Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update ValidateCertificateChain() To Allow Certificate Chain Validation without Intermediate Certificate #22504

Merged
merged 1 commit into from
Sep 10, 2022
Merged

Update ValidateCertificateChain() To Allow Certificate Chain Validation without Intermediate Certificate #22504

merged 1 commit into from
Sep 10, 2022

Conversation

emargolis
Copy link
Contributor

@emargolis emargolis commented Sep 9, 2022
edited by tcarmelveilleux
Loading

Issue Being Resolved

Fixes #22428

Change overview

Using this function to validate CD signing certificates added to the CD Trust Store.

Added new unit-test cases.

@github-actions github-actions bot added the crypto label Sep 9, 2022
@pullapprove pullapprove bot requested a review from hawk248 September 9, 2022 00:30
@github-actions
Copy link

github-actions bot commented Sep 9, 2022
edited
Loading

PR #22504: Size comparison from d746902 to 28d19af

Increases above 0.2%:

platform target config section d746902 28d19af7 change % change
linux tv-app debug .rodata 260776 261320 544 0.2
Increases (7 builds for bl602, esp32, linux, telink)
platform target config section d746902 28d19af7 change % change
bl602 lighting-app bl602 (read/write) 1411750 1411758 8 0.0
.text 1066992 1066996 4 0.0
esp32 all-clusters-app c3devkit (read/write) 1787654 1787662 8 0.0
.flash.rodata 257208 257216 8 0.0
linux chip-tool debug (read only) 10959809 10960593 784 0.0
.rodata 570485 571029 544 0.1
.text 8868100 8868340 240 0.0
chip-tool-ipv6only arm64 (read only) 10332012 10332732 720 0.0
.rodata 500092 500604 512 0.1
.text 8178852 8179060 208 0.0
tv-app debug (read only) 3200577 3201345 768 0.0
.rodata 260776 261320 544 0.2
.text 2749410 2749634 224 0.0
tv-casting-app debug (read only) 5518169 5518937 768 0.0
.rodata 346161 346705 544 0.2
.text 4899698 4899922 224 0.0
telink lighting-app tlsr9518adk80d text 592478 592480 2 0.0
Decreases (4 builds for psoc6)
platform target config section d746902 28d19af7 change % change
psoc6 all-clusters cy8ckit_062s2_43012 .debug_info 26738028 26737984 -44 -0.0
.debug_line 3662561 3662513 -48 -0.0
.debug_loc 3580890 3580815 -75 -0.0
all-clusters-minimal cy8ckit_062s2_43012 .debug_info 26474651 26474606 -45 -0.0
.debug_line 3683101 3683053 -48 -0.0
.debug_loc 3568527 3568452 -75 -0.0
light cy8ckit_062s2_43012 .debug_info 21936822 21936776 -46 -0.0
.debug_line 3253530 3253482 -48 -0.0
.debug_loc 3266821 3266746 -75 -0.0
lock cy8ckit_062s2_43012 .debug_info 22316607 22316562 -45 -0.0
.debug_line 3262339 3262291 -48 -0.0
.debug_loc 3306688 3306613 -75 -0.0
Full report (46 builds for bl602, cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, psoc6, qpg, telink)
platform target config section d746902 28d19af7 change % change
bl602 lighting-app bl602 (read/write) 1411750 1411758 8 0.0
.bss 121585 121585 0 0.0
.data 9816 9816 0 0.0
.text 1066992 1066996 4 0.0
bl602+rpc (read/write) 1457210 1457210 0 0.0
.bss 129017 129017 0 0.0
.data 10200 10200 0 0.0
.text 1098598 1098598 0 0.0
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 676127 676127 0 0.0
(read/write) 175280 175280 0 0.0
.bss 74300 74300 0 0.0
.data 3380 3380 0 0.0
.rodata 89383 89383 0 0.0
.text 586432 586432 0 0.0
all-clusters-minimal-app LP_CC2652R7 (read only) 640847 640847 0 0.0
(read/write) 157868 157868 0 0.0
.bss 73572 73572 0 0.0
.data 3380 3380 0 0.0
.rodata 78535 78535 0 0.0
.text 561992 561992 0 0.0
lock-ftd LP_CC2652R7 (read only) 677203 677203 0 0.0
(read/write) 164516 164516 0 0.0
.bss 71500 71500 0 0.0
.data 3304 3304 0 0.0
.rodata 77235 77235 0 0.0
.text 599488 599488 0 0.0
lock-mtd LP_CC2652R7 (read only) 660187 660187 0 0.0
(read/write) 177220 177220 0 0.0
.bss 67188 67188 0 0.0
.data 3304 3304 0 0.0
.rodata 102515 102515 0 0.0
.text 557192 557192 0 0.0
pump-app LP_CC2652R7 (read only) 686039 686039 0 0.0
(read/write) 156384 156384 0 0.0
.bss 71436 71436 0 0.0
.data 3296 3296 0 0.0
.rodata 90263 90263 0 0.0
.text 595292 595292 0 0.0
pump-controller-app LP_CC2652R7 (read only) 670531 670531 0 0.0
(read/write) 172004 172004 0 0.0
.bss 71548 71548 0 0.0
.data 3292 3292 0 0.0
.rodata 85819 85819 0 0.0
.text 584232 584232 0 0.0
shell LP_CC2652R7 (read only) 666794 666794 0 0.0
(read/write) 180132 180132 0 0.0
.bss 76620 76620 0 0.0
.data 3376 3376 0 0.0
.rodata 85938 85938 0 0.0
.text 580540 580540 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 587394 587394 0 0.0
.app_xip_area 464052 464052 0 0.0
.bss 65776 65776 0 0.0
.data 744 744 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
lock cyw930739m2evb_01 (read/write) 593146 593146 0 0.0
.app_xip_area 465020 465020 0 0.0
.bss 70560 70560 0 0.0
.data 748 748 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 600618 600618 0 0.0
