 0.0
.data 2064 2064 0 0.0
.text 910088 910088 0 0.0
BRD4161A+rpc (read only) 944440 944440 0 0.0
(read/write) 151208 151208 0 0.0
.bss 148936 148936 0 0.0
.data 2268 2268 0 0.0
.text 944432 944432 0 0.0
BRD4161A+rs911x (read only) 787304 787304 0 0.0
(read/write) 129780 129780 0 0.0
.bss 127708 127708 0 0.0
.data 2068 2068 0 0.0
.text 787296 787296 0 0.0
lock-app BRD4161A+wf200 (read only) 946436 946436 0 0.0
(read/write) 124268 124268 0 0.0
.bss 122244 122244 0 0.0
.data 2024 2024 0 0.0
.text 946428 946428 0 0.0
window-app BRD4161A (read only) 886516 886516 0 0.0
(read/write) 134468 134468 0 0.0
.bss 132416 132416 0 0.0
.data 2052 2052 0 0.0
.text 886508 886508 0 0.0
esp32 all-clusters-app c3devkit (read only) 1001030 1001030 0 0.0
(read/write) 1475354 1475354 0 0.0
.dram0.bss 68472 68472 0 0.0
.dram0.data 14444 14444 0 0.0
.flash.rodata 207984 207984 0 0.0
.flash.text 1001030 1001030 0 0.0
.iram0.text 62020 62020 0 0.0
m5stack (read only) 1056027 1056027 0 0.0
(read/write) 477768 477768 0 0.0
.dram0.bss 73984 73984 0 0.0
.dram0.data 34184 34184 0 0.0
.flash.rodata 237764 237764 0 0.0
.flash.text 1050643 1050643 0 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 685144 685144 0 0.0
.bss 81256 81256 0 0.0
.data 2020 2020 0 0.0
.text 600164 600164 0 0.0
lock k32w061+release (read/write) 730492 730492 0 0.0
.bss 81688 81688 0 0.0
.data 1980 1980 0 0.0
.text 645120 645120 0 0.0
linux all-clusters-app debug (read only) 2739609 2739609 0 0.0
(read/write) 174264 174264 0 0.0
.bss 83680 83680 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 82392 82392 0 0.0
.dynamic 608 608 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 1008 1008 0 0.0
.rodata 236005 236005 0 0.0
.text 2328402 2328402 0 0.0
bridge-app debug+rpc (read only) 1893745 1893745 0 0.0
(read/write) 120984 120984 0 0.0
.bss 71520 71520 0 0.0
.data 3488 3488 0 0.0
.data.rel.ro 40648 40648 0 0.0
.dynamic 592 592 0 0.0
.got 4032 4032 0 0.0
.init 27 27 0 0.0
.init_array 688 688 0 0.0
.rodata 161273 161273 0 0.0
.text 1609618 1609618 0 0.0
chip-tool debug (read only) 8981461 8981973 512 0.0
(read/write) 576944 576976 32 0.0
.bss 22816 22816 0 0.0
.data 1136 1136 0 0.0
.data.rel.ro 546728 546728 0 0.0
.dynamic 624 624 0 0.0
.got 4952 4976 24 0.5
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 464213 464213 0 0.0
.text 7193429 7193653 224 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 8820788 8820788 0 0.0
(read/write) 643137 643137 0 0.0
.bss 41105 41105 0 0.0
.data 1192 1192 0 0.0
.data.rel.ro 582048 582048 0 0.0
.dynamic 560 560 0 0.0
.got 14968 14968 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 431780 431780 0 0.0
.text 6929732 6929732 0 0.0
lighting-app debug+rpc (read only) 2327825 2327825 0 0.0
(read/write) 151936 151936 0 0.0
