NetworkPkg: Remove ASSERT and use error handling in IpSecDxe

This patch is used to refine the code by removing ASSERT and
using error handling in IpSecDxe driver.

Cc: Ye Ting <ting.ye@intel.com>
Cc: Fu Siyuan <siyuan.fu@intel.com>
Cc: Zhang Lubo <lubo.zhang@intel.com>
Cc: Yao Jiewen <jiewen.yao@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiaxin Wu <jiaxin.wu@intel.com>
Reviewed-by: Ye Ting <ting.ye@intel.com>
This commit is contained in:
Jiaxin Wu
2016-06-17 11:59:47 +08:00
parent 415aa2f1cb
commit 6b16c9e7ea
8 changed files with 379 additions and 97 deletions

View File

@@ -2,7 +2,7 @@
The Common operations used by IKE Exchange Process.
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>
Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>
Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>
This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
@@ -57,7 +57,9 @@ Ikev2SaSessionAlloc (
IKEV2_SA_SESSION *IkeSaSession;
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));
ASSERT (IkeSaSession != NULL);
if (IkeSaSession == NULL) {
return NULL;
}
//
// Initialize the fields of IkeSaSession and its SessionCommon.
@@ -908,9 +910,9 @@ Ikev2ChildSaSilentDelete (
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);
Selector = AllocateZeroPool (SelectorSize);
ASSERT (Selector != NULL);
if (Selector == NULL) {
return EFI_OUT_OF_RESOURCES;
}
while (1) {
Status = EfiIpSecConfigGetNextSelector (
@@ -923,7 +925,11 @@ Ikev2ChildSaSilentDelete (
FreePool (Selector);
Selector = AllocateZeroPool (SelectorSize);
ASSERT (Selector != NULL);
if (Selector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
Status = EfiIpSecConfigGetNextSelector (
&Private->IpSecConfig,
IPsecConfigDataTypeSad,
@@ -943,7 +949,11 @@ Ikev2ChildSaSilentDelete (
//
IsRemoteFound = TRUE;
RemoteSelector = AllocateZeroPool (SelectorSize);
ASSERT (RemoteSelector != NULL);
if (RemoteSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (RemoteSelector, Selector, SelectorSize);
}
@@ -954,7 +964,11 @@ Ikev2ChildSaSilentDelete (
//
IsLocalFound = TRUE;
LocalSelector = AllocateZeroPool (SelectorSize);
ASSERT (LocalSelector != NULL);
if (LocalSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
break;
}
CopyMem (LocalSelector, Selector, SelectorSize);
}
}
@@ -1270,7 +1284,11 @@ Ikev2InitializeSaData (
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
ASSERT (ProposalData->Spi != NULL);
if (ProposalData->Spi == NULL) {
FreePool (SaData);
return NULL;
}
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1338,7 +1356,12 @@ Ikev2InitializeSaData (
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;
ProposalData->NumTransforms = 3;
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));
ASSERT (ProposalData->Spi != NULL);
if (ProposalData->Spi == NULL) {
FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);
FreePool (SaData);
return NULL;
}
CopyMem (
ProposalData->Spi,
&ChildSaSession->LocalPeerSpi,
@@ -1731,17 +1754,27 @@ Ikev2ResendNotify (
than the one in ChildSaSession->Spd, especially for the tunnel mode.
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.
@retval EFI_SUCCESS The operation complete successfully.
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.
**/
VOID
EFI_STATUS
Ikev2ChildSaSessionSpdSelectorCreate (
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession
)
{
EFI_STATUS Status;
Status = EFI_SUCCESS;
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {
if (ChildSaSession->SpdSelector == NULL) {
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));
ASSERT (ChildSaSession->SpdSelector != NULL);
if (ChildSaSession->SpdSelector == NULL) {
Status = EFI_OUT_OF_RESOURCES;
return Status;
}
}
CopyMem (
ChildSaSession->SpdSelector,
@@ -1753,18 +1786,34 @@ Ikev2ChildSaSessionSpdSelectorCreate (
sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->RemoteAddress
);
if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {
Status = EFI_OUT_OF_RESOURCES;
FreePool (ChildSaSession->SpdSelector);
return Status;
}
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (
ChildSaSession->Spd->Selector->LocalAddressCount *
sizeof (EFI_IP_ADDRESS_INFO),
ChildSaSession->Spd->Selector->LocalAddress
