sravan/system76-edk2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NetworkPkg: Remove ASSERT and use error handling in IpSecDxe

Browse Source 
This patch is used to refine the code by removing ASSERT and
using error handling in IpSecDxe driver.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu
2016-06-17 11:59:47 +08:00
parent 415aa2f1cb
commit 6b16c9e7ea
8 changed files with 379 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
NetworkPkg/IpSecDxe/Ikev2/Info.c
View File

@ -2,7 +2,7 @@
The Implementations for Information Exchange. The Implementations for Information Exchange.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -47,7 +47,9 @@ Ikev2InfoGenerator (
InfoContext = NULL; InfoContext = NULL;
IkeSaSession = (IKEV2_SA_SESSION *) SaSession; IkeSaSession = (IKEV2_SA_SESSION *) SaSession;
IkePacket = IkePacketAlloc (); IkePacket = IkePacketAlloc ();
ASSERT (IkePacket != NULL); if (IkePacket == NULL) {
return NULL;
}
// //
// Fill IkePacket Header. // Fill IkePacket Header.

203
NetworkPkg/IpSecDxe/Ikev2/Payload.c
View File

@ -2,7 +2,7 @@
The implementation of Payloads Creation. The implementation of Payloads Creation.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -52,7 +52,10 @@ Ikev2GenerateSaPayload (
UINTN SaDataSize; UINTN SaDataSize;
SaPayload = IkePayloadAlloc (); SaPayload = IkePayloadAlloc ();
ASSERT (SaPayload != NULL); if (SaPayload == NULL) {
return NULL;
}
// //
// TODO: Get the Proposal Number and Transform Number from IPsec Config, // TODO: Get the Proposal Number and Transform Number from IPsec Config,
// after the Ipsecconfig Application is support it. // after the Ipsecconfig Application is support it.
@ -70,7 +73,10 @@ Ikev2GenerateSaPayload (
} }
SaData = AllocateZeroPool (SaDataSize); SaData = AllocateZeroPool (SaDataSize);
ASSERT (SaData != NULL); if (SaData == NULL) {
IkePayloadFree (SaPayload);
return NULL;
}
CopyMem (SaData, SessionSaData, SaDataSize); CopyMem (SaData, SessionSaData, SaDataSize);
SaData->SaHeader.Header.NextPayload = NextPayload; SaData->SaHeader.Header.NextPayload = NextPayload;
@ -118,14 +124,20 @@ Ikev2GenerateNoncePayload (
NonceBlock = NonceBuf; NonceBlock = NonceBuf;
Nonce = AllocateZeroPool (Size); Nonce = AllocateZeroPool (Size);
ASSERT (Nonce != NULL); if (Nonce == NULL) {
return NULL;
}
CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE)); CopyMem (Nonce + 1, NonceBlock, Size - sizeof (IKEV2_NONCE));
Nonce->Header.NextPayload = NextPayload; Nonce->Header.NextPayload = NextPayload;
Nonce->Header.PayloadLength = (UINT16) Size; Nonce->Header.PayloadLength = (UINT16) Size;
NoncePayload = IkePayloadAlloc (); NoncePayload = IkePayloadAlloc ();
if (NoncePayload == NULL) {
ASSERT (NoncePayload != NULL); FreePool (Nonce);
return NULL;
}
NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE; NoncePayload->PayloadType = IKEV2_PAYLOAD_TYPE_NONCE;
NoncePayload->PayloadBuf = (UINT8 *) Nonce; NoncePayload->PayloadBuf = (UINT8 *) Nonce;
NoncePayload->PayloadSize = Size; NoncePayload->PayloadSize = Size;
@ -180,7 +192,9 @@ Ikev2GenerateKePayload (
// Allocate buffer for Key Exchange // Allocate buffer for Key Exchange
// //
Ke = AllocateZeroPool (KeSize); Ke = AllocateZeroPool (KeSize);
ASSERT (Ke != NULL); if (Ke == NULL) {
return NULL;
}
Ke->Header.NextPayload = NextPayload; Ke->Header.NextPayload = NextPayload;
Ke->Header.PayloadLength = (UINT16) KeSize; Ke->Header.PayloadLength = (UINT16) KeSize;
@ -192,7 +206,10 @@ Ikev2GenerateKePayload (
// Create IKE_PAYLOAD to point to Key Exchange payload // Create IKE_PAYLOAD to point to Key Exchange payload
// //
KePayload = IkePayloadAlloc (); KePayload = IkePayloadAlloc ();
ASSERT (KePayload != NULL); if (KePayload == NULL) {
FreePool (Ke);
return NULL;
}
KePayload->PayloadType = IKEV2_PAYLOAD_TYPE_KE; KePayload->PayloadType = IKEV2_PAYLOAD_TYPE_KE;
KePayload->PayloadBuf = (UINT8 *) Ke; KePayload->PayloadBuf = (UINT8 *) Ke;
@ -241,10 +258,15 @@ Ikev2GenerateIdPayload (
IdSize = sizeof (IKEV2_ID) + AddrSize; IdSize = sizeof (IKEV2_ID) + AddrSize;
Id = (IKEV2_ID *) AllocateZeroPool (IdSize); Id = (IKEV2_ID *) AllocateZeroPool (IdSize);
ASSERT (Id != NULL); if (Id == NULL) {
return NULL;
}
IdPayload = IkePayloadAlloc (); IdPayload = IkePayloadAlloc ();
ASSERT (IdPayload != NULL); if (IdPayload == NULL) {
FreePool (Id);
return NULL;
}
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP); IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);
IdPayload->PayloadBuf = (UINT8 *) Id; IdPayload->PayloadBuf = (UINT8 *) Id;
@ -317,10 +339,15 @@ Ikev2GenerateCertIdPayload (
IdSize = sizeof (IKEV2_ID) + SubjectSize; IdSize = sizeof (IKEV2_ID) + SubjectSize;
Id = (IKEV2_ID *) AllocateZeroPool (IdSize); Id = (IKEV2_ID *) AllocateZeroPool (IdSize);
ASSERT (Id != NULL); if (Id == NULL) {
return NULL;
}
IdPayload = IkePayloadAlloc (); IdPayload = IkePayloadAlloc ();
ASSERT (IdPayload != NULL); if (IdPayload == NULL) {
FreePool (Id);
return NULL;
}
IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP); IdPayload->PayloadType = (UINT8) ((CommonSession->IsInitiator) ? IKEV2_PAYLOAD_TYPE_ID_INIT : IKEV2_PAYLOAD_TYPE_ID_RSP);
IdPayload->PayloadBuf = (UINT8 *) Id; IdPayload->PayloadBuf = (UINT8 *) Id;
@ -398,13 +425,14 @@ Ikev2PskGenerateAuthPayload (
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf); DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);
Digest = AllocateZeroPool (DigestSize); Digest = AllocateZeroPool (DigestSize);
if (Digest == NULL) { if (Digest == NULL) {
return NULL; return NULL;
} }
if (IdPayload == NULL) { if (IdPayload == NULL) {
return NULL; return NULL;
} }
// //
// Calcualte Prf(Seceret, "Key Pad for IKEv2"); // Calcualte Prf(Seceret, "Key Pad for IKEv2");
// //
@ -428,7 +456,11 @@ Ikev2PskGenerateAuthPayload (
// Store the AuthKey into KeyBuf // Store the AuthKey into KeyBuf
// //
KeyBuf = AllocateZeroPool (DigestSize); KeyBuf = AllocateZeroPool (DigestSize);
ASSERT (KeyBuf != NULL); if (KeyBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
CopyMem (KeyBuf, Digest, DigestSize); CopyMem (KeyBuf, Digest, DigestSize);
KeySize = DigestSize; KeySize = DigestSize;
@ -486,6 +518,11 @@ Ikev2PskGenerateAuthPayload (
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2]. // Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].
// //
Fragments[2].Data = AllocateZeroPool (DigestSize); Fragments[2].Data = AllocateZeroPool (DigestSize);
if (Fragments[2].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
Fragments[2].DataSize = DigestSize; Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize); CopyMem (Fragments[2].Data, Digest, DigestSize);
@ -509,11 +546,18 @@ Ikev2PskGenerateAuthPayload (
// Allocate buffer for Auth Payload // Allocate buffer for Auth Payload
// //
AuthPayload = IkePayloadAlloc (); AuthPayload = IkePayloadAlloc ();
ASSERT (AuthPayload != NULL); if (AuthPayload == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + DigestSize; AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + DigestSize;
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize); PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);
ASSERT (PayloadBuf != NULL); if (PayloadBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
// //
// Fill in Auth payload. // Fill in Auth payload.
// //
@ -649,7 +693,6 @@ Ikev2CertGenerateAuthPayload (
} }
DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf); DigestSize = IpSecGetHmacDigestLength ((UINT8)IkeSaSession->SessionCommon.SaParams->Prf);
Digest = AllocateZeroPool (DigestSize); Digest = AllocateZeroPool (DigestSize);
if (Digest == NULL) { if (Digest == NULL) {
return NULL; return NULL;
} }
@ -658,8 +701,11 @@ Ikev2CertGenerateAuthPayload (
// Store the AuthKey into KeyBuf // Store the AuthKey into KeyBuf
// //
KeyBuf = AllocateZeroPool (DigestSize); KeyBuf = AllocateZeroPool (DigestSize);
ASSERT (KeyBuf != NULL); if (KeyBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
CopyMem (KeyBuf, Digest, DigestSize); CopyMem (KeyBuf, Digest, DigestSize);
// //
@ -724,6 +770,11 @@ Ikev2CertGenerateAuthPayload (
// Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2]. // Copy the result of Prf(SK_Pr, IDi/r) to Fragments[2].
// //
Fragments[2].Data = AllocateZeroPool (DigestSize); Fragments[2].Data = AllocateZeroPool (DigestSize);
if (Fragments[2].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
Fragments[2].DataSize = DigestSize; Fragments[2].DataSize = DigestSize;
CopyMem (Fragments[2].Data, Digest, DigestSize); CopyMem (Fragments[2].Data, Digest, DigestSize);
@ -766,7 +817,10 @@ Ikev2CertGenerateAuthPayload (
// Allocate buffer for Auth Payload // Allocate buffer for Auth Payload
// //
AuthPayload = IkePayloadAlloc (); AuthPayload = IkePayloadAlloc ();
ASSERT (AuthPayload != NULL); if (AuthPayload == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
if (!IsVerify) { if (!IsVerify) {
AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + SigSize; AuthPayload->PayloadSize = sizeof (IKEV2_AUTH) + SigSize;
@ -775,7 +829,11 @@ Ikev2CertGenerateAuthPayload (
} }
PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize); PayloadBuf = (IKEV2_AUTH *) AllocateZeroPool (AuthPayload->PayloadSize);
ASSERT (PayloadBuf != NULL); if (PayloadBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
// //
// Fill in Auth payload. // Fill in Auth payload.
// //
@ -879,7 +937,9 @@ Ikev2GenerateTsPayload (
// //
TsPayload = IkePayloadAlloc(); TsPayload = IkePayloadAlloc();
ASSERT (TsPayload != NULL); if (TsPayload == NULL) {
return NULL;
}
IpVersion = ChildSa->SessionCommon.UdpService->IpVersion; IpVersion = ChildSa->SessionCommon.UdpService->IpVersion;
// //
@ -890,7 +950,9 @@ Ikev2GenerateTsPayload (
SelectorSize = sizeof (TRAFFIC_SELECTOR) + 2 * AddrSize; SelectorSize = sizeof (TRAFFIC_SELECTOR) + 2 * AddrSize;
TsPayloadSize = sizeof (IKEV2_TS) + SelectorSize; TsPayloadSize = sizeof (IKEV2_TS) + SelectorSize;
TsPayloadBuf = AllocateZeroPool (TsPayloadSize); TsPayloadBuf = AllocateZeroPool (TsPayloadSize);
ASSERT (TsPayloadBuf != NULL); if (TsPayloadBuf == NULL) {