.bss 73568 73568 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 70568 70568 0 0.0
.dynamic 608 608 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 792 792 0 0.0
.rodata 185401 185401 0 0.0
.text 1975714 1975714 0 0.0
lock-app debug (read only) 2235121 2235121 0 0.0
(read/write) 146520 146520 0 0.0
.bss 72192 72192 0 0.0
.data 1568 1568 0 0.0
.data.rel.ro 67080 67080 0 0.0
.dynamic 592 592 0 0.0
.got 4312 4312 0 0.0
.init 27 27 0 0.0
.init_array 752 752 0 0.0
.rodata 195145 195145 0 0.0
.text 1879618 1879618 0 0.0
ota-provider-app debug (read only) 2063449 2063449 0 0.0
(read/write) 139632 139632 0 0.0
.bss 71680 71680 0 0.0
.data 1736 1736 0 0.0
.data.rel.ro 60440 60440 0 0.0
.dynamic 608 608 0 0.0
.got 4480 4480 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 176147 176147 0 0.0
.text 1729410 1729410 0 0.0
ota-requestor-app debug (read only) 2094593 2094593 0 0.0
(read/write) 142440 142440 0 0.0
.bss 72320 72320 0 0.0
.data 1992 1992 0 0.0
.data.rel.ro 62504 62504 0 0.0
.dynamic 592 592 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 172444 172444 0 0.0
.text 1762770 1762770 0 0.0
shell debug (read only) 2564585 2564585 0 0.0
(read/write) 198160 198160 0 0.0
.bss 114408 114408 0 0.0
.data 1376 1376 0 0.0
.data.rel.ro 76656 76656 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 217458 217458 0 0.0
.text 2185026 2185026 0 0.0
thermostat-no-ble arm64 (read only) 2368188 2368188 0 0.0
(read/write) 175121 175121 0 0.0
.bss 86417 86417 0 0.0
.data 1520 1520 0 0.0
.data.rel.ro 79376 79376 0 0.0
.dynamic 560 560 0 0.0
.got 4768 4768 0 0.0
.init 24 24 0 0.0
.init_array 376 376 0 0.0
.rodata 146524 146524 0 0.0
.text 1991920 1991920 0 0.0
tv-app debug (read only) 2850417 2850937 520 0.0
(read/write) 277248 277280 32 0.0
.bss 189464 189464 0 0.0
.data 4672 4672 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 592 592 0 0.0
.got 4696 4720 24 0.5
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 218091 218091 0 0.0
.text 2449650 2449874 224 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2419700 2419700 0 0.0
.bss 205828 205828 0 0.0
.data 5872 5872 0 0.0
.text 1382300 1382300 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1179787 1179787 0 0.0
bss 139684 139684 0 0.0
rodata 151532 151532 0 0.0
text 809860 809860 0 0.0
p6 all-clusters-app default (read/write) 2531160 2531160 0 0.0
.bss 139336 139336 0 0.0
.data 2808 2808 0 0.0
.text 1489424 1489424 0 0.0
light-app default (read/write) 2421224 2421224 0 0.0
.bss 132656 132656 0 0.0
.data 2608 2608 0 0.0
.text 1379488 1379488 0 0.0
lock-app default (read/write) 2430728 2430728 0 0.0
.bss 132480 132480 0 0.0
.data 2568 2568 0 0.0
.text 1388992 1388992 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 806032 806032 0 0.0
bss 72180 72180 0 0.0
noinit 40416 40416 0 0.0
text 572432 572432 0 0.0

