/** @file\r
The operations for IKEv2 SA.\r
\r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
+ Copyright (c) 2010 - 2018, Intel Corporation. All rights reserved.<BR>\r
\r
- This program and the accompanying materials\r
- are licensed and made available under the terms and conditions of the BSD License\r
- which accompanies this distribution. The full text of the license may be found at\r
- http://opensource.org/licenses/bsd-license.php.\r
-\r
- THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
- WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
+ SPDX-License-Identifier: BSD-2-Clause-Patent\r
\r
**/\r
\r
Generates the DH Key.\r
\r
This generates the DH local public key and store it in the IKEv2 SA Session's GxBuffer.\r
- \r
+\r
@param[in] IkeSaSession Pointer to related IKE SA Session.\r
\r
@retval EFI_SUCCESS The operation succeeded.\r
// 1. Allocate IKE packet\r
//\r
IkePacket = IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket->Hdr\r
// IkeSaSession is responder. If resending IKE_SA_INIT with Cookie Notify\r
// No need to recompute the Public key.\r
//\r
- if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) { \r
+ if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {\r
Status = Ikev2GenerateSaDhPublicKey (IkeSaSession);\r
if (EFI_ERROR (Status)) {\r
goto CheckError;\r
// 4. Generate KE Payload according to SaParams->DhGroup\r
//\r
KePayload = Ikev2GenerateKePayload (\r
- IkeSaSession, \r
+ IkeSaSession,\r
IKEV2_PAYLOAD_TYPE_NONCE\r
);\r
\r
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {\r
IkeSaSession->NiBlkSize = IKE_NONCE_SIZE;\r
IkeSaSession->NiBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT (IkeSaSession->NiBlock != NULL);\r
+ if (IkeSaSession->NiBlock == NULL) {\r
+ goto CheckError;\r
+ }\r
}\r
\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
if (SaPayload != NULL) {\r
IkePayloadFree (SaPayload);\r
}\r
- return NULL; \r
+ return NULL;\r
}\r
\r
/**\r
Ikev2InitPskParser (\r
IN UINT8 *SaSession,\r
IN IKE_PACKET *IkePacket\r
- ) \r
+ )\r
{\r
IKEV2_SA_SESSION *IkeSaSession;\r
IKE_PAYLOAD *SaPayload;\r
// as first payload and all other payloads unchanged.\r
//\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
- if (NotifyPayload != NULL) {\r
- Status = Ikev2ParserNotifyCookiePayload (NotifyPayload, IkeSaSession);\r
- return Status;\r
+ if (NotifyPayload != NULL && !EFI_ERROR(Ikev2ParserNotifyCookiePayload (NotifyPayload, IkeSaSession))) {\r
+ return EFI_SUCCESS;\r
}\r
}\r
\r
//\r
NonceSize = NoncePayload->PayloadSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER);\r
NonceBuffer = (UINT8 *) AllocatePool (NonceSize);\r
- ASSERT (NonceBuffer != NULL);\r
+ if (NonceBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto CheckError;\r
+ }\r
+\r
CopyMem (\r
NonceBuffer,\r
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),\r
// 5. Generate Nr_b\r
//\r
IkeSaSession->NrBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT_EFI_ERROR (IkeSaSession->NrBlock != NULL);\r
+ ASSERT (IkeSaSession->NrBlock != NULL);\r
IkeSaSession->NrBlkSize = IKE_NONCE_SIZE;\r
\r
//\r
if (NonceBuffer != NULL) {\r
FreePool (NonceBuffer);\r
}\r
- \r
+\r
return Status;\r
}\r
\r
IKE_PAYLOAD *NotifyPayload;\r
IKE_PAYLOAD *CpPayload;\r
IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
- \r
+\r
\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
+ NotifyPayload = NULL;\r
CpPayload = NULL;\r
NotifyPayload = NULL;\r
- \r
+\r
//\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
}\r
\r
//\r
- // According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should \r