goto ON_ERROR;
}
TsPayload->PayloadBuf = (UINT8 *) TsPayloadBuf; TsPayload->PayloadBuf = (UINT8 *) TsPayloadBuf;
TsSelector = (TRAFFIC_SELECTOR*)(TsPayloadBuf + 1); TsSelector = (TRAFFIC_SELECTOR*)(TsPayloadBuf + 1);
@ -1146,7 +1208,9 @@ Ikev2GenerateNotifyPayload (
// //
NotifyPayloadLen = (UINT16) (sizeof (IKEV2_NOTIFY) + NotifyDataSize + SpiSize); NotifyPayloadLen = (UINT16) (sizeof (IKEV2_NOTIFY) + NotifyDataSize + SpiSize);
Notify = (IKEV2_NOTIFY *) AllocateZeroPool (NotifyPayloadLen); Notify = (IKEV2_NOTIFY *) AllocateZeroPool (NotifyPayloadLen);
ASSERT (Notify != NULL); if (Notify == NULL) {
return NULL;
}
// //
// Set Delete Payload's Generic Header // Set Delete Payload's Generic Header
@ -1177,7 +1241,11 @@ Ikev2GenerateNotifyPayload (
// Create Payload for and set type as IKEV2_PAYLOAD_TYPE_NOTIFY // Create Payload for and set type as IKEV2_PAYLOAD_TYPE_NOTIFY
// //
NotifyPayload = IkePayloadAlloc (); NotifyPayload = IkePayloadAlloc ();
ASSERT (NotifyPayload != NULL); if (NotifyPayload == NULL) {
FreePool (Notify);
return NULL;
}
NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY; NotifyPayload->PayloadType = IKEV2_PAYLOAD_TYPE_NOTIFY;
NotifyPayload->PayloadBuf = (UINT8 *) Notify; NotifyPayload->PayloadBuf = (UINT8 *) Notify;
NotifyPayload->PayloadSize = NotifyPayloadLen; NotifyPayload->PayloadSize = NotifyPayloadLen;
@ -1238,7 +1306,9 @@ Ikev2GenerateDeletePayload (
DelPayloadLen = (UINT16) (sizeof (IKEV2_DELETE) + SpiBufSize); DelPayloadLen = (UINT16) (sizeof (IKEV2_DELETE) + SpiBufSize);
Del = AllocateZeroPool (DelPayloadLen); Del = AllocateZeroPool (DelPayloadLen);
ASSERT (Del != NULL); if (Del == NULL) {
return NULL;
}
// //
// Set Delete Payload's Generic Header // Set Delete Payload's Generic Header
@ -1262,7 +1332,11 @@ Ikev2GenerateDeletePayload (
// //
CopyMem (Del + 1, SpiBuf, SpiBufSize); CopyMem (Del + 1, SpiBuf, SpiBufSize);
DelPayload = IkePayloadAlloc (); DelPayload = IkePayloadAlloc ();
ASSERT (DelPayload != NULL); if (DelPayload == NULL) {
FreePool (Del);
return NULL;
}
DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE; DelPayload->PayloadType = IKEV2_PAYLOAD_TYPE_DELETE;
DelPayload->PayloadBuf = (UINT8 *) Del; DelPayload->PayloadBuf = (UINT8 *) Del;
DelPayload->PayloadSize = DelPayloadLen; DelPayload->PayloadSize = DelPayloadLen;
@ -1626,7 +1700,10 @@ Ikev2EncodeSa (
// Allocate buffer for IKE_SA. // Allocate buffer for IKE_SA.
// //
Sa = AllocateZeroPool (SaSize); Sa = AllocateZeroPool (SaSize);
ASSERT (Sa != NULL); if (Sa == NULL) {
return NULL;
}
CopyMem (Sa, SaData, sizeof (IKEV2_SA)); CopyMem (Sa, SaData, sizeof (IKEV2_SA));
Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA); Sa->Header.PayloadLength = (UINT16) sizeof (IKEV2_SA);
ProposalsSize = 0; ProposalsSize = 0;
@ -1819,7 +1896,11 @@ Ikev2DecodeSa (
TotalProposals * sizeof (IKEV2_PROPOSAL_DATA) + TotalProposals * sizeof (IKEV2_PROPOSAL_DATA) +
TotalTransforms * sizeof (IKEV2_TRANSFORM_DATA) TotalTransforms * sizeof (IKEV2_TRANSFORM_DATA)
); );
ASSERT (SaData != NULL); if (SaData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (SaData, Sa, sizeof (IKEV2_SA)); CopyMem (SaData, Sa, sizeof (IKEV2_SA));
SaData->NumProposals = TotalProposals; SaData->NumProposals = TotalProposals;
ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1); ProposalData = (IKEV2_PROPOSAL_DATA *) (SaData + 1);
@ -1852,7 +1933,11 @@ Ikev2DecodeSa (
// SpiSize == 4 // SpiSize == 4
// //
Spi = AllocateZeroPool (Proposal->SpiSize); Spi = AllocateZeroPool (Proposal->SpiSize);
ASSERT (Spi != NULL); if (Spi == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize); CopyMem (Spi, (UINT32 *) (Proposal + 1), Proposal->SpiSize);
*((UINT32*) Spi) = NTOHL (*((UINT32*) Spi)); *((UINT32*) Spi) = NTOHL (*((UINT32*) Spi));
ProposalData->Spi = Spi; ProposalData->Spi = Spi;
@ -2284,7 +2369,11 @@ Ikev2DecodePacket (
// //
if (IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INIT) { if (IkePacket->Header->ExchangeType == IKEV2_EXCHANGE_TYPE_INIT) {
IkeHeader = AllocateZeroPool (sizeof (IKE_HEADER)); IkeHeader = AllocateZeroPool (sizeof (IKE_HEADER));
ASSERT (IkeHeader != NULL); if (IkeHeader == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER)); CopyMem (IkeHeader, IkePacket->Header, sizeof (IKE_HEADER));
// //
@ -2358,7 +2447,10 @@ Ikev2DecodePacket (
// Initial IkePayload // Initial IkePayload
// //
IkePayload = IkePayloadAlloc (); IkePayload = IkePayloadAlloc ();
ASSERT (IkePayload != NULL); if (IkePayload == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
IkePayload->PayloadType = PayloadType; IkePayload->PayloadType = PayloadType;
IkePayload->PayloadBuf = (UINT8 *) PayloadHdr; IkePayload->PayloadBuf = (UINT8 *) PayloadHdr;
@ -2483,7 +2575,10 @@ Ikev2EncodePacket (
if (SessionCommon->IsInitiator) { if (SessionCommon->IsInitiator) {
IkeSaSession->InitPacketSize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER); IkeSaSession->InitPacketSize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);
