From 554804cbfe09e806ad605913f4730fc6886b2007 Mon Sep 17 00:00:00 2001 From: Steven Bellock Date: Wed, 29 Jan 2025 10:35:16 -0800 Subject: [PATCH] Add EP_INFO_CAP check Fix #2972. Signed-off-by: Steven Bellock --- library/spdm_requester_lib/libspdm_req_get_capabilities.c | 7 +++++++ library/spdm_responder_lib/libspdm_rsp_capabilities.c | 7 +++++++ 2 files changed, 14 insertions(+) diff --git a/library/spdm_requester_lib/libspdm_req_get_capabilities.c b/library/spdm_requester_lib/libspdm_req_get_capabilities.c index de92a765046..a414c1c228e 100644 --- a/library/spdm_requester_lib/libspdm_req_get_capabilities.c +++ b/library/spdm_requester_lib/libspdm_req_get_capabilities.c @@ -106,7 +106,14 @@ static bool validate_responder_capability(uint32_t capabilities_flag, uint8_t ve if ((cert_cap == 1) && (pub_key_id_cap == 1)) { return false; } + /* If certificates or public keys are enabled then at least one of these capabilities + * must be enabled to use the key. */ if ((chal_cap == 0) && (key_ex_cap == 0) && ((meas_cap == 0) || (meas_cap == 1))) { + if (version >= SPDM_MESSAGE_VERSION_13) { + if ((ep_info_cap == 0) || (ep_info_cap == 1)) { + return false; + } + } return false; } } else { diff --git a/library/spdm_responder_lib/libspdm_rsp_capabilities.c b/library/spdm_responder_lib/libspdm_rsp_capabilities.c index eeb7d827cc7..d607dd727e8 100644 --- a/library/spdm_responder_lib/libspdm_rsp_capabilities.c +++ b/library/spdm_responder_lib/libspdm_rsp_capabilities.c @@ -98,7 +98,14 @@ static bool libspdm_check_request_flag_compatibility(uint32_t capabilities_flag, if ((cert_cap == 1) && (pub_key_id_cap == 1)) { return false; } + /* If certificates or public keys are enabled then at least one of these capabilities + * must be enabled to use the key. */ if ((chal_cap == 0) && (key_ex_cap == 0)) { + if (version >= SPDM_MESSAGE_VERSION_13) { + if ((ep_info_cap == 0) || (ep_info_cap == 1)) { + return false; + } + } return false; } } else {