bzbarsky-apple
bzbarsky-apple approved these changes May 6, 2022
View reviewed changes
Copy link
Contributor

@bzbarsky-apple bzbarsky-apple left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

@andy31415
Copy link
Contributor

@emargolis memory checker seems to complain:

'#3:','Test P256 Keygen                                                          ','PASSED'
[1651828999.641221][30164:30164] CHIP:CR:  ssl err  asn1 encoding routines ASN1_item_verify EVP lib

debug-malloc library: dumping program, fatal error
   Error: free space has been overwritten (err 67)
Aborted (core dumped)

@emargolis emargolis force-pushed the emargolis/feature/openssl-validate-certificate-chain branch from daf6d4f to 0daa148 Compare May 6, 2022 18:17
@github-actions
Copy link

github-actions bot commented May 6, 2022
edited
Loading

PR #18125: Size comparison from 54a39d7 to 0daa148

Increases above 0.2%:

platform target config section 54a39d7 0daa148 change % change
linux chip-tool debug .got 4952 4976 24 0.5
tv-app debug .got 4696 4720 24 0.5
Increases (2 builds for linux)
platform target config section 54a39d7 0daa148 change % change
linux chip-tool debug (read only) 9026661 9027173 512 0.0
(read/write) 576944 576976 32 0.0
.got 4952 4976 24 0.5
.text 7236709 7236933 224 0.0
tv-app debug (read only) 2850849 2851369 520 0.0
(read/write) 277248 277280 32 0.0
.got 4696 4720 24 0.5
.text 2449762 2449986 224 0.0
Full report (34 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 54a39d7 0daa148 change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 690935 690935 0 0.0
(read/write) 161416 161416 0 0.0
.bss 75332 75332 0 0.0
.data 3412 3412 0 0.0
.rodata 102983 102983 0 0.0
.text 587468 587468 0 0.0
lock-ftd LP_CC2652R7 (read only) 678507 678507 0 0.0
(read/write) 164948 164948 0 0.0
.bss 73492 73492 0 0.0
.data 3236 3236 0 0.0
.rodata 94771 94771 0 0.0
.text 583256 583256 0 0.0
lock-mtd LP_CC2652R7 (read only) 627259 627259 0 0.0
(read/write) 146308 146308 0 0.0
.bss 69212 69212 0 0.0
.data 3236 3236 0 0.0
.rodata 94651 94651 0 0.0
.text 532120 532120 0 0.0
pump-app LP_CC2652R7 (read only) 663035 663035 0 0.0
(read/write) 181708 181708 0 0.0
.bss 73756 73756 0 0.0
.data 3268 3268 0 0.0
.rodata 80971 80971 0 0.0
.text 581580 581580 0 0.0
pump-controller-app LP_CC2652R7 (read only) 655943 655943 0 0.0
(read/write) 188600 188600 0 0.0
.bss 73812 73812 0 0.0
.data 3232 3232 0 0.0
.rodata 83911 83911 0 0.0
.text 571548 571548 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 627586 627586 0 0.0
.app_xip_area 530176 530176 0 0.0
.bss 80052 80052 0 0.0
.data 708 708 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 626474 626474 0 0.0
.app_xip_area 530520 530520 0 0.0
.bss 78628 78628 0 0.0
.data 672 672 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 575234 575234 0 0.0
.app_xip_area 469564 469564 0 0.0
.bss 88048 88048 0 0.0
.data 584 584 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 910096 910096 0 0.0
(read/write) 134520 134520 0 0.0
.bss 132456 132456 0 0.0
.data 2064 2064 0 0.0
.text 910088 910088 0 0.0
BRD4161A+rpc (read only) 944440 944440 0 0.0
(read/write) 151208 151208 0 0.0
.bss 148936 148936 0 0.0
.data 2268 2268 0 0.0
.text 944432 944432 0 0.0
BRD4161A+rs911x (read only) 787676 787676 0 0.0
(read/write) 129776 129776 0 0.0
.bss 127708 127708 0 0.0
.data 2068 2068 0 0.0
.text 787668 787668 0 0.0
lock-app BRD4161A+wf200 (read only) 946768 946768 0 0.0
(read/write) 124268 124268 0 0.0
.bss 122244 122244 0 0.0
.data 2024 2024 0 0.0
.text 946760 946760 0 0.0
window-app BRD4161A (read only) 886516 886516 0 0.0
(read/write) 134460 134460 0 0.0
.bss 132408 132408 0 0.0
.data 2052 2052 0 0.0
.text 886508 886508 0 0.0
esp32 all-clusters-app c3devkit (read only) 1001090 1001090 0 0.0
(read/write) 1475658 1475658 0 0.0
.dram0.bss 68464 68464 0 0.0
.dram0.data 14444 14444 0 0.0
.flash.rodata 208304 208304 0 0.0
.flash.text 1001090 1001090 0 0.0
.iram0.text 62020 62020 0 0.0
m5stack (read only) 1056031 1056031 0 0.0
(read/write) 478088 478088 0 0.0
.dram0.bss 73984 73984 0 0.0
.dram0.data 34184 34184 0 0.0
.flash.rodata 238084 238084 0 0.0
.flash.text 1050647 1050647 0 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 685136 685136 0 0.0
.bss 81248 81248 0 0.0
.data 2020 2020 0 0.0
.text 600164 600164 0 0.0