.app_xip_area 477996 477996 0 0.0
.bss 65088 65088 0 0.0
.data 716 716 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read/write) 1109944 1109944 0 0.0
.bss 136332 136332 0 0.0
.data 2072 2072 0 0.0
.text 971520 971520 0 0.0
BRD4161A+rpc (read/write) 973020 973020 0 0.0
.bss 150844 150844 0 0.0
.data 2252 2252 0 0.0
.text 819904 819904 0 0.0
BRD4161A+rs911x (read/write) 1003384 1003384 0 0.0
.bss 169168 169168 0 0.0
.data 2064 2064 0 0.0
.text 832132 832132 0 0.0
lock-app BRD4161A+wf200 (read/write) 1150884 1150884 0 0.0
.bss 152248 152248 0 0.0
.data 2072 2072 0 0.0
.text 996544 996544 0 0.0
window-app BRD4161A (read/write) 1101176 1101176 0 0.0
.bss 137772 137772 0 0.0
.data 2096 2096 0 0.0
.text 961288 961288 0 0.0
esp32 all-clusters-app c3devkit (read only) 1223454 1223454 0 0.0
(read/write) 1787654 1787662 8 0.0
.dram0.bss 76952 76952 0 0.0
.dram0.data 13840 13840 0 0.0
.flash.rodata 257208 257216 8 0.0
.flash.text 1223454 1223454 0 0.0
.iram0.text 65204 65204 0 0.0
m5stack (read only) 1232811 1232811 0 0.0
(read/write) 563524 563524 0 0.0
.dram0.bss 82312 82312 0 0.0
.dram0.data 34296 34296 0 0.0
.flash.rodata 314248 314248 0 0.0
.flash.text 1227427 1227427 0 0.0
.iram0.text 123939 123939 0 0.0
k32w light k32w0+release (read/write) 648828 648828 0 0.0
.bss 70712 70712 0 0.0
.data 2068 2068 0 0.0
.text 573320 573320 0 0.0
lock k32w0+release (read/write) 706016 706016 0 0.0
.bss 71160 71160 0 0.0
.data 2076 2076 0 0.0
.text 630052 630052 0 0.0
linux all-clusters-app debug (read only) 3048329 3048329 0 0.0
(read/write) 156064 156064 0 0.0
.bss 61824 61824 0 0.0
.data 2096 2096 0 0.0
.data.rel.ro 85768 85768 0 0.0
.dynamic 608 608 0 0.0
.got 4568 4568 0 0.0
.init 27 27 0 0.0
.init_array 1176 1176 0 0.0
.rodata 275851 275851 0 0.0
.text 2593042 2593042 0 0.0
all-clusters-minimal-app debug (read only) 2884145 2884145 0 0.0
(read/write) 147664 147664 0 0.0
.bss 61056 61056 0 0.0
.data 2064 2064 0 0.0
.data.rel.ro 78264 78264 0 0.0
.dynamic 608 608 0 0.0
.got 4488 4488 0 0.0
.init 27 27 0 0.0
.init_array 1160 1160 0 0.0
.rodata 276043 276043 0 0.0
.text 2431442 2431442 0 0.0
bridge-app debug+rpc (read only) 2381961 2381961 0 0.0
(read/write) 127752 127752 0 0.0
.bss 50656 50656 0 0.0
.data 3600 3600 0 0.0
.data.rel.ro 67640 67640 0 0.0
.dynamic 608 608 0 0.0
.got 4392 4392 0 0.0
.init 27 27 0 0.0
.init_array 832 832 0 0.0
.rodata 204712 204712 0 0.0
.text 2014338 2014338 0 0.0
chip-tool debug (read only) 10959809 10960593 784 0.0
(read/write) 657736 657736 0 0.0
.bss 26072 26072 0 0.0
.data 2690 2690 0 0.0
.data.rel.ro 622456 622456 0 0.0
.dynamic 608 608 0 0.0
.got 5096 5096 0 0.0
.init 27 27 0 0.0
.init_array 776 776 0 0.0
.rodata 570485 571029 544 0.1
.text 8868100 8868340 240 0.0
chip-tool-ipv6only arm64 (read only) 10332012 10332732 720 0.0
(read/write) 705649 705649 0 0.0
.bss 33937 33937 0 0.0
.data 2856 2856 0 0.0
.data.rel.ro 650024 650024 0 0.0
.dynamic 560 560 0 0.0
.got 13864 13864 0 0.0
.init 24 24 0 0.0
.init_array 200 200 0 0.0
.rodata 500092 500604 512 0.1
.text 8178852 8179060 208 0.0
lighting-app debug+rpc (read only) 2607401 2607401 0 0.0
(read/write) 130536 130536 0 0.0
.bss 49792 49792 0 0.0
.data 2096 2096 0 0.0
.data.rel.ro 72680 72680 0 0.0
.dynamic 608 608 0 0.0
.got 4392 4392 0 0.0
.init 27 27 0 0.0
.init_array 928 928 0 0.0
.rodata 221552 221552 0 0.0
.text 2214658 2214658 0 0.0
lock-app debug (read only) 2590369 2590369 0 0.0
(read/write) 125712 125712 0 0.0
.bss 48288 48288 0 0.0
.data 1712 1712 0 0.0
.data.rel.ro 69688 69688 0 0.0
.dynamic 608 608 0 0.0
.got 4464 4464 0 0.0
.init 27 27 0 0.0
.init_array 904 904 0 0.0
.rodata 238544 238544 0 0.0
.text 2184882 2184882 0 0.0
ota-provider-app debug (read only) 2367625 2367625 0 0.0
(read/write) 119144 119144 0 0.0
.bss 47808 47808 0 0.0
.data 1936 1936 0 0.0
.data.rel.ro 63512 63512 0 0.0
.dynamic 608 608 0 0.0
.got 4488 4488 0 0.0
.init 27 27 0 0.0
.init_array 768 768 0 0.0
.rodata 210520 210520 0 0.0
.text 1993346 1993346 0 0.0
ota-requestor-app debug (read only) 2532953 2532953 0 0.0
(read/write) 127552 127552 0 0.0
.bss 50368 50368 0 0.0
.data 2304 2304 0 0.0
.data.rel.ro 68920 68920 0 0.0
.dynamic 608 608 0 0.0
.got 4480 4480 0 0.0
.init 27 27 0 0.0
.init_array 856 856 0 0.0
.rodata 217344 217344 0 0.0
.text 2142706 2142706 0 0.0
shell debug (read only) 2616697 2616697 0 0.0
(read/write) 142184 142184 0 0.0
.bss 57704 57704 0 0.0
.data 1264 1264 0 0.0
.data.rel.ro 77376 77376 0 0.0
.dynamic 608 608 0 0.0
.got 4136 4136 0 0.0
.init 27 27 0 0.0
.init_array 1048 1048 0 0.0
.rodata 235986 235986 0 0.0
.text 2222002 2222002 0 0.0
thermostat-no-ble arm64 (read only) 2366068 2366068 0 0.0
(read/write) 141905 141905 0 0.0
.bss 55233 55233 0 0.0
.data 1680 1680 0 0.0
