Add spdm_requester_size check before use

Fix the issue: #2736 Signed-off-by: Wenxing Hou <[email protected]>
DMTF · Jul 11, 2024 · 78dd17f · 78dd17f
1 parent 12fae2e
commit 78dd17f
Show file tree

Hide file tree

Showing 20 changed files with 80 additions and 14 deletions.
diff --git a/library/spdm_requester_lib/libspdm_req_challenge.c b/library/spdm_requester_lib/libspdm_req_challenge.c
@@ -109,13 +109,17 @@ static libspdm_return_t libspdm_try_challenge(libspdm_context_t *spdm_context,
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_challenge_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_CHALLENGE;
     spdm_request->header.param1 = slot_id;
     spdm_request->header.param2 = measurement_hash_type;
-    spdm_request_size = sizeof(spdm_challenge_request_t);
     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_challenge_request_t) +
+                        SPDM_REQ_CONTEXT_SIZE);
         spdm_request_size = sizeof(spdm_challenge_request_t) + SPDM_REQ_CONTEXT_SIZE;
+    } else {
+        spdm_request_size = sizeof(spdm_challenge_request_t);
     }
     if (requester_nonce_in == NULL) {
         if(!libspdm_get_random_number(SPDM_NONCE_SIZE, spdm_request->nonce)) {

diff --git a/library/spdm_requester_lib/libspdm_req_communication.c b/library/spdm_requester_lib/libspdm_req_communication.c
@@ -327,6 +327,8 @@ libspdm_return_t libspdm_send_data(void *spdm_context, const uint32_t *session_i
     spdm_request = (void *)(message + transport_header_size);
     spdm_request_size = message_size - transport_header_size -
                         context->local_context.capability.transport_tail_size;
+
+    LIBSPDM_ASSERT (spdm_request_size >= request_size);
     libspdm_copy_mem (spdm_request, spdm_request_size, request, request_size);
     spdm_request_size = request_size;
 

diff --git a/library/spdm_requester_lib/libspdm_req_end_session.c b/library/spdm_requester_lib/libspdm_req_end_session.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -77,6 +77,7 @@ static libspdm_return_t libspdm_try_send_receive_end_session(libspdm_context_t *
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_end_session_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_END_SESSION;
     spdm_request->header.param1 = end_session_attributes;

diff --git a/library/spdm_requester_lib/libspdm_req_finish.c b/library/spdm_requester_lib/libspdm_req_finish.c
@@ -412,6 +412,7 @@ static libspdm_return_t libspdm_try_send_receive_finish(libspdm_context_t *spdm_
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_request->header));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_FINISH;
     spdm_request->header.param1 = 0;
@@ -436,6 +437,8 @@ static libspdm_return_t libspdm_try_send_receive_finish(libspdm_context_t *spdm_
     }
 
     hmac_size = libspdm_get_hash_size(spdm_context->connection_info.algorithm.base_hash_algo);
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_finish_request_t) + signature_size +
+                    hmac_size);
     spdm_request_size = sizeof(spdm_finish_request_t) + signature_size + hmac_size;
     ptr = spdm_request->signature;
 

diff --git a/library/spdm_requester_lib/libspdm_req_get_capabilities.c b/library/spdm_requester_lib/libspdm_req_get_capabilities.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -226,11 +226,16 @@ static libspdm_return_t libspdm_try_get_capabilities(libspdm_context_t *spdm_con
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
-    libspdm_zero_mem(spdm_request, sizeof(spdm_get_capabilities_request_t));
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_request->header));
+    libspdm_zero_mem(spdm_request, spdm_request_size);
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_12) {
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_capabilities_request_t));
         spdm_request_size = sizeof(spdm_get_capabilities_request_t);
     } else if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_11) {
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_capabilities_request_t) -
+                        sizeof(spdm_request->data_transfer_size) -
+                        sizeof(spdm_request->max_spdm_msg_size));
         spdm_request_size = sizeof(spdm_get_capabilities_request_t) -
                             sizeof(spdm_request->data_transfer_size) -
                             sizeof(spdm_request->max_spdm_msg_size);

diff --git a/library/spdm_requester_lib/libspdm_req_get_certificate.c b/library/spdm_requester_lib/libspdm_req_get_certificate.c
@@ -144,6 +144,7 @@ static libspdm_return_t libspdm_try_get_certificate(libspdm_context_t *spdm_cont
         spdm_request_size = message_size - transport_header_size -
                             spdm_context->local_context.capability.transport_tail_size;
 