lock k32w061+release (read/write) 730468 730468 0 0.0
.bss 81680 81680 0 0.0
.data 1980 1980 0 0.0
.text 645104 645104 0 0.0
linux all-clusters-app debug (read only) 2740073 2740073 0 0.0
(read/write) 174264 174264 0 0.0
.bss 83680 83680 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 82392 82392 0 0.0
.dynamic 608 608 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 1008 1008 0 0.0
.rodata 236357 236357 0 0.0
.text 2328514 2328514 0 0.0
bridge-app debug+rpc (read only) 1894161 1894161 0 0.0
(read/write) 120984 120984 0 0.0
.bss 71520 71520 0 0.0
.data 3488 3488 0 0.0
.data.rel.ro 40648 40648 0 0.0
.dynamic 592 592 0 0.0
.got 4032 4032 0 0.0
.init 27 27 0 0.0
.init_array 688 688 0 0.0
.rodata 161593 161593 0 0.0
.text 1609714 1609714 0 0.0
chip-tool debug (read only) 9026661 9027173 512 0.0
(read/write) 576944 576976 32 0.0
.bss 22816 22816 0 0.0
.data 1136 1136 0 0.0
.data.rel.ro 546728 546728 0 0.0
.dynamic 624 624 0 0.0
.got 4952 4976 24 0.5
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 466133 466133 0 0.0
.text 7236709 7236933 224 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 8856532 8856532 0 0.0
(read/write) 643137 643137 0 0.0
.bss 41105 41105 0 0.0
.data 1192 1192 0 0.0
.data.rel.ro 582048 582048 0 0.0
.dynamic 560 560 0 0.0
.got 14976 14976 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 433636 433636 0 0.0
.text 6963588 6963588 0 0.0
lighting-app debug+rpc (read only) 2328241 2328241 0 0.0
(read/write) 151936 151936 0 0.0
.bss 73568 73568 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 70568 70568 0 0.0
.dynamic 608 608 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 792 792 0 0.0
.rodata 185721 185721 0 0.0
.text 1975810 1975810 0 0.0
lock-app debug (read only) 2235537 2235537 0 0.0
(read/write) 146520 146520 0 0.0
.bss 72192 72192 0 0.0
.data 1568 1568 0 0.0
.data.rel.ro 67080 67080 0 0.0
.dynamic 592 592 0 0.0
.got 4312 4312 0 0.0
.init 27 27 0 0.0
.init_array 752 752 0 0.0
.rodata 195465 195465 0 0.0
.text 1879714 1879714 0 0.0
ota-provider-app debug (read only) 2063865 2063865 0 0.0
(read/write) 139632 139632 0 0.0
.bss 71680 71680 0 0.0
.data 1736 1736 0 0.0
.data.rel.ro 60440 60440 0 0.0
.dynamic 608 608 0 0.0
.got 4480 4480 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 176467 176467 0 0.0
.text 1729506 1729506 0 0.0
ota-requestor-app debug (read only) 2095041 2095041 0 0.0
(read/write) 142440 142440 0 0.0
.bss 72320 72320 0 0.0
.data 1992 1992 0 0.0
.data.rel.ro 62504 62504 0 0.0
.dynamic 592 592 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 172796 172796 0 0.0
.text 1762866 1762866 0 0.0
shell debug (read only) 2565049 2565049 0 0.0
(read/write) 198160 198160 0 0.0
.bss 114408 114408 0 0.0
.data 1376 1376 0 0.0
.data.rel.ro 76656 76656 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 217810 217810 0 0.0
.text 2185138 2185138 0 0.0
thermostat-no-ble arm64 (read only) 2368620 2368620 0 0.0
(read/write) 175121 175121 0 0.0
.bss 86417 86417 0 0.0
.data 1520 1520 0 0.0
.data.rel.ro 79376 79376 0 0.0
.dynamic 560 560 0 0.0
.got 4768 4768 0 0.0
.init 24 24 0 0.0
.init_array 376 376 0 0.0
.rodata 146844 146844 0 0.0
.text 1992032 1992032 0 0.0
tv-app debug (read only) 2850849 2851369 520 0.0
(read/write) 277248 277280 32 0.0
.bss 189464 189464 0 0.0
.data 4672 4672 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 592 592 0 0.0
.got 4696 4720 24 0.5
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 218411 218411 0 0.0
.text 2449762 2449986 224 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2420084 2420084 0 0.0
.bss 205820 205820 0 0.0
.data 5872 5872 0 0.0
.text 1382684 1382684 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1179787 1179787 0 0.0
bss 139680 139680 0 0.0
rodata 151532 151532 0 0.0
text 809856 809856 0 0.0
p6 all-clusters-app default (read/write) 2531536 2531536 0 0.0
.bss 139328 139328 0 0.0
.data 2808 2808 0 0.0
.text 1489800 1489800 0 0.0
light-app default (read/write) 2421592 2421592 0 0.0
.bss 132656 132656 0 0.0
.data 2608 2608 0 0.0
.text 1379856 1379856 0 0.0
lock-app default (read/write) 2431096 2431096 0 0.0
.bss 132472 132472 0 0.0
.data 2568 2568 0 0.0
.text 1389360 1389360 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 806024 806024 0 0.0
bss 72176 72176 0 0.0
noinit 40416 40416 0 0.0
text 572426 572426 0 0.0