.data.rel.ro 76160 76160 0 0.0
.dynamic 560 560 0 0.0
.got 5056 5056 0 0.0
.init 24 24 0 0.0
.init_array 416 416 0 0.0
.rodata 141516 141516 0 0.0
.text 1986464 1986464 0 0.0
tv-app debug (read only) 3200577 3201345 768 0.0
(read/write) 258392 258392 0 0.0
.bss 168152 168152 0 0.0
.data 4144 4144 0 0.0
.data.rel.ro 79520 79520 0 0.0
.dynamic 608 608 0 0.0
.got 4856 4856 0 0.0
.init 27 27 0 0.0
.init_array 1080 1080 0 0.0
.rodata 260776 261320 544 0.2
.text 2749410 2749634 224 0.0
tv-casting-app debug (read only) 5518169 5518937 768 0.0
(read/write) 160888 160888 0 0.0
.bss 52120 52120 0 0.0
.data 1824 1824 0 0.0
.data.rel.ro 100488 100488 0 0.0
.dynamic 608 608 0 0.0
.got 4776 4776 0 0.0
.init 27 27 0 0.0
.init_array 1048 1048 0 0.0
.rodata 346161 346705 544 0.2
.text 4899698 4899922 224 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2455224 2455224 0 0.0
.bss 215044 215044 0 0.0
.data 5872 5872 0 0.0
.text 1417868 1417868 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1182027 1182027 0 0.0
bss 143641 143641 0 0.0
rodata 143740 143740 0 0.0
text 815708 815708 0 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1161227 1161227 0 0.0
bss 142868 142868 0 0.0
rodata 135332 135332 0 0.0
text 804100 804100 0 0.0
psoc6 all-clusters cy8ckit_062s2_43012 (read only) 841960 841960 0 0.0
(read/write) 1743908 1743908 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 188720 188720 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2664 2664 0 0.0
.debug_abbrev 1221907 1221907 0 0.0
.debug_aranges 111776 111776 0 0.0
.debug_frame 373168 373168 0 0.0
.debug_info 26738028 26737984 -44 -0.0
.debug_line 3662561 3662513 -48 -0.0
.debug_loc 3580890 3580815 -75 -0.0
.debug_ranges 340304 340304 0 0.0
.debug_str 3428044 3428044 0 0.0
.heap 841960 841960 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 570955 570955 0 0.0
.symtab 421680 421680 0 0.0
.text 1544136 1544136 0 0.0
.zero.table 8 8 0 0.0
text 0 0 0 0.0
all-clusters-minimal cy8ckit_062s2_43012 (read only) 842696 842696 0 0.0
(read/write) 1687092 1687092 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 187984 187984 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2664 2664 0 0.0
.debug_abbrev 1213746 1213746 0 0.0
.debug_aranges 111248 111248 0 0.0
.debug_frame 376248 376248 0 0.0
.debug_info 26474651 26474606 -45 -0.0
.debug_line 3683101 3683053 -48 -0.0
.debug_loc 3568527 3568452 -75 -0.0
.debug_ranges 338920 338920 0 0.0
.debug_str 3417049 3417049 0 0.0
.heap 842696 842696 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 535429 535429 0 0.0
.symtab 408272 408272 0 0.0
.text 1488056 1488056 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
light cy8ckit_062s2_43012 (read only) 850928 850928 0 0.0
(read/write) 1604340 1604340 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 179960 179960 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2456 2456 0 0.0
.debug_abbrev 1048565 1048565 0 0.0
.debug_aranges 103424 103424 0 0.0
.debug_frame 346516 346516 0 0.0
.debug_info 21936822 21936776 -46 -0.0
.debug_line 3253530 3253482 -48 -0.0
.debug_loc 3266821 3266746 -75 -0.0
.debug_ranges 304392 304392 0 0.0
.debug_str 3222315 3222315 0 0.0
.heap 850928 850928 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 468728 468728 0 0.0
.symtab 375360 375360 0 0.0
.text 1413536 1413536 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
lock cy8ckit_062s2_43012 (read only) 845896 845896 0 0.0
(read/write) 1642028 1642028 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 184976 184976 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2472 2472 0 0.0
.debug_abbrev 1056000 1056000 0 0.0
.debug_aranges 104096 104096 0 0.0
.debug_frame 349344 349344 0 0.0
.debug_info 22316607 22316562 -45 -0.0
.debug_line 3262339 3262291 -48 -0.0
.debug_loc 3306688 3306613 -75 -0.0
.debug_ranges 307736 307736 0 0.0
.debug_str 3249736 3249736 0 0.0
.heap 845896 845896 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 474931 474931 0 0.0
.symtab 378544 378544 0 0.0
.text 1446192 1446192 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
qpg lighting-app qpg6105+debug (read/write) 1129980 1129980 0 0.0
.bss 106112 106112 0 0.0
.data 1028 1028 0 0.0
.text 577076 577076 0 0.0
lock-app qpg6105+debug (read/write) 1100976 1100976 0 0.0
.bss 102344 102344 0 0.0
.data 1032 1032 0 0.0
.text 548076 548076 0 0.0
telink light-switch-app tlsr9518adk80d (read/write) 812960 812960 0 0.0
bss 71372 71372 0 0.0
noinit 43488 43488 0 0.0
text 574348 574348 0 0.0
lighting-app tlsr9518adk80d (read/write) 834872 834872 0 0.0
bss 72228 72228 0 0.0
noinit 43488 43488 0 0.0
text 592478 592480 2 0.0
ota-requestor-app tlsr9518adk80d (read/write) 843116 843116 0 0.0
bss 73136 73136 0 0.0
noinit 43488 43488 0 0.0
text 598740 598740 0 0.0