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_certificate_request_t));
         spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
         spdm_request->header.request_response_code = SPDM_GET_CERTIFICATE;
         spdm_request->header.param1 = slot_id;

diff --git a/library/spdm_requester_lib/libspdm_req_get_csr.c b/library/spdm_requester_lib/libspdm_req_get_csr.c
@@ -121,6 +121,8 @@ static libspdm_return_t libspdm_try_get_csr(libspdm_context_t *spdm_context,
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_csr_request_t) + opaque_data_length
+                    + requester_info_length);
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_GET_CSR;
     spdm_request->header.param1 = key_pair_id;

diff --git a/library/spdm_requester_lib/libspdm_req_get_digests.c b/library/spdm_requester_lib/libspdm_req_get_digests.c
@@ -107,6 +107,7 @@ static libspdm_return_t libspdm_try_get_digest(libspdm_context_t *spdm_context,
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_digest_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_GET_DIGESTS;
     spdm_request->header.param1 = 0;

diff --git a/library/spdm_requester_lib/libspdm_req_get_event_types.c b/library/spdm_requester_lib/libspdm_req_get_event_types.c
@@ -62,6 +62,7 @@ static libspdm_return_t libspdm_try_get_event_types(libspdm_context_t *spdm_cont
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_supported_event_types_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version(spdm_context);
     spdm_request->header.request_response_code = SPDM_GET_SUPPORTED_EVENT_TYPES;
     spdm_request->header.param1 = 0;

diff --git a/library/spdm_requester_lib/libspdm_req_get_measurements.c b/library/spdm_requester_lib/libspdm_req_get_measurements.c
@@ -233,14 +233,22 @@ static libspdm_return_t libspdm_try_get_measurement(libspdm_context_t *spdm_cont
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_request->header));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_GET_MEASUREMENTS;
     spdm_request->header.param1 = request_attribute;
     spdm_request->header.param2 = measurement_operation;
     if ((request_attribute & SPDM_GET_MEASUREMENTS_REQUEST_ATTRIBUTES_GENERATE_SIGNATURE) != 0) {
-        if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_11) {
+        if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
+            LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_measurements_request_t) +
+                            SPDM_REQ_CONTEXT_SIZE);
+            spdm_request_size = sizeof(spdm_get_measurements_request_t) + SPDM_REQ_CONTEXT_SIZE;
+        } else if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_11) {
+            LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_measurements_request_t));
             spdm_request_size = sizeof(spdm_get_measurements_request_t);
         } else {
+            LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_measurements_request_t) -
+                            sizeof(spdm_request->slot_id_param));
             spdm_request_size = sizeof(spdm_get_measurements_request_t) -
                                 sizeof(spdm_request->slot_id_param);
         }
@@ -264,24 +272,32 @@ static libspdm_return_t libspdm_try_get_measurement(libspdm_context_t *spdm_cont
                              spdm_request->nonce, SPDM_NONCE_SIZE);
         }
     } else {
-        spdm_request_size = sizeof(spdm_request->header);
+        if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
+            LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_request->header) +
+                            SPDM_REQ_CONTEXT_SIZE);
+            spdm_request_size = sizeof(spdm_request->header) + SPDM_REQ_CONTEXT_SIZE;
+        } else {
+            spdm_request_size = sizeof(spdm_request->header);
+        }
 
         if (requester_nonce != NULL) {
             libspdm_zero_mem (requester_nonce, SPDM_NONCE_SIZE);
         }
     }
     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_13) {
         if (requester_context == NULL) {
-            libspdm_zero_mem((uint8_t *)spdm_request + spdm_request_size, SPDM_REQ_CONTEXT_SIZE);
+            libspdm_zero_mem((uint8_t *)spdm_request + spdm_request_size - SPDM_REQ_CONTEXT_SIZE,
+                             SPDM_REQ_CONTEXT_SIZE);
         } else {
-            libspdm_copy_mem((uint8_t *)spdm_request + spdm_request_size, SPDM_REQ_CONTEXT_SIZE,
+            libspdm_copy_mem((uint8_t *)spdm_request + spdm_request_size - SPDM_REQ_CONTEXT_SIZE,
+                             SPDM_REQ_CONTEXT_SIZE,
                              requester_context, SPDM_REQ_CONTEXT_SIZE);
         }
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "RequesterContext - "));
-        LIBSPDM_INTERNAL_DUMP_DATA((uint8_t *)spdm_request + spdm_request_size,
+        LIBSPDM_INTERNAL_DUMP_DATA((uint8_t *)spdm_request + spdm_request_size -
+                                   SPDM_REQ_CONTEXT_SIZE,
                                    SPDM_REQ_CONTEXT_SIZE);
         LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO, "\n"));
-        spdm_request_size += SPDM_REQ_CONTEXT_SIZE;
     }
 