IkeSaSession->InitPacket = AllocateZeroPool (IkeSaSession->InitPacketSize); IkeSaSession->InitPacket = AllocateZeroPool (IkeSaSession->InitPacketSize);
ASSERT (IkeSaSession->InitPacket != NULL); if (IkeSaSession->InitPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER)); CopyMem (IkeSaSession->InitPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0; PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) { for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@ -2499,7 +2594,10 @@ Ikev2EncodePacket (
} else { } else {
IkeSaSession->RespPacketSize = IkePacket->PayloadTotalSize + sizeof(IKE_HEADER); IkeSaSession->RespPacketSize = IkePacket->PayloadTotalSize + sizeof(IKE_HEADER);
IkeSaSession->RespPacket = AllocateZeroPool (IkeSaSession->RespPacketSize); IkeSaSession->RespPacket = AllocateZeroPool (IkeSaSession->RespPacketSize);
ASSERT (IkeSaSession->RespPacket != NULL); if (IkeSaSession->RespPacket == NULL) {
return EFI_OUT_OF_RESOURCES;
}
CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER)); CopyMem (IkeSaSession->RespPacket, IkePacket->Header, sizeof (IKE_HEADER));
PayloadTotalSize = 0; PayloadTotalSize = 0;
for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) { for (Entry = IkePacket->PayloadList.ForwardLink; Entry != &(IkePacket->PayloadList);) {
@ -2596,14 +2694,21 @@ Ikev2DecryptPacket (
} }
CheckSumData = AllocateZeroPool (CheckSumSize); CheckSumData = AllocateZeroPool (CheckSumSize);
ASSERT (CheckSumData != NULL); if (CheckSumData == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
// //
// Fill in the Integrity buffer // Fill in the Integrity buffer
// //
IntegritySize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER); IntegritySize = IkePacket->PayloadTotalSize + sizeof (IKE_HEADER);
IntegrityBuffer = AllocateZeroPool (IntegritySize); IntegrityBuffer = AllocateZeroPool (IntegritySize);
ASSERT (IntegrityBuffer != NULL); if (IntegrityBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER)); CopyMem (IntegrityBuffer, IkePacket->Header, sizeof(IKE_HEADER));
CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize); CopyMem (IntegrityBuffer + sizeof (IKE_HEADER), IkePacket->PayloadsBuf, IkePacket->PayloadTotalSize);
@ -2664,7 +2769,10 @@ Ikev2DecryptPacket (
// //
DecryptedSize = IkePacket->PayloadTotalSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER) - IvSize - CheckSumSize; DecryptedSize = IkePacket->PayloadTotalSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER) - IvSize - CheckSumSize;
DecryptedBuf = AllocateZeroPool (DecryptedSize); DecryptedBuf = AllocateZeroPool (DecryptedSize);
ASSERT (DecryptedBuf != NULL); if (DecryptedBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
CopyMem ( CopyMem (
DecryptedBuf, DecryptedBuf,
@ -2811,8 +2919,11 @@ Ikev2EncryptPacket (
CryptBlockSizeMask = (UINT8) (CryptBlockSize - 1); CryptBlockSizeMask = (UINT8) (CryptBlockSize - 1);
EncryptedSize = (IkePacket->PayloadTotalSize + sizeof (IKEV2_PAD_LEN) + CryptBlockSizeMask) & ~CryptBlockSizeMask; EncryptedSize = (IkePacket->PayloadTotalSize + sizeof (IKEV2_PAD_LEN) + CryptBlockSizeMask) & ~CryptBlockSizeMask;
EncryptedBuf = (UINT8 *) AllocateZeroPool (EncryptedSize); EncryptedBuf = (UINT8 *) AllocateZeroPool (EncryptedSize);
ASSERT (EncryptedBuf != NULL); if (EncryptedBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
// //
// Copy all payload into EncryptedIkePayload // Copy all payload into EncryptedIkePayload
// //
@ -2878,7 +2989,10 @@ Ikev2EncryptPacket (
// //
EncryptPayloadSize = sizeof(IKEV2_ENCRYPTED) + IvSize + EncryptedSize + CheckSumSize; EncryptPayloadSize = sizeof(IKEV2_ENCRYPTED) + IvSize + EncryptedSize + CheckSumSize;
EncryptPayloadBuf = AllocateZeroPool (EncryptPayloadSize); EncryptPayloadBuf = AllocateZeroPool (EncryptPayloadSize);
ASSERT (EncryptPayloadBuf != NULL); if (EncryptPayloadBuf == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
// //
// Fill in Header of Encrypted Payload // Fill in Header of Encrypted Payload
@ -2965,7 +3079,10 @@ Ikev2EncryptPacket (
// Create Encrypted Payload and add into IkePacket->PayloadList // Create Encrypted Payload and add into IkePacket->PayloadList
// //
EncryptPayload = IkePayloadAlloc (); EncryptPayload = IkePayloadAlloc ();
ASSERT (EncryptPayload != NULL); if (EncryptPayload == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
// //
// Fill the encrypted payload into the IKE_PAYLOAD structure. // Fill the encrypted payload into the IKE_PAYLOAD structure.
@ -3211,7 +3328,9 @@ Ikev2SendIkePacket (
// Transform IkePacke to NetBuf // Transform IkePacke to NetBuf
// //
IkePacketNetbuf = IkeNetbufFromPacket ((UINT8 *) SessionCommon, IkePacket, IkeType); IkePacketNetbuf = IkeNetbufFromPacket ((UINT8 *) SessionCommon, IkePacket, IkeType);
ASSERT (IkePacketNetbuf != NULL); if (IkePacketNetbuf == NULL) {
return EFI_OUT_OF_RESOURCES;
}
ZeroMem (&EndPoint, sizeof (UDP_END_POINT)); ZeroMem (&EndPoint, sizeof (UDP_END_POINT));
EndPoint.RemotePort = IKE_DEFAULT_PORT; EndPoint.RemotePort = IKE_DEFAULT_PORT;