@github-actions
Copy link

github-actions bot commented Sep 9, 2022
edited
Loading

PR #22504: Size comparison from d746902 to f585bb8

Increases (6 builds for bl602, k32w, qpg)
platform target config section d746902 f585bb8 change % change
bl602 lighting-app bl602 (read/write) 1411750 1411822 72 0.0
.text 1066992 1067064 72 0.0
bl602+rpc (read/write) 1457210 1457282 72 0.0
.text 1098598 1098670 72 0.0
k32w light k32w0+release (read/write) 648828 648860 32 0.0
.text 573320 573352 32 0.0
lock k32w0+release (read/write) 706016 706048 32 0.0
.text 630052 630084 32 0.0
qpg lighting-app qpg6105+debug (read/write) 1129980 1130012 32 0.0
.text 577076 577108 32 0.0
lock-app qpg6105+debug (read/write) 1100976 1101000 24 0.0
.text 548076 548100 24 0.0
Decreases (1 build for telink)
platform target config section d746902 f585bb8 change % change
telink light-switch-app tlsr9518adk80d text 574348 574346 -2 -0.0
Full report (12 builds for bl602, k32w, mbed, nrfconnect, qpg, telink)
platform target config section d746902 f585bb8 change % change
bl602 lighting-app bl602 (read/write) 1411750 1411822 72 0.0
.bss 121585 121585 0 0.0
.data 9816 9816 0 0.0
.text 1066992 1067064 72 0.0
bl602+rpc (read/write) 1457210 1457282 72 0.0
.bss 129017 129017 0 0.0
.data 10200 10200 0 0.0
.text 1098598 1098670 72 0.0
k32w light k32w0+release (read/write) 648828 648860 32 0.0
.bss 70712 70712 0 0.0
.data 2068 2068 0 0.0
.text 573320 573352 32 0.0
lock k32w0+release (read/write) 706016 706048 32 0.0
.bss 71160 71160 0 0.0
.data 2076 2076 0 0.0
.text 630052 630084 32 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2455224 2455224 0 0.0
.bss 215044 215044 0 0.0
.data 5872 5872 0 0.0
.text 1417868 1417868 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1182027 1182027 0 0.0
bss 143641 143641 0 0.0
rodata 143740 143740 0 0.0
text 815708 815708 0 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1161227 1161227 0 0.0
bss 142868 142868 0 0.0
rodata 135332 135332 0 0.0
text 804100 804100 0 0.0
qpg lighting-app qpg6105+debug (read/write) 1129980 1130012 32 0.0
.bss 106112 106112 0 0.0
.data 1028 1028 0 0.0
.text 577076 577108 32 0.0
lock-app qpg6105+debug (read/write) 1100976 1101000 24 0.0
.bss 102344 102344 0 0.0
.data 1032 1032 0 0.0
.text 548076 548100 24 0.0
telink light-switch-app tlsr9518adk80d (read/write) 812960 812960 0 0.0
bss 71372 71372 0 0.0
noinit 43488 43488 0 0.0
text 574348 574346 -2 -0.0
lighting-app tlsr9518adk80d (read/write) 834872 834872 0 0.0
bss 72228 72228 0 0.0
noinit 43488 43488 0 0.0
text 592478 592478 0 0.0
ota-requestor-app tlsr9518adk80d (read/write) 843116 843116 0 0.0
bss 73136 73136 0 0.0
noinit 43488 43488 0 0.0
text 598740 598740 0 0.0

@andy31415
Copy link
Contributor

Accepted for v1: necessary for certificate chain validation

@emargolis
Update ValidateCertificateChain() To Allow Certificate Chain Validati…
f173492 
…on without Intermediate Certificate.

Using this function to validate CD signing certificates added to the CD Trust Store.
Added new unit-test cases.
@emargolis emargolis force-pushed the emargolis/feature/cd-cert-store-cert-validation branch from 3e603be to f173492 Compare September 9, 2022 23:18
@github-actions
Copy link