@emargolis
Fix OpenSSL Implementation of ValidateCertificateChain().
e7b6883 
In the OpenSSL Implementation of ValidateCertificateChain() function the
intermediate ceritificate is loaded as a trusted certificate, which opens
door to various security attacks.

Updated implementation: now loading intermediate certificate as
untrusted certificate part of cert chain.

Added test case that would identify this issue in the previous implementation.
@emargolis emargolis force-pushed the emargolis/feature/openssl-validate-certificate-chain branch from 0daa148 to e7b6883 Compare May 9, 2022 21:40
@github-actions
Copy link

github-actions bot commented May 9, 2022
edited
Loading

PR #18125: Size comparison from 3c3a422 to e7b6883

Increases above 0.2%:

platform target config section 3c3a422 e7b6883 change % change
linux chip-tool debug .got 4952 4976 24 0.5
tv-app debug .got 4696 4720 24 0.5
Increases (2 builds for linux)
platform target config section 3c3a422 e7b6883 change % change
linux chip-tool debug (read only) 9104757 9105261 504 0.0
(read/write) 576944 576976 32 0.0
.got 4952 4976 24 0.5
.text 7309237 7309445 208 0.0
tv-app debug (read only) 2852865 2853369 504 0.0
(read/write) 277248 277280 32 0.0
.got 4696 4720 24 0.5
.text 2451778 2451986 208 0.0
Full report (34 builds for cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, p6, telink)
platform target config section 3c3a422 e7b6883 change % change
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 690935 690935 0 0.0
(read/write) 161416 161416 0 0.0
.bss 75332 75332 0 0.0
.data 3412 3412 0 0.0
.rodata 102983 102983 0 0.0
.text 587468 587468 0 0.0
lock-ftd LP_CC2652R7 (read only) 678507 678507 0 0.0
(read/write) 164948 164948 0 0.0
.bss 73492 73492 0 0.0
.data 3236 3236 0 0.0
.rodata 94771 94771 0 0.0
.text 583256 583256 0 0.0
lock-mtd LP_CC2652R7 (read only) 627259 627259 0 0.0
(read/write) 146308 146308 0 0.0
.bss 69212 69212 0 0.0
.data 3236 3236 0 0.0
.rodata 94651 94651 0 0.0
.text 532120 532120 0 0.0
pump-app LP_CC2652R7 (read only) 663035 663035 0 0.0
(read/write) 181708 181708 0 0.0
.bss 73756 73756 0 0.0
.data 3268 3268 0 0.0
.rodata 80971 80971 0 0.0
.text 581580 581580 0 0.0
pump-controller-app LP_CC2652R7 (read only) 655943 655943 0 0.0
(read/write) 188600 188600 0 0.0
.bss 73812 73812 0 0.0
.data 3232 3232 0 0.0
.rodata 83911 83911 0 0.0
.text 571548 571548 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 627586 627586 0 0.0
.app_xip_area 530176 530176 0 0.0
.bss 80052 80052 0 0.0
.data 708 708 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
lock cyw930739m2evb_01 (read/write) 626474 626474 0 0.0
.app_xip_area 530520 530520 0 0.0
.bss 78628 78628 0 0.0
.data 672 672 0 0.0
.rodata 0 0 0 0.0
.text 0 0 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 575234 575234 0 0.0
.app_xip_area 469564 469564 0 0.0
.bss 88048 88048 0 0.0
.data 584 584 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read only) 910096 910096 0 0.0
(read/write) 134520 134520 0 0.0
.bss 132456 132456 0 0.0
.data 2064 2064 0 0.0
.text 910088 910088 0 0.0
BRD4161A+rpc (read only) 944440 944440 0 0.0
(read/write) 151208 151208 0 0.0
.bss 148936 148936 0 0.0
.data 2268 2268 0 0.0
.text 944432 944432 0 0.0
BRD4161A+rs911x (read only) 787676 787676 0 0.0