+ // According to RFC4306_2.2, For the IKE_SA_INIT message the MessageID should\r
// be always number 0 and 1;\r
//\r
IkePacket->Header->MessageId = 1;\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_AUTH\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Auth Payload\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+\r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ }\r
+\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
}\r
\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+\r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+\r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+\r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+\r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+\r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+\r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+\r
+ return NULL;\r
}\r
\r
/**\r
@param[in] SaSession Pointer to the IKE_SA_SESSION related to this packet.\r
@param[in] IkePacket Pointer to the IKE_AUTH packet to be parsered.\r
\r
- @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA \r
+ @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA\r
proposal is unacceptable.\r
@retval EFI_SUCCESS The IKE packet is acceptable and the\r
relative data is saved for furthure communication.\r
\r
**/\r
-EFI_STATUS \r
+EFI_STATUS\r
Ikev2AuthPskParser (\r
IN UINT8 *SaSession,\r
IN IKE_PACKET *IkePacket\r
// Check IkePacket Header is match the state\r
//\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
- \r
+\r
//\r
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND\r
//\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
}\r
} else {\r
//\r
(((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)\r
) {\r
return EFI_INVALID_PARAMETER;\r
- } \r
+ }\r
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&\r
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)\r
) {\r
return EFI_INVALID_PARAMETER;\r
}\r
//\r
- // Get the Virtual IP address from the Tsi traffic selector. \r
+ // Get the Virtual IP address from the Tsi traffic selector.\r
// TODO: check the CFG reply payload\r
//\r
CopyMem (\r
(ChildSaSession->SessionCommon.UdpService->IpVersion == IP_VERSION_4) ?\r
sizeof (EFI_IPv4_ADDRESS) : sizeof (EFI_IPv6_ADDRESS)\r
);\r
- } \r
+ }\r
}\r
\r
//\r
// 5. Generate keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IKEV2_DUMP_STATE (IkeSaSession->SessionCommon.State, IkeStateIkeSaEstablished);\r
IkeSaSession->SessionCommon.State = IkeStateIkeSaEstablished;\r
}\r
- \r
+\r
return EFI_SUCCESS;\r
}\r
\r
Ikev2InitCertGenerator (\r
IN UINT8 *SaSession,\r
IN VOID *Context\r
- ) \r
+ )\r
{\r
IKE_PACKET *IkePacket;\r
IKE_PAYLOAD *CertReqPayload;\r
LIST_ENTRY *Node;\r
IKE_PAYLOAD *NoncePayload;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return NULL;\r
}\r
\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
(IKEV2_SA_SESSION *)SaSession,\r
IKEV2_PAYLOAD_TYPE_NONE,\r
- (UINT8*)PcdGetPtr(UefiCaFile),\r
- PcdGet32(UefiCaFileSize),\r
+ (UINT8*)PcdGetPtr(PcdIpsecUefiCaFile),\r
+ PcdGet32(PcdIpsecUefiCaFileSize),\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
\r
@retval EFI_SUCCESS The IKEv2 packet is acceptable and the relative data is\r
saved for furthure communication.\r
- @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable. \r
+ @retval EFI_INVALID_PARAMETER The IKE packet is malformed or the SA proposal is unacceptable.\r
@retval EFI_UNSUPPORTED The certificate authentication is not supported.\r
\r
**/\r
IN IKE_PACKET *IkePacket\r
)\r
{\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return EFI_UNSUPPORTED;\r
- } \r
- \r
+ }\r
+\r
//\r