github-actions bot commented Sep 9, 2022
edited
Loading

PR #22504: Size comparison from faa31fd to f173492

Increases (4 builds for bl602, cc13x2_26x2, k32w, linux)
platform target config section faa31fd f173492 change % change
bl602 lighting-app bl602+rpc .text 1098670 1098672 2 0.0
cc13x2_26x2 pump-controller-app LP_CC2652R7 (read/write) 171972 171980 8 0.0
k32w light k32w0+release (read/write) 648844 648860 16 0.0
.text 573336 573352 16 0.0
linux chip-tool-ipv6only arm64 (read only) 10331900 10332988 1088 0.0
.rodata 500892 501404 512 0.1
.text 8177940 8178516 576 0.0
Decreases (7 builds for cc13x2_26x2, esp32, psoc6, telink)
platform target config section faa31fd f173492 change % change
cc13x2_26x2 pump-controller-app LP_CC2652R7 (read only) 670563 670555 -8 -0.0
.text 584264 584256 -8 -0.0
esp32 all-clusters-app c3devkit (read only) 1223520 1223518 -2 -0.0
.flash.text 1223520 1223518 -2 -0.0
psoc6 all-clusters cy8ckit_062s2_43012 .debug_info 26739035 26738991 -44 -0.0
.debug_line 3662824 3662776 -48 -0.0
.debug_loc 3581159 3581084 -75 -0.0
all-clusters-minimal cy8ckit_062s2_43012 .debug_info 26475658 26475614 -44 -0.0
.debug_line 3683364 3683316 -48 -0.0
.debug_loc 3568796 3568721 -75 -0.0
light cy8ckit_062s2_43012 .debug_info 21937827 21937783 -44 -0.0
.debug_line 3253793 3253745 -48 -0.0
.debug_loc 3267090 3267015 -75 -0.0
lock cy8ckit_062s2_43012 .debug_info 22317614 22317568 -46 -0.0
.debug_line 3262602 3262554 -48 -0.0
.debug_loc 3306958 3306883 -75 -0.0
telink lighting-app tlsr9518adk80d (read/write) 834872 834864 -8 -0.0
text 592478 592476 -2 -0.0
Full report (35 builds for bl602, cc13x2_26x2, cyw30739, efr32, esp32, k32w, linux, mbed, nrfconnect, psoc6, qpg, telink)
platform target config section faa31fd f173492 change % change
bl602 lighting-app bl602 (read/write) 1411830 1411830 0 0.0
.bss 121585 121585 0 0.0
.data 9816 9816 0 0.0
.text 1067068 1067068 0 0.0
bl602+rpc (read/write) 1457282 1457282 0 0.0
.bss 129017 129017 0 0.0
.data 10200 10200 0 0.0
.text 1098670 1098672 2 0.0
cc13x2_26x2 all-clusters-app LP_CC2652R7 (read only) 676159 676159 0 0.0
(read/write) 175248 175248 0 0.0
.bss 74300 74300 0 0.0
.data 3380 3380 0 0.0
.rodata 89383 89383 0 0.0
.text 586464 586464 0 0.0
all-clusters-minimal-app LP_CC2652R7 (read only) 640879 640879 0 0.0
(read/write) 157868 157868 0 0.0
.bss 73572 73572 0 0.0
.data 3380 3380 0 0.0
.rodata 78535 78535 0 0.0
.text 562024 562024 0 0.0
lock-ftd LP_CC2652R7 (read only) 677235 677235 0 0.0
(read/write) 164484 164484 0 0.0
.bss 71500 71500 0 0.0
.data 3304 3304 0 0.0
.rodata 77235 77235 0 0.0
.text 599520 599520 0 0.0
lock-mtd LP_CC2652R7 (read only) 660219 660219 0 0.0
(read/write) 177188 177188 0 0.0
.bss 67188 67188 0 0.0
.data 3304 3304 0 0.0
.rodata 102515 102515 0 0.0
.text 557224 557224 0 0.0
pump-app LP_CC2652R7 (read only) 686071 686071 0 0.0
(read/write) 156352 156352 0 0.0
.bss 71436 71436 0 0.0
.data 3296 3296 0 0.0
.rodata 90263 90263 0 0.0
.text 595324 595324 0 0.0
pump-controller-app LP_CC2652R7 (read only) 670563 670555 -8 -0.0
(read/write) 171972 171980 8 0.0
.bss 71548 71548 0 0.0
.data 3292 3292 0 0.0
.rodata 85819 85819 0 0.0
.text 584264 584256 -8 -0.0
shell LP_CC2652R7 (read only) 666986 666986 0 0.0
(read/write) 179940 179940 0 0.0
.bss 76620 76620 0 0.0
.data 3376 3376 0 0.0
.rodata 85994 85994 0 0.0
.text 580676 580676 0 0.0
