/** @file\r
The operations for IKEv2 SA.\r
\r
- Copyright (c) 2010, Intel Corporation. All rights reserved.<BR>\r
+ (C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
+ Copyright (c) 2010 - 2016, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
// 1. Allocate IKE packet\r
//\r
IkePacket = IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket->Hdr\r
if ((IkeSaSession->SessionCommon.IsInitiator) && (IkeSaSession->NCookie == NULL)) {\r
IkeSaSession->NiBlkSize = IKE_NONCE_SIZE;\r
IkeSaSession->NiBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT (IkeSaSession->NiBlock != NULL);\r
+ if (IkeSaSession->NiBlock == NULL) {\r
+ goto CheckError;\r
+ }\r
}\r
\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
NonceSize = NoncePayload->PayloadSize - sizeof (IKEV2_COMMON_PAYLOAD_HEADER);\r
NonceBuffer = (UINT8 *) AllocatePool (NonceSize);\r
- ASSERT (NonceBuffer != NULL);\r
+ if (NonceBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto CheckError;\r
+ }\r
+ \r
CopyMem (\r
NonceBuffer,\r
NoncePayload->PayloadBuf + sizeof (IKEV2_COMMON_PAYLOAD_HEADER),\r
// 5. Generate Nr_b\r
//\r
IkeSaSession->NrBlock = IkeGenerateNonce (IKE_NONCE_SIZE);\r
- ASSERT_EFI_ERROR (IkeSaSession->NrBlock != NULL);\r
+ ASSERT (IkeSaSession->NrBlock != NULL);\r
IkeSaSession->NrBlkSize = IKE_NONCE_SIZE;\r
\r
//\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
+ NotifyPayload = NULL;\r
CpPayload = NULL;\r
NotifyPayload = NULL;\r
\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_AUTH\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Auth Payload\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+\r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ }\r
+\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
}\r
\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, AuthPayload);\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTunnel) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+ \r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+\r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
}\r
} else {\r
//\r
//\r
// 5. Generate keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ return Status;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
LIST_ENTRY *Node;\r
IKE_PAYLOAD *NoncePayload;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return NULL;\r
}\r
\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
(IKEV2_SA_SESSION *)SaSession,\r
IKEV2_PAYLOAD_TYPE_NONE,\r
- (UINT8*)PcdGetPtr(UefiCaFile),\r
- PcdGet32(UefiCaFileSize),\r
+ (UINT8*)PcdGetPtr(PcdIpsecUefiCaFile),\r
+ PcdGet32(PcdIpsecUefiCaFileSize),\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
IN IKE_PACKET *IkePacket\r
)\r
{\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return EFI_UNSUPPORTED;\r
} \r
\r
IKE_PAYLOAD *CertReqPayload;\r
IKEV2_CHILD_SA_SESSION *ChildSaSession;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return NULL;\r
}\r
\r
IkeSaSession = (IKEV2_SA_SESSION *) SaSession;\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_BY_IKE_SA (GetFirstNode (&IkeSaSession->ChildSaSessionList));\r
\r
+ IkePacket = NULL;\r
+ IdPayload = NULL;\r
+ AuthPayload = NULL;\r
CpPayload = NULL;\r
+ SaPayload = NULL;\r
+ TsiPayload = NULL;\r
+ TsrPayload = NULL;\r
NotifyPayload = NULL;\r
CertPayload = NULL;\r
CertReqPayload = NULL;\r
// 1. Allocate IKE Packet\r
//\r
IkePacket= IkePacketAlloc ();\r
- ASSERT (IkePacket != NULL);\r
+ if (IkePacket == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// 1.a Fill the IkePacket Header.\r