// The first two messages exchange is same between PSK and Cert.\r
- // Todo: Parse Certificate Request from responder Initial Exchange. \r
+ // Todo: Parse Certificate Request from responder Initial Exchange.\r
//\r
return Ikev2InitPskParser (SaSession, IkePacket);\r
}\r
IKE_PAYLOAD *CertReqPayload;\r
IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return NULL;\r
}\r
\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
CpPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
NotifyPayload = NULL;\r
CertPayload = NULL;\r
CertReqPayload = NULL;\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
IdPayload = Ikev2GenerateCertIdPayload (\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_CERT,\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize)\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize)\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Certificate Payload\r
CertPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
(UINT8)(IkeSaSession->SessionCommon.IsInitiator ? IKEV2_PAYLOAD_TYPE_CERTREQ : IKEV2_PAYLOAD_TYPE_AUTH),\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize),\r
IKEV2_CERT_ENCODEING_X509_CERT_SIGN,\r
FALSE\r
);\r
+ if (CertPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
IKEV2_PAYLOAD_TYPE_AUTH,\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize),\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
+ if (CertReqPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
}\r
\r
//\r
IdPayload,\r
IKEV2_PAYLOAD_TYPE_SA,\r
FALSE,\r
- (UINT8 *)PcdGetPtr (UefiCertificateKey),\r
- PcdGet32 (UefiCertificateKeySize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificateKey),\r
+ PcdGet32 (PcdIpsecUefiCertificateKeySize),\r
ChildSaSession->IkeSaSession->Pad->Data->AuthData,\r
ChildSaSession->IkeSaSession->Pad->Data->AuthDataSize\r
);\r
IdPayload,\r
IKEV2_PAYLOAD_TYPE_CP,\r
FALSE,\r
- (UINT8 *)PcdGetPtr (UefiCertificateKey),\r
- PcdGet32 (UefiCertificateKeySize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificateKey),\r
+ PcdGet32 (PcdIpsecUefiCertificateKeySize),\r
ChildSaSession->IkeSaSession->Pad->Data->AuthData,\r
ChildSaSession->IkeSaSession->Pad->Data->AuthDataSize\r
);\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+\r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ }\r
+\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
}\r
\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
);\r
\r
//\r
- // Generate Notify Payload. If transport mode, there should have Notify \r
+ // Generate Notify Payload. If transport mode, there should have Notify\r
// payload with TRANSPORT_MODE notification.\r
//\r
NotifyPayload = Ikev2GenerateNotifyPayload (\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+\r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (CertPayload != NULL) {\r
+ IkePayloadFree (CertPayload);\r
+ }\r
+\r
+ if (CertReqPayload != NULL) {\r
+ IkePayloadFree (CertReqPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+\r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+\r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+\r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+\r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+\r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+\r
+ return NULL;\r
}\r
\r
/**\r
IKE_PAYLOAD *TsiPayload;\r
IKE_PAYLOAD *TsrPayload;\r
IKE_PAYLOAD *CertPayload;\r
- IKE_PAYLOAD *CertReqPayload;\r
IKE_PAYLOAD *VerifiedAuthPayload;\r
LIST_ENTRY *Entry;\r
EFI_STATUS Status;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
TsiPayload = NULL;\r
TsrPayload = NULL;\r
CertPayload = NULL;\r
- CertReqPayload = NULL;\r
VerifiedAuthPayload = NULL;\r