     /* -=[Send Request Phase]=- */

diff --git a/library/spdm_requester_lib/libspdm_req_get_version.c b/library/spdm_requester_lib/libspdm_req_get_version.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -72,6 +72,7 @@ static libspdm_return_t libspdm_try_get_version(libspdm_context_t *spdm_context,
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_get_version_request_t));
     spdm_request->header.spdm_version = SPDM_MESSAGE_VERSION_10;
     spdm_request->header.request_response_code = SPDM_GET_VERSION;
     spdm_request->header.param1 = 0;

diff --git a/library/spdm_requester_lib/libspdm_req_handle_error_response.c b/library/spdm_requester_lib/libspdm_req_handle_error_response.c
@@ -51,6 +51,7 @@ static libspdm_return_t libspdm_requester_respond_if_ready(libspdm_context_t *sp
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_response_if_ready_request_t));
     spdm_context->crypto_request = true;
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_RESPOND_IF_READY;
@@ -272,6 +273,7 @@ libspdm_return_t libspdm_handle_error_large_response(
         spdm_request = (spdm_chunk_get_request_t*)(void*) (message + transport_header_size);
         spdm_request_size = message_size - transport_header_size;
 
+        LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_chunk_get_request_t));
         spdm_request->header.spdm_version = libspdm_get_connection_version(spdm_context);
         spdm_request->header.request_response_code = SPDM_CHUNK_GET;
         spdm_request->header.param1 = 0;

diff --git a/library/spdm_requester_lib/libspdm_req_heartbeat.c b/library/spdm_requester_lib/libspdm_req_heartbeat.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -74,6 +74,7 @@ static libspdm_return_t libspdm_try_heartbeat(libspdm_context_t *spdm_context, u
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_heartbeat_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_HEARTBEAT;
     spdm_request->header.param1 = 0;

diff --git a/library/spdm_requester_lib/libspdm_req_key_exchange.c b/library/spdm_requester_lib/libspdm_req_key_exchange.c
@@ -347,6 +347,7 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_KEY_EXCHANGE;
     spdm_request->header.param1 = measurement_hash_type;
@@ -388,6 +389,7 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
         return LIBSPDM_STATUS_CRYPTO_ERROR;
     }
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) + dhe_key_size);
     result = libspdm_secured_message_dhe_generate_key(
         spdm_context->connection_info.algorithm.dhe_named_group,
         dhe_context, ptr, &dhe_key_size);
@@ -404,6 +406,9 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
     if (requester_opaque_data != NULL) {
         LIBSPDM_ASSERT(requester_opaque_data_size <= SPDM_MAX_OPAQUE_DATA_SIZE);
 
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) + dhe_key_size +
+                        sizeof(uint16_t) + requester_opaque_data_size);
+
         libspdm_write_uint16(ptr, (uint16_t)requester_opaque_data_size);
         ptr += sizeof(uint16_t);
 
@@ -414,6 +419,9 @@ static libspdm_return_t libspdm_try_send_receive_key_exchange(
     } else {
         opaque_key_exchange_req_size =
             libspdm_get_opaque_data_supported_version_data_size(spdm_context);
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_exchange_request_t) + dhe_key_size +
+                        sizeof(uint16_t) + opaque_key_exchange_req_size);
+
         libspdm_write_uint16(ptr, (uint16_t)opaque_key_exchange_req_size);
         ptr += sizeof(uint16_t);
 

diff --git a/library/spdm_requester_lib/libspdm_req_key_update.c b/library/spdm_requester_lib/libspdm_req_key_update.c
@@ -91,6 +91,7 @@ static libspdm_return_t libspdm_try_key_update(libspdm_context_t *spdm_context,
         spdm_request_size = message_size - transport_header_size -
                             spdm_context->local_context.capability.transport_tail_size;
 