76
NetworkPkg/IpSecDxe/Ikev2/Sa.c
View File

@ -2,7 +2,7 @@
The operations for IKEv2 SA. The operations for IKEv2 SA.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2011, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -102,7 +102,9 @@ Ikev2InitPskGenerator (
// 1. Allocate IKE packet // 1. Allocate IKE packet
// //
IkePacket = IkePacketAlloc (); IkePacket = IkePacketAlloc ();
ASSERT (IkePacket != NULL); if (IkePacket == NULL) {
goto CheckError;
}
// //
// 1.a Fill the IkePacket->Hdr // 1.a Fill the IkePacket->Hdr
@ -176,7 +178,9 @@ Ikev2InitPskGenerator (
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) { if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {
IkeSaSession->NiBlkSize = IKE_NONCE_SIZE; IkeSaSession->NiBlkSize = IKE_NONCE_SIZE;
IkeSaSession->NiBlock = IkeGenerateNonce (IKE_NONCE_SIZE); IkeSaSession->NiBlock = IkeGenerateNonce (IKE_NONCE_SIZE);
ASSERT (IkeSaSession->NiBlock != NULL); if (IkeSaSession->NiBlock == NULL) {
goto CheckError;
}
} }
if (IkeSaSession->SessionCommon.IsInitiator) { if (IkeSaSession->SessionCommon.IsInitiator) {
@ -298,7 +302,11 @@ Ikev2InitPskParser (
// //
NonceSize = NoncePayload->PayloadSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER); NonceSize = NoncePayload->PayloadSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER);
NonceBuffer = (UINT8 *) AllocatePool (NonceSize); NonceBuffer = (UINT8 *) AllocatePool (NonceSize);
ASSERT (NonceBuffer != NULL); if (NonceBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto CheckError;
}
CopyMem ( CopyMem (
NonceBuffer, NonceBuffer,
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER), NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),
@ -444,7 +452,9 @@ Ikev2AuthPskGenerator (
// 1. Allocate IKE Packet // 1. Allocate IKE Packet
// //
IkePacket= IkePacketAlloc (); IkePacket= IkePacketAlloc ();
ASSERT (IkePacket != NULL); if (IkePacket == NULL) {
return NULL;
}
// //
// 1.a Fill the IkePacket Header. // 1.a Fill the IkePacket Header.
@ -745,7 +755,10 @@ Ikev2AuthPskParser (
// //
if (ChildSaSession->IkeSaSession->Spd == NULL) { if (ChildSaSession->IkeSaSession->Spd == NULL) {
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd; ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;
Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession); Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
if (EFI_ERROR (Status)) {
return Status;
}
} }
} else { } else {
// //
@ -930,7 +943,9 @@ Ikev2AuthCertGenerator (
// 1. Allocate IKE Packet // 1. Allocate IKE Packet
// //
IkePacket= IkePacketAlloc (); IkePacket= IkePacketAlloc ();
ASSERT (IkePacket != NULL); if (IkePacket == NULL) {
return NULL;
}
// //
// 1.a Fill the IkePacket Header. // 1.a Fill the IkePacket Header.
@ -1280,7 +1295,10 @@ Ikev2AuthCertParser (
// //
if (ChildSaSession->IkeSaSession->Spd == NULL) { if (ChildSaSession->IkeSaSession->Spd == NULL) {
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd; ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;
Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession); Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
if (EFI_ERROR (Status)) {
goto Exit;
}
} }
} else { } else {
// //
@ -1360,17 +1378,27 @@ Ikev2GenerateSaDhPublicKey (
IKEV2_SESSION_KEYS *IkeKeys; IKEV2_SESSION_KEYS *IkeKeys;
IkeSaSession->IkeKeys = AllocateZeroPool (sizeof (IKEV2_SESSION_KEYS)); IkeSaSession->IkeKeys = AllocateZeroPool (sizeof (IKEV2_SESSION_KEYS));
ASSERT (IkeSaSession->IkeKeys != NULL); if (IkeSaSession->IkeKeys == NULL) {
return EFI_OUT_OF_RESOURCES;
}
IkeKeys = IkeSaSession->IkeKeys; IkeKeys = IkeSaSession->IkeKeys;
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER)); IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));
ASSERT (IkeKeys->DhBuffer != NULL); if (IkeKeys->DhBuffer == NULL) {
FreePool (IkeSaSession->IkeKeys);
return EFI_OUT_OF_RESOURCES;
}
// //
// Init DH with the certain DH Group Description. // Init DH with the certain DH Group Description.
// //
IkeKeys->DhBuffer->GxSize = OakleyModpGroup[(UINT8)IkeSaSession->SessionCommon.PreferDhGroup].Size >> 3; IkeKeys->DhBuffer->GxSize = OakleyModpGroup[(UINT8)IkeSaSession->SessionCommon.PreferDhGroup].Size >> 3;
IkeKeys->DhBuffer->GxBuffer = AllocateZeroPool (IkeKeys->DhBuffer->GxSize); IkeKeys->DhBuffer->GxBuffer = AllocateZeroPool (IkeKeys->DhBuffer->GxSize);
ASSERT (IkeKeys->DhBuffer->GxBuffer != NULL); if (IkeKeys->DhBuffer->GxBuffer == NULL) {
FreePool (IkeKeys->DhBuffer);
FreePool (IkeSaSession->IkeKeys);
return EFI_OUT_OF_RESOURCES;
}
// //
// Get X PublicKey // Get X PublicKey
@ -1385,6 +1413,13 @@ Ikev2GenerateSaDhPublicKey (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));
FreePool (IkeKeys->DhBuffer->GxBuffer);
FreePool (IkeKeys->DhBuffer);
FreePool (IkeSaSession->IkeKeys);
return Status; return Status;
} }
@ -1422,7 +1457,9 @@ Ikev2GenerateSaDhComputeKey (
PubKeySize = KePayload->PayloadSize - sizeof (IKEV2_KEY_EXCHANGE); PubKeySize = KePayload->PayloadSize - sizeof (IKEV2_KEY_EXCHANGE);
DhBuffer->GxySize = DhBuffer->GxSize; DhBuffer->GxySize = DhBuffer->GxSize;
DhBuffer->GxyBuffer = AllocateZeroPool (DhBuffer->GxySize); DhBuffer->GxyBuffer = AllocateZeroPool (DhBuffer->GxySize);
ASSERT (DhBuffer->GxyBuffer != NULL); if (DhBuffer->GxyBuffer == NULL) {
return EFI_OUT_OF_RESOURCES;
}
// //
// Get GxyBuf // Get GxyBuf
@ -1436,6 +1473,9 @@ Ikev2GenerateSaDhComputeKey (
); );
if (EFI_ERROR (Status)) { if (EFI_ERROR (Status)) {
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status)); DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));
FreePool (DhBuffer->GxyBuffer);
return Status; return Status;
} }
@ -1444,7 +1484,12 @@ Ikev2GenerateSaDhComputeKey (
// //
DhBuffer->GySize = PubKeySize; DhBuffer->GySize = PubKeySize;
DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize); DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);
ASSERT (DhBuffer->GyBuffer != NULL); if (DhBuffer->GyBuffer == NULL) {
FreePool (DhBuffer->GxyBuffer);
return Status;
}
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize); CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize); IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);
@ -1524,7 +1569,10 @@ Ikev2GenerateSaKeys (
// //
KeyBufferSize = IkeSaSession->NiBlkSize + IkeSaSession->NrBlkSize; KeyBufferSize = IkeSaSession->NiBlkSize + IkeSaSession->NrBlkSize;
KeyBuffer = AllocateZeroPool (KeyBufferSize); KeyBuffer = AllocateZeroPool (KeyBufferSize);
ASSERT (KeyBuffer != NULL); if (KeyBuffer == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
CopyMem (KeyBuffer, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize); CopyMem (KeyBuffer, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
CopyMem (KeyBuffer + IkeSaSession->NiBlkSize, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize); CopyMem (KeyBuffer + IkeSaSession->NiBlkSize, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);