Status = EFI_INVALID_PARAMETER;\r
\r
if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_CERT) {\r
CertPayload = IkePayload;\r
}\r
- if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_CERTREQ) {\r
- CertReqPayload = IkePayload;\r
- }\r
}\r
\r
- if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) || \r
+ if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) ||\r
(TsrPayload == NULL) || (CertPayload == NULL)) {\r
goto Exit;\r
}\r
// Check IkePacket Header is match the state\r
//\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
- \r
+\r
//\r
// 1. Check the IkePacket->Hdr == IKE_HEADER_FLAGS_RESPOND\r
//\r
(!IpSecCryptoIoVerifySignDataByCertificate (\r
CertPayload->PayloadBuf + sizeof (IKEV2_CERT),\r
CertPayload->PayloadSize - sizeof (IKEV2_CERT),\r
- (UINT8 *)PcdGetPtr (UefiCaFile),\r
- PcdGet32 (UefiCaFileSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCaFile),\r
+ PcdGet32 (PcdIpsecUefiCaFileSize),\r
VerifiedAuthPayload->PayloadBuf + sizeof (IKEV2_AUTH),\r
VerifiedAuthPayload->PayloadSize - sizeof (IKEV2_AUTH),\r
AuthPayload->PayloadBuf + sizeof (IKEV2_AUTH),\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
}\r
} else {\r
//\r
(((TRAFFIC_SELECTOR *)(TsrPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->RemotePort)\r
) {\r
goto Exit;\r
- } \r
+ }\r
if ((((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != 0) &&\r
(((TRAFFIC_SELECTOR *)(TsiPayload->PayloadBuf + sizeof (IKEV2_TS)))->StartPort != ChildSaSession->LocalPort)\r
) {\r
goto Exit;\r
}\r
//\r
- // Get the Virtual IP address from the Tsi traffic selector. \r
+ // Get the Virtual IP address from the Tsi traffic selector.\r
// TODO: check the CFG reply payload\r
//\r
CopyMem (\r
);\r
}\r
}\r
- \r
+\r
//\r
// 5. Generat keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IKEV2_SESSION_KEYS *IkeKeys;\r
\r
IkeSaSession->IkeKeys = AllocateZeroPool (sizeof (IKEV2_SESSION_KEYS));\r
- ASSERT (IkeSaSession->IkeKeys != NULL);\r
+ if (IkeSaSession->IkeKeys == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+\r
IkeKeys = IkeSaSession->IkeKeys;\r
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));\r
- ASSERT (IkeKeys->DhBuffer != NULL);\r
+ if (IkeKeys->DhBuffer == NULL) {\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Init DH with the certain DH Group Description.\r
//\r
IkeKeys->DhBuffer->GxSize = OakleyModpGroup[(UINT8)IkeSaSession->SessionCommon.PreferDhGroup].Size >> 3;\r
IkeKeys->DhBuffer->GxBuffer = AllocateZeroPool (IkeKeys->DhBuffer->GxSize);\r
- ASSERT (IkeKeys->DhBuffer->GxBuffer != NULL);\r
+ if (IkeKeys->DhBuffer->GxBuffer == NULL) {\r
+ FreePool (IkeKeys->DhBuffer);\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get X PublicKey\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));\r
+\r
+ FreePool (IkeKeys->DhBuffer->GxBuffer);\r
+\r
+ FreePool (IkeKeys->DhBuffer);\r
+\r
+ FreePool (IkeSaSession->IkeKeys);\r
+\r
return Status;\r
}\r
\r
\r
@param[in] DhBuffer Pointer to buffer of peer's puliic key.\r
@param[in] KePayload Pointer to received key payload.\r
- \r
+\r
@retval EFI_SUCCESS The operation succeeded.\r
@retval Otherwise The operation failed.\r
\r
PubKeySize = KePayload->PayloadSize - sizeof (IKEV2_KEY_EXCHANGE);\r
DhBuffer->GxySize = DhBuffer->GxSize;\r
DhBuffer->GxyBuffer = AllocateZeroPool (DhBuffer->GxySize);\r
- ASSERT (DhBuffer->GxyBuffer != NULL);\r
+ if (DhBuffer->GxyBuffer == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get GxyBuf\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));\r
+\r
+ FreePool (DhBuffer->GxyBuffer);\r
+\r
return Status;\r
}\r
\r
//\r
DhBuffer->GySize = PubKeySize;\r
DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);\r
- ASSERT (DhBuffer->GyBuffer != NULL);\r
+ if (DhBuffer->GyBuffer == NULL) {\r
+ FreePool (DhBuffer->GxyBuffer);\r
+\r
+ return Status;\r
+ }\r
+\r
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);\r
\r
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);\r
{\r
EFI_STATUS Status;\r
IKEV2_SA_PARAMS *SaParams;\r
- IPSEC_PAD_ENTRY *Pad;\r
PRF_DATA_FRAGMENT Fragments[4];\r
UINT64 InitiatorCookieNet;\r
UINT64 ResponderCookieNet;\r
Digest = NULL;\r
OutputKey = NULL;\r
KeyBuffer = NULL;\r
+ Status = EFI_SUCCESS;\r
\r
//\r
// Generate Gxy\r
//\r
- Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
-\r
- Pad = IkeSaSession->Pad;\r
+ Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
\r
//\r
// Get the key length of Authenticaion, Encryption, PRF, and Integrity.\r
//\r
// If one or more algorithm is not support, return EFI_UNSUPPORTED.\r
//\r
- if (AuthAlgKeyLen == 0 || \r
+ if (AuthAlgKeyLen == 0 ||\r
EncryptAlgKeyLen == 0 ||\r
IntegrityAlgKeyLen == 0 ||\r
PrfAlgKeyLen == 0\r
//\r
KeyBufferSize = IkeSaSession->NiBlkSize + IkeSaSession->NrBlkSize;\r
KeyBuffer = AllocateZeroPool (KeyBufferSize);\r
- ASSERT (KeyBuffer != NULL);\r
+ if (KeyBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (KeyBuffer, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);\r
CopyMem (KeyBuffer + IkeSaSession->NiBlkSize, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);\r
IPSEC_DUMP_BUF (">>> NrBlock", IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);\r
IPSEC_DUMP_BUF (">>> InitiatorCookie", (UINT8 *)&IkeSaSession->InitiatorCookie, sizeof(UINT64));\r
IPSEC_DUMP_BUF (">>> ResponderCookie", (UINT8 *)&IkeSaSession->ResponderCookie, sizeof(UINT64));\r
- \r
- OutputKeyLength = PrfAlgKeyLen + \r
+\r
+ OutputKeyLength = PrfAlgKeyLen +\r
2 * EncryptAlgKeyLen +\r
2 * AuthAlgKeyLen +\r
2 * IntegrityAlgKeyLen;\r
OutputKey = AllocateZeroPool (OutputKeyLength);\r
+ if (OutputKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
//\r
// Generate Seven Keymates.\r
// First, SK_d\r
//\r
IkeSaSession->IkeKeys->SkdKey = AllocateZeroPool (PrfAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkdKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkdKeySize = PrfAlgKeyLen;\r
CopyMem (IkeSaSession->IkeKeys->SkdKey, OutputKey, PrfAlgKeyLen);\r
\r
// Second, Sk_ai\r
//\r
IkeSaSession->IkeKeys->SkAiKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkAiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkAiKeySize = IntegrityAlgKeyLen;\r
CopyMem (IkeSaSession->IkeKeys->SkAiKey, OutputKey + PrfAlgKeyLen, IntegrityAlgKeyLen);\r
- \r
+\r
IPSEC_DUMP_BUF (">>> SK_Ai Key", IkeSaSession->IkeKeys->SkAiKey, IkeSaSession->IkeKeys->SkAiKeySize);\r
\r
//\r
// Third, Sk_ar\r
//\r
IkeSaSession->IkeKeys->SkArKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkArKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkArKeySize = IntegrityAlgKeyLen;\r
CopyMem (\r
IkeSaSession->IkeKeys->SkArKey,\r
OutputKey + PrfAlgKeyLen + IntegrityAlgKeyLen,\r
IntegrityAlgKeyLen\r
);\r
- \r
+\r
IPSEC_DUMP_BUF (">>> SK_Ar Key", IkeSaSession->IkeKeys->SkArKey, IkeSaSession->IkeKeys->SkArKeySize);\r
\r
//\r
// Fourth, Sk_ei\r
//\r
IkeSaSession->IkeKeys->SkEiKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkEiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkEiKeySize = EncryptAlgKeyLen;\r
- \r
+\r
CopyMem (\r
IkeSaSession->IkeKeys->SkEiKey,\r
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,\r
EncryptAlgKeyLen\r
);\r
IPSEC_DUMP_BUF (\r
- ">>> SK_Ei Key", \r
+ ">>> SK_Ei Key",\r
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen,\r