(read/write) 129776 129776 0 0.0
.bss 127708 127708 0 0.0
.data 2068 2068 0 0.0
.text 787668 787668 0 0.0
lock-app BRD4161A+wf200 (read only) 946768 946768 0 0.0
(read/write) 124268 124268 0 0.0
.bss 122244 122244 0 0.0
.data 2024 2024 0 0.0
.text 946760 946760 0 0.0
window-app BRD4161A (read only) 890408 890408 0 0.0
(read/write) 134472 134472 0 0.0
.bss 132416 132416 0 0.0
.data 2052 2052 0 0.0
.text 890400 890400 0 0.0
esp32 all-clusters-app c3devkit (read only) 1001090 1001090 0 0.0
(read/write) 1475658 1475658 0 0.0
.dram0.bss 68464 68464 0 0.0
.dram0.data 14444 14444 0 0.0
.flash.rodata 208304 208304 0 0.0
.flash.text 1001090 1001090 0 0.0
.iram0.text 62020 62020 0 0.0
m5stack (read only) 1056031 1056031 0 0.0
(read/write) 478088 478088 0 0.0
.dram0.bss 73984 73984 0 0.0
.dram0.data 34184 34184 0 0.0
.flash.rodata 238084 238084 0 0.0
.flash.text 1050647 1050647 0 0.0
.iram0.text 123107 123107 0 0.0
k32w light k32w061+release (read/write) 685136 685136 0 0.0
.bss 81248 81248 0 0.0
.data 2020 2020 0 0.0
.text 600164 600164 0 0.0
lock k32w061+release (read/write) 730468 730468 0 0.0
.bss 81680 81680 0 0.0
.data 1980 1980 0 0.0
.text 645104 645104 0 0.0
linux all-clusters-app debug (read only) 2740441 2740441 0 0.0
(read/write) 174488 174488 0 0.0
.bss 83904 83904 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 82392 82392 0 0.0
.dynamic 608 608 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 1008 1008 0 0.0
.rodata 236357 236357 0 0.0
.text 2328882 2328882 0 0.0
bridge-app debug+rpc (read only) 1894545 1894545 0 0.0
(read/write) 120984 120984 0 0.0
.bss 71520 71520 0 0.0
.data 3488 3488 0 0.0
.data.rel.ro 40648 40648 0 0.0
.dynamic 592 592 0 0.0
.got 4032 4032 0 0.0
.init 27 27 0 0.0
.init_array 688 688 0 0.0
.rodata 161593 161593 0 0.0
.text 1610098 1610098 0 0.0
chip-tool debug (read only) 9104757 9105261 504 0.0
(read/write) 576944 576976 32 0.0
.bss 22816 22816 0 0.0
.data 1136 1136 0 0.0
.data.rel.ro 546728 546728 0 0.0
.dynamic 624 624 0 0.0
.got 4952 4976 24 0.5
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 471701 471701 0 0.0
.text 7309237 7309445 208 0.0
chip-tool-no-interactive-ipv6only arm64 (read only) 8924476 8924476 0 0.0
(read/write) 643089 643089 0 0.0
.bss 41105 41105 0 0.0
.data 1192 1192 0 0.0
.data.rel.ro 582000 582000 0 0.0
.dynamic 560 560 0 0.0
.got 14976 14976 0 0.0
.init 24 24 0 0.0
.init_array 184 184 0 0.0
.rodata 438748 438748 0 0.0
.text 7026468 7026468 0 0.0
lighting-app debug+rpc (read only) 2328625 2328625 0 0.0
(read/write) 151936 151936 0 0.0
.bss 73568 73568 0 0.0
.data 2048 2048 0 0.0
.data.rel.ro 70568 70568 0 0.0
.dynamic 608 608 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 792 792 0 0.0
.rodata 185721 185721 0 0.0
.text 1976194 1976194 0 0.0
lock-app debug (read only) 2235921 2235921 0 0.0
(read/write) 146520 146520 0 0.0
.bss 72192 72192 0 0.0
.data 1568 1568 0 0.0
.data.rel.ro 67080 67080 0 0.0
.dynamic 592 592 0 0.0
.got 4312 4312 0 0.0
.init 27 27 0 0.0
.init_array 752 752 0 0.0
.rodata 195465 195465 0 0.0
.text 1880098 1880098 0 0.0
ota-provider-app debug (read only) 2064249 2064249 0 0.0
(read/write) 139632 139632 0 0.0
.bss 71680 71680 0 0.0
.data 1736 1736 0 0.0
.data.rel.ro 60440 60440 0 0.0
.dynamic 608 608 0 0.0
.got 4480 4480 0 0.0
.init 27 27 0 0.0