IdPayload = Ikev2GenerateCertIdPayload (\r
&IkeSaSession->SessionCommon,\r
IKEV2_PAYLOAD_TYPE_CERT,\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize)\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize)\r
);\r
+ if (IdPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
//\r
// 3. Generate Certificate Payload\r
CertPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
(UINT8)(IkeSaSession->SessionCommon.IsInitiator ? IKEV2_PAYLOAD_TYPE_CERTREQ : IKEV2_PAYLOAD_TYPE_AUTH),\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize),\r
IKEV2_CERT_ENCODEING_X509_CERT_SIGN,\r
FALSE\r
);\r
+ if (CertPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
CertReqPayload = Ikev2GenerateCertificatePayload (\r
IkeSaSession,\r
IKEV2_PAYLOAD_TYPE_AUTH,\r
- (UINT8 *)PcdGetPtr (UefiCertificate),\r
- PcdGet32 (UefiCertificateSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificate),\r
+ PcdGet32 (PcdIpsecUefiCertificateSize),\r
IKEV2_CERT_ENCODEING_HASH_AND_URL_OF_X509_CERT,\r
TRUE\r
);\r
+ if (CertReqPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
//\r
IdPayload,\r
IKEV2_PAYLOAD_TYPE_SA,\r
FALSE,\r
- (UINT8 *)PcdGetPtr (UefiCertificateKey),\r
- PcdGet32 (UefiCertificateKeySize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificateKey),\r
+ PcdGet32 (PcdIpsecUefiCertificateKeySize),\r
ChildSaSession->IkeSaSession->Pad->Data->AuthData,\r
ChildSaSession->IkeSaSession->Pad->Data->AuthDataSize\r
);\r
IdPayload,\r
IKEV2_PAYLOAD_TYPE_CP,\r
FALSE,\r
- (UINT8 *)PcdGetPtr (UefiCertificateKey),\r
- PcdGet32 (UefiCertificateKeySize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCertificateKey),\r
+ PcdGet32 (PcdIpsecUefiCertificateKeySize),\r
ChildSaSession->IkeSaSession->Pad->Data->AuthData,\r
ChildSaSession->IkeSaSession->Pad->Data->AuthDataSize\r
);\r
IKEV2_CFG_ATTR_INTERNAL_IP6_ADDRESS\r
);\r
}\r
+ \r
+ if (CpPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
}\r
\r
+ if (AuthPayload == NULL) {\r
+ goto CheckError;\r
+ } \r
+\r
//\r
// 5. Generate SA Payload according to the Sa Data in ChildSaSession\r
//\r
IKEV2_PAYLOAD_TYPE_TS_INIT,\r
IkeSessionTypeChildSa\r
);\r
+ if (SaPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
\r
if (IkeSaSession->Spd->Data->ProcessingPolicy->Mode == EfiIPsecTransport) {\r
//\r
NULL,\r
0\r
);\r
+ if (NotifyPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
} else {\r
//\r
// Generate Tsr for Tunnel mode.\r
);\r
}\r
\r
+ if (TsiPayload == NULL || TsrPayload == NULL) {\r
+ goto CheckError;\r
+ }\r
+\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, IdPayload);\r
IKE_PACKET_APPEND_PAYLOAD (IkePacket, CertPayload);\r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
}\r
\r
return IkePacket;\r
+\r
+CheckError:\r
+ if (IkePacket != NULL) {\r
+ IkePacketFree (IkePacket);\r
+ }\r
+ \r
+ if (IdPayload != NULL) {\r
+ IkePayloadFree (IdPayload);\r
+ }\r
+\r
+ if (CertPayload != NULL) {\r
+ IkePayloadFree (CertPayload);\r
+ }\r
+ \r
+ if (CertReqPayload != NULL) {\r
+ IkePayloadFree (CertReqPayload);\r
+ }\r
+\r
+ if (AuthPayload != NULL) {\r
+ IkePayloadFree (AuthPayload);\r
+ }\r
+\r
+ if (CpPayload != NULL) {\r
+ IkePayloadFree (CpPayload);\r
+ }\r
+ \r
+ if (SaPayload != NULL) {\r
+ IkePayloadFree (SaPayload);\r
+ }\r
+ \r
+ if (TsiPayload != NULL) {\r
+ IkePayloadFree (TsiPayload);\r
+ }\r
+ \r
+ if (TsrPayload != NULL) {\r
+ IkePayloadFree (TsrPayload);\r
+ }\r
+ \r
+ if (NotifyPayload != NULL) {\r
+ IkePayloadFree (NotifyPayload);\r
+ }\r
+ \r
+ return NULL; \r
}\r
\r
/**\r