EncryptAlgKeyLen\r
);\r
// Fifth, Sk_er\r
//\r
IkeSaSession->IkeKeys->SkErKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkErKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkErKeySize = EncryptAlgKeyLen;\r
\r
CopyMem (\r
// Sixth, Sk_pi\r
//\r
IkeSaSession->IkeKeys->SkPiKey = AllocateZeroPool (AuthAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkPiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkPiKeySize = AuthAlgKeyLen;\r
\r
CopyMem (\r
// Seventh, Sk_pr\r
//\r
IkeSaSession->IkeKeys->SkPrKey = AllocateZeroPool (AuthAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkPrKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkPrKeySize = AuthAlgKeyLen;\r
\r
CopyMem (\r
IkeSaSession->IkeKeys->SkPrKey,\r
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,\r
AuthAlgKeyLen\r
- ); \r
+ );\r
IPSEC_DUMP_BUF (\r
">>> SK_Pr Key",\r
OutputKey + AuthAlgKeyLen + 2 * IntegrityAlgKeyLen + 2 * EncryptAlgKeyLen + AuthAlgKeyLen,\r
if (OutputKey != NULL) {\r
FreePool (OutputKey);\r
}\r
- \r
+\r
+ if (EFI_ERROR(Status)) {\r
+ if (IkeSaSession->IkeKeys->SkdKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkdKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkAiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkAiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkArKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkArKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkEiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkEiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkErKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkErKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkPiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkPiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkPrKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkPrKey);\r
+ }\r
+ }\r
+\r
+\r
return Status;\r
}\r
\r
UINT8* OutputKey;\r
UINTN OutputKeyLength;\r
\r
+ Status = EFI_SUCCESS;\r
+ OutputKey = NULL;\r
+\r
if (KePayload != NULL) {\r
//\r
- // Generate Gxy \r
+ // Generate Gxy\r
//\r
- Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+\r
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;\r
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;\r
}\r
OutputKeyLength = 2 * EncryptAlgKeyLen + 2 * IntegrityAlgKeyLen;\r
\r
if ((EncryptAlgKeyLen == 0) || (IntegrityAlgKeyLen == 0)) {\r
- return EFI_UNSUPPORTED;\r
+ Status = EFI_UNSUPPORTED;\r
+ goto Exit;\r
}\r
\r
//\r
- // \r
+ //\r
// If KePayload is not NULL, calculate KEYMAT = prf+(SK_d, g^ir (new) | Ni | Nr ),\r
// otherwise, KEYMAT = prf+(SK_d, Ni | Nr )\r
//\r
OutputKey = AllocateZeroPool (OutputKeyLength);\r
+ if (OutputKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
//\r
// Derive Key from the SkdKey Buffer.\r
);\r
\r
if (EFI_ERROR (Status)) {\r
- FreePool (OutputKey);\r
- return Status;\r
+ goto Exit;\r
}\r
- \r
+\r
//\r
// Copy KEYMATE (SK_ENCRYPT_i | SK_ENCRYPT_r | SK_INTEG_i | SK_INTEG_r) to\r
// ChildKeyMates.\r
- // \r
+ //\r
if (!ChildSaSession->SessionCommon.IsInitiator) {\r
\r
- // \r
+ //\r
// Initiator Encryption Key\r
//\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
- \r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+\r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,\r
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,\r
IntegrityAlgKeyLen\r
);\r
\r
- FreePool (OutputKey);\r
- \r
+\r
+\r
+Exit:\r
+ if (EFI_ERROR (Status)) {\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey);\r
+ }\r
+ }\r
+\r
+ if (OutputKey != NULL) {\r
+ FreePool (OutputKey);\r
+ }\r
+\r
return EFI_SUCCESS;\r
}\r
\r