.init_array 648 648 0 0.0
.rodata 176467 176467 0 0.0
.text 1729890 1729890 0 0.0
ota-requestor-app debug (read only) 2095425 2095425 0 0.0
(read/write) 142440 142440 0 0.0
.bss 72320 72320 0 0.0
.data 1992 1992 0 0.0
.data.rel.ro 62504 62504 0 0.0
.dynamic 592 592 0 0.0
.got 4320 4320 0 0.0
.init 27 27 0 0.0
.init_array 672 672 0 0.0
.rodata 172796 172796 0 0.0
.text 1763250 1763250 0 0.0
shell debug (read only) 2565417 2565417 0 0.0
(read/write) 198160 198160 0 0.0
.bss 114408 114408 0 0.0
.data 1376 1376 0 0.0
.data.rel.ro 76656 76656 0 0.0
.dynamic 592 592 0 0.0
.got 4184 4184 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 217810 217810 0 0.0
.text 2185506 2185506 0 0.0
thermostat-no-ble arm64 (read only) 2368620 2368620 0 0.0
(read/write) 175121 175121 0 0.0
.bss 86417 86417 0 0.0
.data 1520 1520 0 0.0
.data.rel.ro 79376 79376 0 0.0
.dynamic 560 560 0 0.0
.got 4768 4768 0 0.0
.init 24 24 0 0.0
.init_array 376 376 0 0.0
.rodata 146844 146844 0 0.0
.text 1992032 1992032 0 0.0
tv-app debug (read only) 2852865 2853369 504 0.0
(read/write) 277248 277280 32 0.0
.bss 189464 189464 0 0.0
.data 4672 4672 0 0.0
.data.rel.ro 76872 76872 0 0.0
.dynamic 592 592 0 0.0
.got 4696 4720 24 0.5
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 218411 218411 0 0.0
.text 2451778 2451986 208 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2420084 2420084 0 0.0
.bss 205820 205820 0 0.0
.data 5872 5872 0 0.0
.text 1382684 1382684 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1179787 1179787 0 0.0
bss 139680 139680 0 0.0
rodata 151532 151532 0 0.0
text 809856 809856 0 0.0
p6 all-clusters-app default (read/write) 2531536 2531536 0 0.0
.bss 139328 139328 0 0.0
.data 2808 2808 0 0.0
.text 1489800 1489800 0 0.0
light-app default (read/write) 2421592 2421592 0 0.0
.bss 132656 132656 0 0.0
.data 2608 2608 0 0.0
.text 1379856 1379856 0 0.0
lock-app default (read/write) 2431096 2431096 0 0.0
.bss 132472 132472 0 0.0
.data 2568 2568 0 0.0
.text 1389360 1389360 0 0.0
telink lighting-app tlsr9518adk80d (read/write) 806024 806024 0 0.0
bss 72176 72176 0 0.0
noinit 40416 40416 0 0.0
text 572426 572426 0 0.0

@emargolis emargolis merged commit f503636 into project-chip:master May 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcarmelveilleux tcarmelveilleux tcarmelveilleux left review comments

@Damian-Nordic Damian-Nordic Damian-Nordic approved these changes

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@hawk248 hawk248 Awaiting requested review from hawk248

@holbrookt holbrookt Awaiting requested review from holbrookt

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kghost kghost Awaiting requested review from kghost

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@mlepage-google mlepage-google Awaiting requested review from mlepage-google

@msandstedt msandstedt Awaiting requested review from msandstedt

@mspang mspang Awaiting requested review from mspang

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@sagar-apple sagar-apple Awaiting requested review from sagar-apple

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

Assignees
No one assigned
Labels
crypto review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@emargolis @andy31415 @tcarmelveilleux @bzbarsky-apple @Damian-Nordic