+        LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_update_request_t));
         spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
         spdm_request->header.request_response_code = SPDM_KEY_UPDATE;
         if (single_direction) {
@@ -241,6 +242,7 @@ static libspdm_return_t libspdm_try_key_update(libspdm_context_t *spdm_context,
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_key_update_request_t));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_KEY_UPDATE;
     spdm_request->header.param1 = SPDM_KEY_UPDATE_OPERATIONS_TABLE_VERIFY_NEW_KEY;

diff --git a/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c b/library/spdm_requester_lib/libspdm_req_negotiate_algorithms.c
@@ -106,7 +106,8 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
-    libspdm_zero_mem(spdm_request, sizeof(libspdm_negotiate_algorithms_request_mine_t));
+    LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_negotiate_algorithms_request_t));
+    libspdm_zero_mem(spdm_request, spdm_request_size);
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     if (spdm_request->header.spdm_version >= SPDM_MESSAGE_VERSION_11) {
         /* Number of Algorithms Structure Tables based on supported algorithms */
@@ -134,6 +135,8 @@ static libspdm_return_t libspdm_try_negotiate_algorithms(libspdm_context_t *spdm
                                sizeof(spdm_request->struct_table);
         spdm_request->header.param1 = 0;
     }
+
+    LIBSPDM_ASSERT(spdm_request_size >= spdm_request->length);
     spdm_request->header.request_response_code = SPDM_NEGOTIATE_ALGORITHMS;
     spdm_request->header.param2 = 0;
     spdm_request->measurement_specification =

diff --git a/library/spdm_requester_lib/libspdm_req_psk_exchange.c b/library/spdm_requester_lib/libspdm_req_psk_exchange.c
@@ -228,6 +228,7 @@ static libspdm_return_t libspdm_try_send_receive_psk_exchange(
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_psk_exchange_request_t) + psk_hint_size);
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_PSK_EXCHANGE;
     spdm_request->header.param1 = measurement_hash_type;
@@ -252,6 +253,9 @@ static libspdm_return_t libspdm_try_send_receive_psk_exchange(
         opaque_psk_exchange_req_size =
             libspdm_get_opaque_data_supported_version_data_size(spdm_context);
     }
+
+    LIBSPDM_ASSERT(spdm_request_size >= sizeof(spdm_psk_exchange_request_t) + psk_hint_size +
+                   spdm_request->context_length + opaque_psk_exchange_req_size);
     spdm_request->opaque_length = (uint16_t)opaque_psk_exchange_req_size;
 
     spdm_request->req_session_id = req_session_id;

diff --git a/library/spdm_requester_lib/libspdm_req_psk_finish.c b/library/spdm_requester_lib/libspdm_req_psk_finish.c
@@ -1,6 +1,6 @@
 /**
  *  Copyright Notice:
- *  Copyright 2021-2022 DMTF. All rights reserved.
+ *  Copyright 2021-2024 DMTF. All rights reserved.
  *  License: BSD 3-Clause License. For full text see link: https://github.com/DMTF/libspdm/blob/main/LICENSE.md
  **/
 
@@ -153,13 +153,15 @@ static libspdm_return_t libspdm_try_send_receive_psk_finish(libspdm_context_t *s
     spdm_request_size = message_size - transport_header_size -
                         spdm_context->local_context.capability.transport_tail_size;
 
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_request->header));
     spdm_request->header.spdm_version = libspdm_get_connection_version (spdm_context);
     spdm_request->header.request_response_code = SPDM_PSK_FINISH;
     spdm_request->header.param1 = 0;
     spdm_request->header.param2 = 0;
 
     hmac_size = libspdm_get_hash_size(
         spdm_context->connection_info.algorithm.base_hash_algo);
+    LIBSPDM_ASSERT (spdm_request_size >= sizeof(spdm_request->header) + hmac_size);
     spdm_request_size = sizeof(spdm_psk_finish_request_t) + hmac_size;
 
     status = libspdm_append_message_f(spdm_context, session_info, true, (uint8_t *)spdm_request,