IKE_PAYLOAD *TsiPayload;\r
IKE_PAYLOAD *TsrPayload;\r
IKE_PAYLOAD *CertPayload;\r
- IKE_PAYLOAD *CertReqPayload;\r
IKE_PAYLOAD *VerifiedAuthPayload;\r
LIST_ENTRY *Entry;\r
EFI_STATUS Status;\r
\r
- if (!FeaturePcdGet (PcdIpsecCertiifcateEnabled)) {\r
+ if (!FeaturePcdGet (PcdIpsecCertificateEnabled)) {\r
return EFI_UNSUPPORTED;\r
}\r
\r
TsiPayload = NULL;\r
TsrPayload = NULL;\r
CertPayload = NULL;\r
- CertReqPayload = NULL;\r
VerifiedAuthPayload = NULL;\r
Status = EFI_INVALID_PARAMETER;\r
\r
if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_CERT) {\r
CertPayload = IkePayload;\r
}\r
- if (IkePayload->PayloadType == IKEV2_PAYLOAD_TYPE_CERTREQ) {\r
- CertReqPayload = IkePayload;\r
- }\r
}\r
\r
if ((SaPayload == NULL) || (AuthPayload == NULL) || (TsiPayload == NULL) || \r
(!IpSecCryptoIoVerifySignDataByCertificate (\r
CertPayload->PayloadBuf + sizeof (IKEV2_CERT),\r
CertPayload->PayloadSize - sizeof (IKEV2_CERT),\r
- (UINT8 *)PcdGetPtr (UefiCaFile),\r
- PcdGet32 (UefiCaFileSize),\r
+ (UINT8 *)PcdGetPtr (PcdIpsecUefiCaFile),\r
+ PcdGet32 (PcdIpsecUefiCaFileSize),\r
VerifiedAuthPayload->PayloadBuf + sizeof (IKEV2_AUTH),\r
VerifiedAuthPayload->PayloadSize - sizeof (IKEV2_AUTH),\r
AuthPayload->PayloadBuf + sizeof (IKEV2_AUTH),\r
//\r
if (ChildSaSession->IkeSaSession->Spd == NULL) {\r
ChildSaSession->IkeSaSession->Spd = ChildSaSession->Spd;\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ Status = Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
}\r
} else {\r
//\r
//\r
// 5. Generat keymats for IPsec protocol.\r
//\r
- Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ Status = Ikev2GenerateChildSaKeys (ChildSaSession, NULL);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
if (IkeSaSession->SessionCommon.IsInitiator) {\r
//\r
// 6. Change the state of IkeSaSession\r
IKEV2_SESSION_KEYS *IkeKeys;\r
\r
IkeSaSession->IkeKeys = AllocateZeroPool (sizeof (IKEV2_SESSION_KEYS));\r
- ASSERT (IkeSaSession->IkeKeys != NULL);\r
+ if (IkeSaSession->IkeKeys == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
+ \r
IkeKeys = IkeSaSession->IkeKeys;\r
IkeKeys->DhBuffer = AllocateZeroPool (sizeof (IKEV2_DH_BUFFER));\r
- ASSERT (IkeKeys->DhBuffer != NULL);\r
+ if (IkeKeys->DhBuffer == NULL) {\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Init DH with the certain DH Group Description.\r
//\r
IkeKeys->DhBuffer->GxSize = OakleyModpGroup[(UINT8)IkeSaSession->SessionCommon.PreferDhGroup].Size >> 3;\r
IkeKeys->DhBuffer->GxBuffer = AllocateZeroPool (IkeKeys->DhBuffer->GxSize);\r
- ASSERT (IkeKeys->DhBuffer->GxBuffer != NULL);\r
+ if (IkeKeys->DhBuffer->GxBuffer == NULL) {\r
+ FreePool (IkeKeys->DhBuffer);\r
+ FreePool (IkeSaSession->IkeKeys);\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get X PublicKey\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam X public key error Status = %r\n", Status));\r
+ \r
+ FreePool (IkeKeys->DhBuffer->GxBuffer);\r
+ \r
+ FreePool (IkeKeys->DhBuffer);\r
+ \r
+ FreePool (IkeSaSession->IkeKeys);\r
+ \r
return Status;\r
}\r
\r
PubKeySize = KePayload->PayloadSize - sizeof (IKEV2_KEY_EXCHANGE);\r
DhBuffer->GxySize = DhBuffer->GxSize;\r
DhBuffer->GxyBuffer = AllocateZeroPool (DhBuffer->GxySize);\r
- ASSERT (DhBuffer->GxyBuffer != NULL);\r
+ if (DhBuffer->GxyBuffer == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
//\r
// Get GxyBuf\r
);\r
if (EFI_ERROR (Status)) {\r
DEBUG ((DEBUG_ERROR, "Error CPLKeyManGetKeyParam Y session key error Status = %r\n", Status));\r
+\r
+ FreePool (DhBuffer->GxyBuffer);\r
