Steven Bellock
Steven Bellock
libspdm requires `OpaqueDataFmt1` to be selected during `NEGOTIATE_ALGORITHMS`. See : https://github.com/DMTF/libspdm/blob/21729b5456e7075a23ca8918d0b12b3a4a0eac43/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c#L476-L481 However it should be legal to have no `OpaqueData`. From the specification >If the Requester or the Responder does...
And consider refactoring `libspdm_bin_concat()` so that it uses a generic label like `SPDM_VERSION_GENERIC_BIN_CONCAT_LABEL "spdmx.x "` since the version numbers are overwritten in the function. At first glance it looks like...
Examples include: - Validate that one-hot fields are actually one-hot. - In negotiate_algorithms the requester loops over ALGORITHMS.param1 without validating it first.
See https://github.com/DMTF/libspdm/actions/runs/3372264103/jobs/5595487418#step:3:414 This is with `cmake -DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DCRYPTO=mbedtls -DGCOV=ON ..`
In https://github.com/DMTF/libspdm/blob/main/.github/workflows/build.yml have at least one build configuration where GCOV is enabled. Probably `-DARCH=x64 -DTOOLCHAIN=GCC -DTARGET=Debug -DGCOV=ON ..`
Currently libspdm blindly copies all bits from a request / response into its context. For example : https://github.com/DMTF/libspdm/blob/7002d5202b28f0f89bba3beb90c9b3f54eea54af/library/spdm_requester_lib/libspdm_req_get_capabilities.c#L274 In the case of `CAPABILITIES`, a malicious actor could fill the reserved...
libspdm has a fair amount of boolean configuration macros. In CI/CD we currently test two combinations : everything enabled and most everything disabled. However there are thousands of possible combinations...
Currently the secured message context is appended to the SPDM context. However as the secured message context contains things like keys, an Integrator may want to separate it from the...
Currently if an integrator wants to extract the Export Master Secret from the SPDM context they'll use the `libspdm_secured_message_export_master_secret` which does the `memcpy` for them. However the integrator may want...