151
NetworkPkg/IpSecDxe/Ikev2/Utility.c
View File

@ -2,7 +2,7 @@
The Common operations used by IKE Exchange Process. The Common operations used by IKE Exchange Process.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -57,7 +57,9 @@ Ikev2SaSessionAlloc (
IKEV2_SA_SESSION *IkeSaSession; IKEV2_SA_SESSION *IkeSaSession;
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION)); IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));
ASSERT (IkeSaSession != NULL); if (IkeSaSession == NULL) {
return NULL;
}
// //
// Initialize the fields of IkeSaSession and its SessionCommon. // Initialize the fields of IkeSaSession and its SessionCommon.
@ -908,9 +910,9 @@ Ikev2ChildSaSilentDelete (
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR); SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
Selector = AllocateZeroPool (SelectorSize); Selector = AllocateZeroPool (SelectorSize);
ASSERT (Selector != NULL); if (Selector == NULL) {
return EFI_OUT_OF_RESOURCES;
}
while (1) { while (1) {
Status = EfiIpSecConfigGetNextSelector ( Status = EfiIpSecConfigGetNextSelector (
@ -923,7 +925,11 @@ Ikev2ChildSaSilentDelete (
FreePool (Selector); FreePool (Selector);
Selector = AllocateZeroPool (SelectorSize); Selector = AllocateZeroPool (SelectorSize);
ASSERT (Selector != NULL); if (Selector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
Status = EfiIpSecConfigGetNextSelector ( Status = EfiIpSecConfigGetNextSelector (
&Private->IpSecConfig, &Private->IpSecConfig,
IPsecConfigDataTypeSad, IPsecConfigDataTypeSad,
@ -943,7 +949,11 @@ Ikev2ChildSaSilentDelete (
// //
IsRemoteFound = TRUE; IsRemoteFound = TRUE;
RemoteSelector = AllocateZeroPool (SelectorSize); RemoteSelector = AllocateZeroPool (SelectorSize);
ASSERT (RemoteSelector != NULL); if (RemoteSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (RemoteSelector, Selector, SelectorSize); CopyMem (RemoteSelector, Selector, SelectorSize);
} }
@ -954,7 +964,11 @@ Ikev2ChildSaSilentDelete (
// //
IsLocalFound = TRUE; IsLocalFound = TRUE;
LocalSelector = AllocateZeroPool (SelectorSize); LocalSelector = AllocateZeroPool (SelectorSize);
ASSERT (LocalSelector != NULL); if (LocalSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (LocalSelector, Selector, SelectorSize); CopyMem (LocalSelector, Selector, SelectorSize);
} }
} }
@ -1270,7 +1284,11 @@ Ikev2InitializeSaData (
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon); ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP; ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi)); ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
ASSERT (ProposalData->Spi != NULL); if (ProposalData->Spi == NULL) {
FreePool (SaData);
return NULL;
}
CopyMem ( CopyMem (
ProposalData->Spi, ProposalData->Spi,
&ChildSaSession->LocalPeerSpi, &ChildSaSession->LocalPeerSpi,
@ -1338,7 +1356,12 @@ Ikev2InitializeSaData (
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP; ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->NumTransforms = 3; ProposalData->NumTransforms = 3;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi)); ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
ASSERT (ProposalData->Spi != NULL); if (ProposalData->Spi == NULL) {
FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);
FreePool (SaData);
return NULL;
}
CopyMem ( CopyMem (
ProposalData->Spi, ProposalData->Spi,
&ChildSaSession->LocalPeerSpi, &ChildSaSession->LocalPeerSpi,
@ -1731,17 +1754,27 @@ Ikev2ResendNotify (
than the one in ChildSaSession->Spd, especially for the tunnel mode. than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to. @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/ **/
VOID EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate ( Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
) )
{ {
EFI_STATUS Status;
Status = EFI_SUCCESS;
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) { if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {
if (ChildSaSession->SpdSelector == NULL) { if (ChildSaSession->SpdSelector == NULL) {
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR)); ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));
ASSERT (ChildSaSession->SpdSelector != NULL); if (ChildSaSession->SpdSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
return Status;
}
} }
CopyMem ( CopyMem (
ChildSaSession->SpdSelector, ChildSaSession->SpdSelector,
@ -1753,18 +1786,34 @@ Ikev2ChildSaSessionSpdSelectorCreate (
sizeof (EFI_IP_ADDRESS_INFO), sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->RemoteAddress ChildSaSession->Spd->Selector->RemoteAddress
); );
if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
Status = EFI_OUT_OF_RESOURCES;
FreePool (ChildSaSession->SpdSelector);
return Status;
}
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool ( ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
ChildSaSession->Spd->Selector->LocalAddressCount * ChildSaSession->Spd->Selector->LocalAddressCount *
sizeof (EFI_IP_ADDRESS_INFO), sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->LocalAddress ChildSaSession->Spd->Selector->LocalAddress
); );
if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
Status = EFI_OUT_OF_RESOURCES;
ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL); FreePool (ChildSaSession->SpdSelector->RemoteAddress);
ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);
FreePool (ChildSaSession->SpdSelector);
return Status;
}
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount; ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount; ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
} }
return Status;
} }
/** /**
@ -1789,7 +1838,9 @@ Ikev2ChildSaSessionCreate (
// Create a new ChildSaSession.Insert it into processing list and initiate the common parameters. // Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.
// //
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession); ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);
ASSERT (ChildSaSession != NULL); if (ChildSaSession == NULL) {