+ \r
return Status;\r
}\r
\r
//\r
DhBuffer->GySize = PubKeySize;\r
DhBuffer->GyBuffer = AllocateZeroPool (DhBuffer->GySize);\r
- ASSERT (DhBuffer->GyBuffer != NULL);\r
+ if (DhBuffer->GyBuffer == NULL) {\r
+ FreePool (DhBuffer->GxyBuffer);\r
+ \r
+ return Status;\r
+ }\r
+ \r
CopyMem (DhBuffer->GyBuffer, PubKey, DhBuffer->GySize);\r
\r
IPSEC_DUMP_BUF ("DH Public Key (g^y) Dump", DhBuffer->GyBuffer, DhBuffer->GySize);\r
{\r
EFI_STATUS Status;\r
IKEV2_SA_PARAMS *SaParams;\r
- IPSEC_PAD_ENTRY *Pad;\r
PRF_DATA_FRAGMENT Fragments[4];\r
UINT64 InitiatorCookieNet;\r
UINT64 ResponderCookieNet;\r
Digest = NULL;\r
OutputKey = NULL;\r
KeyBuffer = NULL;\r
+ Status = EFI_SUCCESS;\r
\r
//\r
// Generate Gxy\r
//\r
- Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
-\r
- Pad = IkeSaSession->Pad;\r
+ Status = Ikev2GenerateSaDhComputeKey (IkeSaSession->IkeKeys->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
\r
//\r
// Get the key length of Authenticaion, Encryption, PRF, and Integrity.\r
//\r
KeyBufferSize = IkeSaSession->NiBlkSize + IkeSaSession->NrBlkSize;\r
KeyBuffer = AllocateZeroPool (KeyBufferSize);\r
- ASSERT (KeyBuffer != NULL);\r
+ if (KeyBuffer == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (KeyBuffer, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);\r
CopyMem (KeyBuffer + IkeSaSession->NiBlkSize, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);\r
2 * AuthAlgKeyLen +\r
2 * IntegrityAlgKeyLen;\r
OutputKey = AllocateZeroPool (OutputKeyLength);\r
+ if (OutputKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
//\r
// Generate Seven Keymates.\r
// First, SK_d\r
//\r
IkeSaSession->IkeKeys->SkdKey = AllocateZeroPool (PrfAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkdKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkdKeySize = PrfAlgKeyLen;\r
CopyMem (IkeSaSession->IkeKeys->SkdKey, OutputKey, PrfAlgKeyLen);\r
\r
// Second, Sk_ai\r
//\r
IkeSaSession->IkeKeys->SkAiKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkAiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkAiKeySize = IntegrityAlgKeyLen;\r
CopyMem (IkeSaSession->IkeKeys->SkAiKey, OutputKey + PrfAlgKeyLen, IntegrityAlgKeyLen);\r
\r
// Third, Sk_ar\r
//\r
IkeSaSession->IkeKeys->SkArKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkArKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkArKeySize = IntegrityAlgKeyLen;\r
CopyMem (\r
IkeSaSession->IkeKeys->SkArKey,\r
// Fourth, Sk_ei\r
//\r
IkeSaSession->IkeKeys->SkEiKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkEiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkEiKeySize = EncryptAlgKeyLen;\r
\r
CopyMem (\r
// Fifth, Sk_er\r
//\r
IkeSaSession->IkeKeys->SkErKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkErKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkErKeySize = EncryptAlgKeyLen;\r
\r
CopyMem (\r
// Sixth, Sk_pi\r
//\r
IkeSaSession->IkeKeys->SkPiKey = AllocateZeroPool (AuthAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkPiKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkPiKeySize = AuthAlgKeyLen;\r
\r
CopyMem (\r
// Seventh, Sk_pr\r
//\r
IkeSaSession->IkeKeys->SkPrKey = AllocateZeroPool (AuthAlgKeyLen);\r
+ if (IkeSaSession->IkeKeys->SkPrKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
IkeSaSession->IkeKeys->SkPrKeySize = AuthAlgKeyLen;\r
\r
CopyMem (\r
if (OutputKey != NULL) {\r
FreePool (OutputKey);\r
}\r
+\r
+ if (EFI_ERROR(Status)) {\r
