From 8426a309c1de246ac13012246e44b6249a43d081 Mon Sep 17 00:00:00 2001 From: Jiewen Yao Date: Tue, 21 Mar 2023 14:44:40 +0800 Subject: [PATCH] Add handshake mode switch check in FINISH and PSK_FINISH. Reference: DMTF-2023-0001 Fix: https://github.com/DMTF/libspdm/issues/2005 Signed-off-by: Jiewen Yao --- library/spdm_responder_lib/libspdm_rsp_finish.c | 5 +++++ library/spdm_responder_lib/libspdm_rsp_psk_finish.c | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/library/spdm_responder_lib/libspdm_rsp_finish.c b/library/spdm_responder_lib/libspdm_rsp_finish.c index 11693a40e2f..0dbba0d41b5 100644 --- a/library/spdm_responder_lib/libspdm_rsp_finish.c +++ b/library/spdm_responder_lib/libspdm_rsp_finish.c @@ -396,6 +396,11 @@ libspdm_return_t libspdm_get_response_finish(void *context, size_t request_size, SPDM_ERROR_CODE_SESSION_REQUIRED, 0, response_size, response); } + if (session_info->use_psk) { + return libspdm_generate_error_response(spdm_context, + SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, + response_size, response); + } session_state = libspdm_secured_message_get_session_state( session_info->secured_message_context); if (session_state != LIBSPDM_SESSION_STATE_HANDSHAKING) { diff --git a/library/spdm_responder_lib/libspdm_rsp_psk_finish.c b/library/spdm_responder_lib/libspdm_rsp_psk_finish.c index ba07cc01149..3d6c8a2200d 100644 --- a/library/spdm_responder_lib/libspdm_rsp_psk_finish.c +++ b/library/spdm_responder_lib/libspdm_rsp_psk_finish.c @@ -123,6 +123,11 @@ libspdm_return_t libspdm_get_response_psk_finish(void *context, SPDM_ERROR_CODE_SESSION_REQUIRED, 0, response_size, response); } + if (!session_info->use_psk) { + return libspdm_generate_error_response(spdm_context, + SPDM_ERROR_CODE_UNEXPECTED_REQUEST, 0, + response_size, response); + } session_state = libspdm_secured_message_get_session_state( session_info->secured_message_context); if (session_state != LIBSPDM_SESSION_STATE_HANDSHAKING) {