return NULL;
}
// //
// Set the specific parameters. // Set the specific parameters.
@ -1810,18 +1861,29 @@ Ikev2ChildSaSessionCreate (
// The ChildSaSession->SpdSelector might be changed after the traffic selector // The ChildSaSession->SpdSelector might be changed after the traffic selector
// negoniation and it will be copied into the SAData after ChildSA established. // negoniation and it will be copied into the SAData after ChildSA established.
// //
Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession); if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
// //
// Copy first NiBlock and NrBlock to ChildSa Session // Copy first NiBlock and NrBlock to ChildSa Session
// //
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize); ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);
ASSERT (ChildSaSession->NiBlock != NULL); if (ChildSaSession->NiBlock == NULL) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize; ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize); CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize); ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);
ASSERT (ChildSaSession->NrBlock != NULL); if (ChildSaSession->NrBlock == NULL) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize; ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize); CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
@ -2194,7 +2256,10 @@ Ikev2SaParseSaPayload (
// Find the matched one. // Find the matched one.
// //
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS)); IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL); if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm; IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength; IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup; IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@ -2209,7 +2274,10 @@ Ikev2SaParseSaPayload (
sizeof (IKEV2_PROPOSAL_DATA) + sizeof (IKEV2_PROPOSAL_DATA) +
sizeof (IKEV2_TRANSFORM_DATA) * 4; sizeof (IKEV2_TRANSFORM_DATA) * 4;
IkeSaSession->SaData = AllocateZeroPool (SaDataSize); IkeSaSession->SaData = AllocateZeroPool (SaDataSize);
ASSERT (IkeSaSession->SaData != NULL); if (IkeSaSession->SaData == NULL) {
FreePool (IkeSaSession->SessionCommon.SaParams);
return FALSE;
}
IkeSaSession->SaData->NumProposals = 1; IkeSaSession->SaData->NumProposals = 1;
@ -2225,6 +2293,7 @@ Ikev2SaParseSaPayload (
); );
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1; ((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
return TRUE; return TRUE;
} else { } else {
PreferEncryptAlgorithm = 0; PreferEncryptAlgorithm = 0;
@ -2300,7 +2369,10 @@ Ikev2SaParseSaPayload (
if (IsMatch) { if (IsMatch) {
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS)); IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL); if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm; IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength; IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup; IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@ -2311,6 +2383,7 @@ Ikev2SaParseSaPayload (
return TRUE; return TRUE;
} }
} }
return FALSE; return FALSE;
} }
@ -2391,7 +2464,10 @@ Ikev2ChildSaParseSaPayload (
// Find the matched one. // Find the matched one.
// //
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS)); ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL); if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm; ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength; ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm; ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@ -2405,7 +2481,10 @@ Ikev2ChildSaParseSaPayload (
sizeof (IKEV2_TRANSFORM_DATA) * 4; sizeof (IKEV2_TRANSFORM_DATA) * 4;
ChildSaSession->SaData = AllocateZeroPool (SaDataSize); ChildSaSession->SaData = AllocateZeroPool (SaDataSize);
ASSERT (ChildSaSession->SaData != NULL); if (ChildSaSession->SaData == NULL) {
FreePool (ChildSaSession->SessionCommon.SaParams);
return FALSE;
}
ChildSaSession->SaData->NumProposals = 1; ChildSaSession->SaData->NumProposals = 1;
@ -2426,7 +2505,14 @@ Ikev2ChildSaParseSaPayload (
sizeof (ChildSaSession->LocalPeerSpi), sizeof (ChildSaSession->LocalPeerSpi),
&ChildSaSession->LocalPeerSpi &ChildSaSession->LocalPeerSpi
); );
ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL); if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
FreePool (ChildSaSession->SessionCommon.SaParams);
FreePool (ChildSaSession->SaData );
return FALSE;
}
return TRUE; return TRUE;
} else { } else {
@ -2496,7 +2582,10 @@ Ikev2ChildSaParseSaPayload (
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1); ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (IsMatch) { if (IsMatch) {
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS)); ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL); if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm; ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength; ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm; ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@ -2605,7 +2694,11 @@ Ikev2SaGenerateKey (
} }
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize); LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);
ASSERT (LocalFragments[1].Data != NULL); if (LocalFragments[1].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
LocalFragments[1].DataSize = FragmentsSize; LocalFragments[1].DataSize = FragmentsSize;
// //
@ -2631,7 +2724,11 @@ Ikev2SaGenerateKey (
// Allocate buffer for the first fragment // Allocate buffer for the first fragment
// //
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength); LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);
ASSERT (LocalFragments[0].Data != NULL); if (LocalFragments[0].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
LocalFragments[0].DataSize = AuthKeyLength; LocalFragments[0].DataSize = AuthKeyLength;
Round = (OutputKeyLength - 1) / AuthKeyLength + 1; Round = (OutputKeyLength - 1) / AuthKeyLength + 1;

