NetworkPkg: Remove ASSERT and use error handling in IpSecDxe
This patch is used to refine the code by removing ASSERT and using error handling in IpSecDxe driver. Cc: Ye Ting <ting.ye@intel.com> Cc: Fu Siyuan <siyuan.fu@intel.com> Cc: Zhang Lubo <lubo.zhang@intel.com> Cc: Yao Jiewen <jiewen.yao@intel.com> Contributed-under: TianoCore Contribution Agreement 1.0 Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com> Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
@@ -2,7 +2,7 @@
|
||||
The Common operations used by IKE Exchange Process.
|
||||
|
||||
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
|
||||
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
|
||||
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
|
||||
|
||||
This program and the accompanying materials
|
||||
are licensed and made available under the terms and conditions of the BSD License
|
||||
@@ -57,7 +57,9 @@ Ikev2SaSessionAlloc (
|
||||
IKEV2_SA_SESSION *IkeSaSession;
|
||||
|
||||
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));
|
||||
ASSERT (IkeSaSession != NULL);
|
||||
if (IkeSaSession == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
//
|
||||
// Initialize the fields of IkeSaSession and its SessionCommon.
|
||||
@@ -908,9 +910,9 @@ Ikev2ChildSaSilentDelete (
|
||||
|
||||
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
|
||||
Selector = AllocateZeroPool (SelectorSize);
|
||||
ASSERT (Selector != NULL);
|
||||
|
||||
|
||||
if (Selector == NULL) {
|
||||
return EFI_OUT_OF_RESOURCES;
|
||||
}
|
||||
|
||||
while (1) {
|
||||
Status = EfiIpSecConfigGetNextSelector (
|
||||
@@ -923,7 +925,11 @@ Ikev2ChildSaSilentDelete (
|
||||
FreePool (Selector);
|
||||
|
||||
Selector = AllocateZeroPool (SelectorSize);
|
||||
ASSERT (Selector != NULL);
|
||||
if (Selector == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
break;
|
||||
}
|
||||
|
||||
Status = EfiIpSecConfigGetNextSelector (
|
||||
&Private->IpSecConfig,
|
||||
IPsecConfigDataTypeSad,
|
||||
@@ -943,7 +949,11 @@ Ikev2ChildSaSilentDelete (
|
||||
//
|
||||
IsRemoteFound = TRUE;
|
||||
RemoteSelector = AllocateZeroPool (SelectorSize);
|
||||
ASSERT (RemoteSelector != NULL);
|
||||
if (RemoteSelector == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
break;
|
||||
}
|
||||
|
||||
CopyMem (RemoteSelector, Selector, SelectorSize);
|
||||
}
|
||||
|
||||
@@ -954,7 +964,11 @@ Ikev2ChildSaSilentDelete (
|
||||
//
|
||||
IsLocalFound = TRUE;
|
||||
LocalSelector = AllocateZeroPool (SelectorSize);
|
||||
ASSERT (LocalSelector != NULL);
|
||||
if (LocalSelector == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
break;
|
||||
}
|
||||
|
||||
CopyMem (LocalSelector, Selector, SelectorSize);
|
||||
}
|
||||
}
|
||||
@@ -1270,7 +1284,11 @@ Ikev2InitializeSaData (
|
||||
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);
|
||||
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
|
||||
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
|
||||
ASSERT (ProposalData->Spi != NULL);
|
||||
if (ProposalData->Spi == NULL) {
|
||||
FreePool (SaData);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
CopyMem (
|
||||
ProposalData->Spi,
|
||||
&ChildSaSession->LocalPeerSpi,
|
||||
@@ -1338,7 +1356,12 @@ Ikev2InitializeSaData (
|
||||
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
|
||||
ProposalData->NumTransforms = 3;
|
||||
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
|
||||
ASSERT (ProposalData->Spi != NULL);
|
||||
if (ProposalData->Spi == NULL) {
|
||||
FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);
|
||||
FreePool (SaData);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
CopyMem (
|
||||
ProposalData->Spi,
|
||||
&ChildSaSession->LocalPeerSpi,
|
||||
@@ -1731,17 +1754,27 @@ Ikev2ResendNotify (
|
||||
than the one in ChildSaSession->Spd, especially for the tunnel mode.
|
||||
|
||||
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
|
||||
|
||||
@retval EFI_SUCCESS The operation complete successfully.
|
||||
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
|
||||
|
||||
**/
|
||||
VOID
|
||||
EFI_STATUS
|
||||
Ikev2ChildSaSessionSpdSelectorCreate (
|
||||
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
|
||||
)
|
||||
{
|
||||
EFI_STATUS Status;
|
||||
|
||||
Status = EFI_SUCCESS;
|
||||
|
||||
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {
|
||||
if (ChildSaSession->SpdSelector == NULL) {
|
||||
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));
|
||||
ASSERT (ChildSaSession->SpdSelector != NULL);
|
||||
if (ChildSaSession->SpdSelector == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
CopyMem (
|
||||
ChildSaSession->SpdSelector,
|
||||
@@ -1753,18 +1786,34 @@ Ikev2ChildSaSessionSpdSelectorCreate (
|
||||
sizeof (EFI_IP_ADDRESS_INFO),
|
||||
ChildSaSession->Spd->Selector->RemoteAddress
|
||||
);
|
||||
if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
|
||||
FreePool (ChildSaSession->SpdSelector);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
|
||||
ChildSaSession->Spd->Selector->LocalAddressCount *
|
||||
sizeof (EFI_IP_ADDRESS_INFO),
|
||||
ChildSaSession->Spd->Selector->LocalAddress
|
||||
);
|
||||
if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
|
||||
ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL);
|
||||
ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);
|
||||
FreePool (ChildSaSession->SpdSelector->RemoteAddress);
|
||||
|
||||
FreePool (ChildSaSession->SpdSelector);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
|
||||
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -1789,7 +1838,9 @@ Ikev2ChildSaSessionCreate (
|
||||
// Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.