cyw30739 light cyw930739m2evb_01 (read/write) 587394 587394 0 0.0
.app_xip_area 464052 464052 0 0.0
.bss 65776 65776 0 0.0
.data 744 744 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
lock cyw930739m2evb_01 (read/write) 593146 593146 0 0.0
.app_xip_area 465020 465020 0 0.0
.bss 70560 70560 0 0.0
.data 748 748 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
ota-requestor-no-progress-logging cyw930739m2evb_01 (read/write) 600618 600618 0 0.0
.app_xip_area 477996 477996 0 0.0
.bss 65088 65088 0 0.0
.data 716 716 0 0.0
.rodata 0 0 0 0.0
.text 112 112 0 0.0
efr32 lighting-app BRD4161A (read/write) 1109992 1109992 0 0.0
.bss 136332 136332 0 0.0
.data 2072 2072 0 0.0
.text 971568 971568 0 0.0
BRD4161A+rpc (read/write) 973036 973036 0 0.0
.bss 150844 150844 0 0.0
.data 2252 2252 0 0.0
.text 819920 819920 0 0.0
BRD4161A+rs911x (read/write) 1003432 1003432 0 0.0
.bss 169168 169168 0 0.0
.data 2064 2064 0 0.0
.text 832180 832180 0 0.0
lock-app BRD4161A+wf200 (read/write) 1150916 1150916 0 0.0
.bss 152248 152248 0 0.0
.data 2072 2072 0 0.0
.text 996576 996576 0 0.0
window-app BRD4161A (read/write) 1101224 1101224 0 0.0
.bss 137772 137772 0 0.0
.data 2096 2096 0 0.0
.text 961336 961336 0 0.0
esp32 all-clusters-app c3devkit (read only) 1223520 1223518 -2 -0.0
(read/write) 1787654 1787654 0 0.0
.dram0.bss 76952 76952 0 0.0
.dram0.data 13840 13840 0 0.0
.flash.rodata 257208 257208 0 0.0
.flash.text 1223520 1223518 -2 -0.0
.iram0.text 65204 65204 0 0.0
m5stack (read only) 1233347 1233347 0 0.0
(read/write) 563596 563596 0 0.0
.dram0.bss 82312 82312 0 0.0
.dram0.data 34296 34296 0 0.0
.flash.rodata 314320 314320 0 0.0
.flash.text 1227963 1227963 0 0.0
.iram0.text 123939 123939 0 0.0
k32w light k32w0+release (read/write) 648844 648860 16 0.0
.bss 70712 70712 0 0.0
.data 2068 2068 0 0.0
.text 573336 573352 16 0.0
lock k32w0+release (read/write) 706048 706048 0 0.0
.bss 71160 71160 0 0.0
.data 2076 2076 0 0.0
.text 630084 630084 0 0.0
linux chip-tool-ipv6only arm64 (read only) 10331900 10332988 1088 0.0
(read/write) 705649 705649 0 0.0
.bss 33937 33937 0 0.0
.data 2856 2856 0 0.0
.data.rel.ro 650024 650024 0 0.0
.dynamic 560 560 0 0.0
.got 13864 13864 0 0.0
.init 24 24 0 0.0
.init_array 200 200 0 0.0
.rodata 500892 501404 512 0.1
.text 8177940 8178516 576 0.0
thermostat-no-ble arm64 (read only) 2365844 2365844 0 0.0
(read/write) 141905 141905 0 0.0
.bss 55233 55233 0 0.0
.data 1680 1680 0 0.0
.data.rel.ro 76160 76160 0 0.0
.dynamic 560 560 0 0.0
.got 5056 5056 0 0.0
.init 24 24 0 0.0
.init_array 416 416 0 0.0
.rodata 141452 141452 0 0.0
.text 1986304 1986304 0 0.0
mbed lock-app CY8CPROTO_062_4343W+release (read only) 6224 6224 0 0.0
(read/write) 2455224 2455224 0 0.0
.bss 215044 215044 0 0.0
.data 5872 5872 0 0.0
.text 1417868 1417868 0 0.0
nrfconnect all-clusters-app nrf52840dk_nrf52840 (read/write) 1182027 1182027 0 0.0
bss 143641 143641 0 0.0
rodata 143740 143740 0 0.0
text 815708 815708 0 0.0
all-clusters-minimal-app nrf52840dk_nrf52840 (read/write) 1161227 1161227 0 0.0
bss 142868 142868 0 0.0
rodata 135332 135332 0 0.0
text 804100 804100 0 0.0
psoc6 all-clusters cy8ckit_062s2_43012 (read only) 841960 841960 0 0.0
(read/write) 1744108 1744108 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 188720 188720 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2664 2664 0 0.0
.debug_abbrev 1221909 1221909 0 0.0
.debug_aranges 111776 111776 0 0.0