+ if (IkeSaSession->IkeKeys->SkdKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkdKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkAiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkAiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkArKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkArKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkEiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkEiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkErKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkErKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkPiKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkPiKey);\r
+ }\r
+ if (IkeSaSession->IkeKeys->SkPrKey != NULL) {\r
+ FreePool (IkeSaSession->IkeKeys->SkPrKey);\r
+ }\r
+ }\r
+\r
\r
return Status;\r
}\r
UINT8* OutputKey;\r
UINTN OutputKeyLength;\r
\r
+ Status = EFI_SUCCESS;\r
+ OutputKey = NULL;\r
+ \r
if (KePayload != NULL) {\r
//\r
// Generate Gxy \r
//\r
- Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ Status = Ikev2GenerateSaDhComputeKey (ChildSaSession->DhBuffer, KePayload);\r
+ if (EFI_ERROR (Status)) {\r
+ goto Exit;\r
+ }\r
+ \r
Fragments[0].Data = ChildSaSession->DhBuffer->GxyBuffer;\r
Fragments[0].DataSize = ChildSaSession->DhBuffer->GxySize;\r
}\r
OutputKeyLength = 2 * EncryptAlgKeyLen + 2 * IntegrityAlgKeyLen;\r
\r
if ((EncryptAlgKeyLen == 0) || (IntegrityAlgKeyLen == 0)) {\r
- return EFI_UNSUPPORTED;\r
+ Status = EFI_UNSUPPORTED;\r
+ goto Exit;\r
}\r
\r
//\r
// otherwise, KEYMAT = prf+(SK_d, Ni | Nr )\r
//\r
OutputKey = AllocateZeroPool (OutputKeyLength);\r
+ if (OutputKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
//\r
// Derive Key from the SkdKey Buffer.\r
);\r
\r
if (EFI_ERROR (Status)) {\r
- FreePool (OutputKey);\r
- return Status;\r
+ goto Exit; \r
}\r
\r
//\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,\r
OutputKey + EncryptAlgKeyLen,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,\r
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
\r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey,\r
OutputKey,\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey,\r
OutputKey + EncryptAlgKeyLen,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncAlgoId = (UINT8)SaParams->EncAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKeyLength = EncryptAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey = AllocateZeroPool (EncryptAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey,\r
OutputKey + EncryptAlgKeyLen + IntegrityAlgKeyLen,\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthAlgoId = (UINT8)SaParams->IntegAlgId;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKeyLength = IntegrityAlgKeyLen;\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey = AllocateZeroPool (IntegrityAlgKeyLen);\r
-\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ } \r
+ \r
CopyMem (\r
ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey,\r
OutputKey + 2 * EncryptAlgKeyLen + IntegrityAlgKeyLen,\r
IntegrityAlgKeyLen\r
);\r
\r
- FreePool (OutputKey);\r
+\r
+\r
+Exit:\r
+ if (EFI_ERROR (Status)) {\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.EncKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.LocalPeerInfo.EspAlgoInfo.AuthKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.EncKey);\r
+ }\r
+ if (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey != NULL) {\r
+ FreePool (ChildSaSession->ChildKeymats.RemotePeerInfo.EspAlgoInfo.AuthKey);\r
+ }\r
+ }\r
+\r
+ if (OutputKey != NULL) {\r
+ FreePool (OutputKey);\r
+ }\r
\r
return EFI_SUCCESS;\r
}\r
projects / mirror_edk2.git / blobdiff