);
if (ChildSaSession->SpdSelector->LocalAddress == NULL) {
Status = EFI_OUT_OF_RESOURCES;
ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL);
ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);
FreePool (ChildSaSession->SpdSelector->RemoteAddress);
FreePool (ChildSaSession->SpdSelector);
return Status;
}
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount;
}
return Status;
}
/**
@@ -1789,7 +1838,9 @@ Ikev2ChildSaSessionCreate (
// Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.
//
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);
ASSERT (ChildSaSession != NULL);
if (ChildSaSession == NULL) {
return NULL;
}
//
// Set the specific parameters.
@@ -1810,18 +1861,29 @@ Ikev2ChildSaSessionCreate (
// The ChildSaSession->SpdSelector might be changed after the traffic selector
// negoniation and it will be copied into the SAData after ChildSA established.
//
Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);
if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
//
// Copy first NiBlock and NrBlock to ChildSa Session
//
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);
ASSERT (ChildSaSession->NiBlock != NULL);
if (ChildSaSession->NiBlock == NULL) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);
ASSERT (ChildSaSession->NrBlock != NULL);
if (ChildSaSession->NrBlock == NULL) {
Ikev2ChildSaSessionFree (ChildSaSession);
return NULL;
}
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);
@@ -2194,7 +2256,10 @@ Ikev2SaParseSaPayload (
// Find the matched one.
//
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2209,7 +2274,10 @@ Ikev2SaParseSaPayload (
sizeof (IKEV2_PROPOSAL_DATA) +
sizeof (IKEV2_TRANSFORM_DATA) * 4;
IkeSaSession->SaData = AllocateZeroPool (SaDataSize);
ASSERT (IkeSaSession->SaData != NULL);
if (IkeSaSession->SaData == NULL) {
FreePool (IkeSaSession->SessionCommon.SaParams);
return FALSE;
}
IkeSaSession->SaData->NumProposals = 1;
@@ -2225,6 +2293,7 @@ Ikev2SaParseSaPayload (
);
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;
return TRUE;
} else {
PreferEncryptAlgorithm = 0;
@@ -2300,7 +2369,10 @@ Ikev2SaParseSaPayload (
if (IsMatch) {
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);
if (IkeSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;
@@ -2311,6 +2383,7 @@ Ikev2SaParseSaPayload (
return TRUE;
}
}
return FALSE;
}
@@ -2391,7 +2464,10 @@ Ikev2ChildSaParseSaPayload (
// Find the matched one.
//
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2405,7 +2481,10 @@ Ikev2ChildSaParseSaPayload (
sizeof (IKEV2_TRANSFORM_DATA) * 4;
ChildSaSession->SaData = AllocateZeroPool (SaDataSize);
ASSERT (ChildSaSession->SaData != NULL);
if (ChildSaSession->SaData == NULL) {
FreePool (ChildSaSession->SessionCommon.SaParams);
return FALSE;
}
ChildSaSession->SaData->NumProposals = 1;
@@ -2426,7 +2505,14 @@ Ikev2ChildSaParseSaPayload (
sizeof (ChildSaSession->LocalPeerSpi),
&ChildSaSession->LocalPeerSpi
);
ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL);
if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {
FreePool (ChildSaSession->SessionCommon.SaParams);
FreePool (ChildSaSession->SaData );
return FALSE;
}
return TRUE;
} else {
@@ -2496,7 +2582,10 @@ Ikev2ChildSaParseSaPayload (
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);
if (IsMatch) {
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));
ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);
if (ChildSaSession->SessionCommon.SaParams == NULL) {
return FALSE;
}
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;
@@ -2605,7 +2694,11 @@ Ikev2SaGenerateKey (
}
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);
ASSERT (LocalFragments[1].Data != NULL);
if (LocalFragments[1].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
LocalFragments[1].DataSize = FragmentsSize;
//
@@ -2631,7 +2724,11 @@ Ikev2SaGenerateKey (
// Allocate buffer for the first fragment
//
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);
ASSERT (LocalFragments[0].Data != NULL);
if (LocalFragments[0].Data == NULL) {
Status = EFI_OUT_OF_RESOURCES;
goto Exit;
}
LocalFragments[0].DataSize = AuthKeyLength;
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;