.debug_frame 373172 373172 0 0.0
.debug_info 26739035 26738991 -44 -0.0
.debug_line 3662824 3662776 -48 -0.0
.debug_loc 3581159 3581084 -75 -0.0
.debug_ranges 340544 340544 0 0.0
.debug_str 3428604 3428604 0 0.0
.heap 841960 841960 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 571087 571087 0 0.0
.symtab 421776 421776 0 0.0
.text 1544336 1544336 0 0.0
.zero.table 8 8 0 0.0
text 0 0 0 0.0
all-clusters-minimal cy8ckit_062s2_43012 (read only) 842696 842696 0 0.0
(read/write) 1687316 1687316 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 187984 187984 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2664 2664 0 0.0
.debug_abbrev 1213748 1213748 0 0.0
.debug_aranges 111248 111248 0 0.0
.debug_frame 376252 376252 0 0.0
.debug_info 26475658 26475614 -44 -0.0
.debug_line 3683364 3683316 -48 -0.0
.debug_loc 3568796 3568721 -75 -0.0
.debug_ranges 339160 339160 0 0.0
.debug_str 3417609 3417609 0 0.0
.heap 842696 842696 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 535561 535561 0 0.0
.symtab 408368 408368 0 0.0
.text 1488280 1488280 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
light cy8ckit_062s2_43012 (read only) 850928 850928 0 0.0
(read/write) 1604548 1604548 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 179960 179960 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2456 2456 0 0.0
.debug_abbrev 1048567 1048567 0 0.0
.debug_aranges 103424 103424 0 0.0
.debug_frame 346520 346520 0 0.0
.debug_info 21937827 21937783 -44 -0.0
.debug_line 3253793 3253745 -48 -0.0
.debug_loc 3267090 3267015 -75 -0.0
.debug_ranges 304632 304632 0 0.0
.debug_str 3222875 3222875 0 0.0
.heap 850928 850928 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 468860 468860 0 0.0
.symtab 375456 375456 0 0.0
.text 1413744 1413744 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
lock cy8ckit_062s2_43012 (read only) 845896 845896 0 0.0
(read/write) 1642236 1642236 0 0.0
.ARM.attributes 46 46 0 0.0
.ARM.exidx 8 8 0 0.0
.bss 184976 184976 0 0.0
.comment 204 204 0 0.0
.copy.table 24 24 0 0.0
.cy_m0p_image 6216 6216 0 0.0
.cy_sharedmem 8 8 0 0.0
.data 2472 2472 0 0.0
.debug_abbrev 1056002 1056002 0 0.0
.debug_aranges 104096 104096 0 0.0
.debug_frame 349348 349348 0 0.0
.debug_info 22317614 22317568 -46 -0.0
.debug_line 3262602 3262554 -48 -0.0
.debug_loc 3306958 3306883 -75 -0.0
.debug_ranges 307976 307976 0 0.0
.debug_str 3250296 3250296 0 0.0
.heap 845896 845896 0 0.0
.noinit 148 148 0 0.0
.ramVectors 736 736 0 0.0
.shstrtab 288 288 0 0.0
.stab 156 156 0 0.0
.stabstr 335 335 0 0.0
.stack_dummy 4096 4096 0 0.0
.strtab 475063 475063 0 0.0
.symtab 378640 378640 0 0.0
.text 1446400 1446400 0 0.0
.zero.table 0 0 0 0.0
8 8 0 0.0
qpg lighting-app qpg6105+debug (read/write) 1130012 1130012 0 0.0
.bss 106112 106112 0 0.0
.data 1028 1028 0 0.0
.text 577108 577108 0 0.0
lock-app qpg6105+debug (read/write) 1101008 1101008 0 0.0
.bss 102344 102344 0 0.0
.data 1032 1032 0 0.0
.text 548108 548108 0 0.0
telink light-switch-app tlsr9518adk80d (read/write) 812960 812960 0 0.0
bss 71372 71372 0 0.0
noinit 43488 43488 0 0.0
text 574348 574348 0 0.0
lighting-app tlsr9518adk80d (read/write) 834872 834864 -8 -0.0
bss 72228 72228 0 0.0
noinit 43488 43488 0 0.0
text 592478 592476 -2 -0.0
ota-requestor-app tlsr9518adk80d (read/write) 843116 843116 0 0.0
bss 73136 73136 0 0.0
noinit 43488 43488 0 0.0
text 598740 598740 0 0.0