7
NetworkPkg/IpSecDxe/Ikev2/Utility.h
View File

@ -2,7 +2,7 @@
The interfaces of IKE/Child session operations and payload related operations The interfaces of IKE/Child session operations and payload related operations
used by IKE Exchange Process. used by IKE Exchange Process.
Copyright (c) 2010, Intel Corporation. All rights reserved.<BR> Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -1119,9 +1119,12 @@ Ikev2SaGenerateKey (
than the one in ChildSaSession->Spd, especially for the tunnel mode. than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to. @param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/ **/
VOID EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate ( Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
); );

5
NetworkPkg/IpSecDxe/IpSecConfigImpl.c
View File

@ -2175,7 +2175,10 @@ IpSecGetVariable (
VariableNameLength = StrLen (VariableName); VariableNameLength = StrLen (VariableName);
VariableNameISize = (VariableNameLength + 5) * sizeof (CHAR16); VariableNameISize = (VariableNameLength + 5) * sizeof (CHAR16);
VariableNameI = AllocateZeroPool (VariableNameISize); VariableNameI = AllocateZeroPool (VariableNameISize);
ASSERT (VariableNameI != NULL); if (VariableNameI == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto ON_EXIT;
}
// //
// Construct the varible name of ipsecconfig meta data. // Construct the varible name of ipsecconfig meta data.

7
NetworkPkg/IpSecDxe/IpSecCryptIo.c
View File

@ -1,7 +1,7 @@
/** @file /** @file
Common interfaces to call Security library. Common interfaces to call Security library.
Copyright (c) 2009 - 2014, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -968,7 +968,10 @@ IpSecCryptoIoGetPublicKeyFromCert (
RsaGetKey (RsaContext, RsaKeyN, NULL, PublicKeyLen); RsaGetKey (RsaContext, RsaKeyN, NULL, PublicKeyLen);
*PublicKey = AllocateZeroPool (*PublicKeyLen); *PublicKey = AllocateZeroPool (*PublicKeyLen);
ASSERT (*PublicKey != NULL); if (*PublicKey == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto EXIT;
}
if (!RsaGetKey (RsaContext, RsaKeyN, *PublicKey, PublicKeyLen)) { if (!RsaGetKey (RsaContext, RsaKeyN, *PublicKey, PublicKeyLen)) {
Status = EFI_INVALID_PARAMETER; Status = EFI_INVALID_PARAMETER;

21
NetworkPkg/IpSecDxe/IpSecImpl.c
View File

@ -2,7 +2,7 @@
The implementation of IPsec. The implementation of IPsec.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR> (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR> Copyright (c) 2009 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License are licensed and made available under the terms and conditions of the BSD License
@ -1190,9 +1190,6 @@ IpSecTunnelInboundPacket (
on return. on return.
@param[in] FragmentCount The number of fragments. @param[in] FragmentCount The number of fragments.
@retval EFI_SUCCESS The operation was successful.
@retval EFI_OUT_OF_RESOURCES The required system resources can't be allocated.
**/ **/
UINT8 * UINT8 *
IpSecTunnelOutboundPacket ( IpSecTunnelOutboundPacket (
@ -1220,7 +1217,10 @@ IpSecTunnelOutboundPacket (
if (IpVersion == IP_VERSION_4) { if (IpVersion == IP_VERSION_4) {
InnerHead = AllocateZeroPool (sizeof (IP4_HEAD) + *OptionsLength); InnerHead = AllocateZeroPool (sizeof (IP4_HEAD) + *OptionsLength);
ASSERT (InnerHead != NULL); if (InnerHead == NULL) {
return NULL;
}
CopyMem ( CopyMem (
InnerHead, InnerHead,
IpHead, IpHead,
@ -1233,7 +1233,10 @@ IpSecTunnelOutboundPacket (
); );
} else { } else {
InnerHead = AllocateZeroPool (sizeof (EFI_IP6_HEADER) + *OptionsLength); InnerHead = AllocateZeroPool (sizeof (EFI_IP6_HEADER) + *OptionsLength);
ASSERT (InnerHead != NULL); if (InnerHead == NULL) {
return NULL;
}
CopyMem ( CopyMem (
InnerHead, InnerHead,
IpHead, IpHead,
@ -1264,7 +1267,11 @@ IpSecTunnelOutboundPacket (
IpSecOnRecyclePacket, IpSecOnRecyclePacket,
NULL NULL
); );
ASSERT (Packet != NULL); if (Packet == NULL) {
FreePool (InnerHead);
return NULL;
}
// //
// 3. Check the Last Header, if it is TCP, UDP or ICMP recalcualate its pesudo // 3. Check the Last Header, if it is TCP, UDP or ICMP recalcualate its pesudo
// CheckSum. // CheckSum.