|
||||
//
|
||||
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);
|
||||
ASSERT (ChildSaSession != NULL);
|
||||
if (ChildSaSession == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
||||
//
|
||||
// Set the specific parameters.
|
||||
@@ -1810,18 +1861,29 @@ Ikev2ChildSaSessionCreate (
|
||||
// The ChildSaSession->SpdSelector might be changed after the traffic selector
|
||||
// negoniation and it will be copied into the SAData after ChildSA established.
|
||||
//
|
||||
Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
|
||||
if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {
|
||||
Ikev2ChildSaSessionFree (ChildSaSession);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
//
|
||||
// Copy first NiBlock and NrBlock to ChildSa Session
|
||||
//
|
||||
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);
|
||||
ASSERT (ChildSaSession->NiBlock != NULL);
|
||||
if (ChildSaSession->NiBlock == NULL) {
|
||||
Ikev2ChildSaSessionFree (ChildSaSession);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
|
||||
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
|
||||
|
||||
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);
|
||||
ASSERT (ChildSaSession->NrBlock != NULL);
|
||||
if (ChildSaSession->NrBlock == NULL) {
|
||||
Ikev2ChildSaSessionFree (ChildSaSession);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
|
||||
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
|
||||
|
||||
@@ -2194,7 +2256,10 @@ Ikev2SaParseSaPayload (
|
||||
// Find the matched one.
|
||||
//
|
||||
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
|
||||
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
|
||||
if (IkeSaSession->SessionCommon.SaParams == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
|
||||
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
|
||||
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
|
||||
@@ -2209,7 +2274,10 @@ Ikev2SaParseSaPayload (
|
||||
sizeof (IKEV2_PROPOSAL_DATA) +
|
||||
sizeof (IKEV2_TRANSFORM_DATA) * 4;
|
||||
IkeSaSession->SaData = AllocateZeroPool (SaDataSize);
|
||||
ASSERT (IkeSaSession->SaData != NULL);
|
||||
if (IkeSaSession->SaData == NULL) {
|
||||
FreePool (IkeSaSession->SessionCommon.SaParams);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
IkeSaSession->SaData->NumProposals = 1;
|
||||
|
||||
@@ -2225,6 +2293,7 @@ Ikev2SaParseSaPayload (
|
||||
);
|
||||
|
||||
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
|
||||
|
||||
return TRUE;
|
||||
} else {
|
||||
PreferEncryptAlgorithm = 0;
|
||||
@@ -2300,7 +2369,10 @@ Ikev2SaParseSaPayload (
|
||||
|
||||
if (IsMatch) {
|
||||
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
|
||||
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
|
||||
if (IkeSaSession->SessionCommon.SaParams == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
|
||||
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
|
||||
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
|
||||
@@ -2311,6 +2383,7 @@ Ikev2SaParseSaPayload (
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -2391,7 +2464,10 @@ Ikev2ChildSaParseSaPayload (
|
||||
// Find the matched one.
|
||||
//
|
||||
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
|
||||
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
|
||||
if (ChildSaSession->SessionCommon.SaParams == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
|
||||
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
|
||||
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
|
||||
@@ -2405,7 +2481,10 @@ Ikev2ChildSaParseSaPayload (
|
||||
sizeof (IKEV2_TRANSFORM_DATA) * 4;
|
||||
|
||||
ChildSaSession->SaData = AllocateZeroPool (SaDataSize);
|
||||
ASSERT (ChildSaSession->SaData != NULL);
|
||||
if (ChildSaSession->SaData == NULL) {
|
||||
FreePool (ChildSaSession->SessionCommon.SaParams);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ChildSaSession->SaData->NumProposals = 1;
|
||||
|
||||
@@ -2426,7 +2505,14 @@ Ikev2ChildSaParseSaPayload (
|
||||
sizeof (ChildSaSession->LocalPeerSpi),
|
||||
&ChildSaSession->LocalPeerSpi
|
||||
);
|
||||
ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL);
|
||||
if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
|
||||
FreePool (ChildSaSession->SessionCommon.SaParams);
|
||||
|
||||
FreePool (ChildSaSession->SaData );
|
||||
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
return TRUE;
|
||||
|
||||
} else {
|
||||
@@ -2496,7 +2582,10 @@ Ikev2ChildSaParseSaPayload (
|
||||
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
|
||||
if (IsMatch) {
|
||||
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
|
||||
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
|
||||
if (ChildSaSession->SessionCommon.SaParams == NULL) {
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
|
||||
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
|
||||
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
|
||||
@@ -2605,7 +2694,11 @@ Ikev2SaGenerateKey (
|
||||
}
|
||||
|
||||
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);
|
||||
ASSERT (LocalFragments[1].Data != NULL);
|
||||
if (LocalFragments[1].Data == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
goto Exit;
|
||||
}
|
||||
|
||||
LocalFragments[1].DataSize = FragmentsSize;
|
||||
|
||||
//
|
||||
@@ -2631,7 +2724,11 @@ Ikev2SaGenerateKey (
|
||||
// Allocate buffer for the first fragment
|
||||
//
|
||||
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);
|
||||
ASSERT (LocalFragments[0].Data != NULL);
|
||||
if (LocalFragments[0].Data == NULL) {
|
||||
Status = EFI_OUT_OF_RESOURCES;
|
||||
goto Exit;
|
||||
}
|
||||
|
||||
LocalFragments[0].DataSize = AuthKeyLength;
|
||||
|
||||
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;
|
||||
|
Reference in New Issue
Block a user