@andy31415 andy31415 merged commit c808c48 into project-chip:master Sep 10, 2022
@emargolis emargolis mentioned this pull request Sep 15, 2022
Closed
isiu-apple pushed a commit to isiu-apple/connectedhomeip that referenced this pull request Sep 16, 2022
@emargolis @isiu-apple
Update ValidateCertificateChain() To Allow Certificate Chain Validati…
963b060 
…on without Intermediate Certificate. (project-chip#22504)

Using this function to validate CD signing certificates added to the CD Trust Store.
Added new unit-test cases.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcarmelveilleux tcarmelveilleux tcarmelveilleux approved these changes

@bzbarsky-apple bzbarsky-apple bzbarsky-apple approved these changes

@andy31415 andy31415 Awaiting requested review from andy31415

@anush-apple anush-apple Awaiting requested review from anush-apple

@arkq arkq Awaiting requested review from arkq

@Byungjoo-Lee Byungjoo-Lee Awaiting requested review from Byungjoo-Lee

@carol-apple carol-apple Awaiting requested review from carol-apple

@chrisdecenzo chrisdecenzo Awaiting requested review from chrisdecenzo

@chshu chshu Awaiting requested review from chshu

@chulspro chulspro Awaiting requested review from chulspro

@Damian-Nordic Damian-Nordic Awaiting requested review from Damian-Nordic

@dhrishi dhrishi Awaiting requested review from dhrishi

@electrocucaracha electrocucaracha Awaiting requested review from electrocucaracha

@erjiaqing erjiaqing Awaiting requested review from erjiaqing

@franck-apple franck-apple Awaiting requested review from franck-apple

@gjc13 gjc13 Awaiting requested review from gjc13

@harimau-qirex harimau-qirex Awaiting requested review from harimau-qirex

@harsha-rajendran harsha-rajendran Awaiting requested review from harsha-rajendran

@hawk248 hawk248 Awaiting requested review from hawk248

@isiu-apple isiu-apple Awaiting requested review from isiu-apple

@jelderton jelderton Awaiting requested review from jelderton

@jepenven-silabs jepenven-silabs Awaiting requested review from jepenven-silabs

@jmartinez-silabs jmartinez-silabs Awaiting requested review from jmartinez-silabs

@jtung-apple jtung-apple Awaiting requested review from jtung-apple

@kpschoedel kpschoedel Awaiting requested review from kpschoedel

@lazarkov lazarkov Awaiting requested review from lazarkov

@LuDuda LuDuda Awaiting requested review from LuDuda

@msandstedt msandstedt Awaiting requested review from msandstedt

@rgoliver rgoliver Awaiting requested review from rgoliver

@robszewczyk robszewczyk Awaiting requested review from robszewczyk

@saurabhst saurabhst Awaiting requested review from saurabhst

@selissia selissia Awaiting requested review from selissia

@tecimovic tecimovic Awaiting requested review from tecimovic

@tehampson tehampson Awaiting requested review from tehampson

@turon turon Awaiting requested review from turon

@vijs vijs Awaiting requested review from vijs

@vivien-apple vivien-apple Awaiting requested review from vivien-apple

@wbschiller wbschiller Awaiting requested review from wbschiller

@woody-apple woody-apple Awaiting requested review from woody-apple

@xylophone21 xylophone21 Awaiting requested review from xylophone21

@yufengwangca yufengwangca Awaiting requested review from yufengwangca

Assignees
No one assigned
Labels
crypto efr32 platform review - approved
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[1.0] Trust validation for CD signing keys missing
4 participants
@emargolis @andy31415 @tcarmelveilleux @bzbarsky-apple