The Common operations used by IKE Exchange Process.\r
\r
(C) Copyright 2015 Hewlett-Packard Development Company, L.P.<BR>\r
- Copyright (c) 2010 - 2015, Intel Corporation. All rights reserved.<BR>\r
+ Copyright (c) 2010 - 2017, Intel Corporation. All rights reserved.<BR>\r
\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
IKEV2_SA_SESSION *IkeSaSession;\r
\r
IkeSaSession = AllocateZeroPool (sizeof (IKEV2_SA_SESSION));\r
- ASSERT (IkeSaSession != NULL);\r
+ if (IkeSaSession == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Initialize the fields of IkeSaSession and its SessionCommon.\r
ChildSaSession->Signature = IKEV2_CHILD_SA_SESSION_SIGNATURE;\r
ChildSaSession->IkeSaSession = IkeSaSession;\r
ChildSaSession->MessageId = IkeSaSession->MessageId;\r
- ChildSaSession->LocalPeerSpi = IkeGenerateSpi ();\r
+\r
+ //\r
+ // Generate an new SPI.\r
+ //\r
+ Status = IkeGenerateSpi (IkeSaSession, &(ChildSaSession->LocalPeerSpi));\r
+ if (EFI_ERROR (Status)) {\r
+ FreePool (ChildSaSession);\r
+ return NULL;\r
+ }\r
+ \r
ChildSaCommon = &ChildSaSession->SessionCommon;\r
ChildSaCommon->UdpService = UdpService;\r
ChildSaCommon->Private = IkeSaSession->SessionCommon.Private;\r
\r
SelectorSize = sizeof (EFI_IPSEC_CONFIG_SELECTOR);\r
Selector = AllocateZeroPool (SelectorSize);\r
- ASSERT (Selector != NULL);\r
-\r
- \r
+ if (Selector == NULL) {\r
+ return EFI_OUT_OF_RESOURCES;\r
+ }\r
\r
while (1) {\r
Status = EfiIpSecConfigGetNextSelector (\r
FreePool (Selector);\r
\r
Selector = AllocateZeroPool (SelectorSize);\r
- ASSERT (Selector != NULL);\r
+ if (Selector == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ break;\r
+ }\r
+ \r
Status = EfiIpSecConfigGetNextSelector (\r
&Private->IpSecConfig,\r
IPsecConfigDataTypeSad,\r
//\r
IsRemoteFound = TRUE;\r
RemoteSelector = AllocateZeroPool (SelectorSize);\r
- ASSERT (RemoteSelector != NULL);\r
+ if (RemoteSelector == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ break;\r
+ }\r
+ \r
CopyMem (RemoteSelector, Selector, SelectorSize);\r
}\r
\r
//\r
IsLocalFound = TRUE;\r
LocalSelector = AllocateZeroPool (SelectorSize);\r
- ASSERT (LocalSelector != NULL);\r
+ if (LocalSelector == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ break;\r
+ }\r
+ \r
CopyMem (LocalSelector, Selector, SelectorSize);\r
}\r
}\r
ChildSaSession = IKEV2_CHILD_SA_SESSION_FROM_COMMON (SessionCommon);\r
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;\r
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));\r
- ASSERT (ProposalData->Spi != NULL);\r
+ if (ProposalData->Spi == NULL) {\r
+ FreePool (SaData);\r
+ return NULL;\r
+ }\r
+ \r
CopyMem (\r
ProposalData->Spi,\r
&ChildSaSession->LocalPeerSpi,\r
ProposalData->ProtocolId = IPSEC_PROTO_IPSEC_ESP;\r
ProposalData->NumTransforms = 3;\r
ProposalData->Spi = AllocateZeroPool (sizeof (ChildSaSession->LocalPeerSpi));\r
- ASSERT (ProposalData->Spi != NULL);\r
+ if (ProposalData->Spi == NULL) {\r
+ FreePool (((IKEV2_PROPOSAL_DATA *) (SaData + 1))->Spi);\r
+ FreePool (SaData);\r
+ return NULL;\r
+ }\r
+ \r
CopyMem (\r
ProposalData->Spi,\r
&ChildSaSession->LocalPeerSpi,\r
than the one in ChildSaSession->Spd, especially for the tunnel mode.\r
\r
@param[in, out] ChildSaSession Pointer to IKEV2_CHILD_SA_SESSION related to.\r
+\r
+ @retval EFI_SUCCESS The operation complete successfully.\r
+ @retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r
\r
**/\r
-VOID\r
+EFI_STATUS\r
Ikev2ChildSaSessionSpdSelectorCreate (\r
IN OUT IKEV2_CHILD_SA_SESSION *ChildSaSession\r
) \r
{\r
+ EFI_STATUS Status;\r
+\r
+ Status = EFI_SUCCESS;\r
+\r
if (ChildSaSession->Spd != NULL && ChildSaSession->Spd->Selector != NULL) {\r
if (ChildSaSession->SpdSelector == NULL) {\r
ChildSaSession->SpdSelector = AllocateZeroPool (sizeof (EFI_IPSEC_SPD_SELECTOR));\r
- ASSERT (ChildSaSession->SpdSelector != NULL);\r
+ if (ChildSaSession->SpdSelector == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ return Status;\r
+ }\r
}\r
CopyMem (\r
ChildSaSession->SpdSelector, \r
sizeof (EFI_IP_ADDRESS_INFO), \r
ChildSaSession->Spd->Selector->RemoteAddress\r
);\r
+ if (ChildSaSession->SpdSelector->RemoteAddress == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+\r
+ FreePool (ChildSaSession->SpdSelector);\r
+ \r
+ return Status;\r
+ }\r
+ \r
ChildSaSession->SpdSelector->LocalAddress = AllocateCopyPool (\r
ChildSaSession->Spd->Selector->LocalAddressCount * \r
sizeof (EFI_IP_ADDRESS_INFO), \r
ChildSaSession->Spd->Selector->LocalAddress\r
);\r
+ if (ChildSaSession->SpdSelector->LocalAddress == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+\r
+ FreePool (ChildSaSession->SpdSelector->RemoteAddress);\r
\r
- ASSERT (ChildSaSession->SpdSelector->LocalAddress != NULL);\r
- ASSERT (ChildSaSession->SpdSelector->RemoteAddress != NULL);\r
+ FreePool (ChildSaSession->SpdSelector);\r
+ \r
+ return Status;\r
+ }\r
\r
ChildSaSession->SpdSelector->RemoteAddressCount = ChildSaSession->Spd->Selector->RemoteAddressCount;\r
ChildSaSession->SpdSelector->LocalAddressCount = ChildSaSession->Spd->Selector->LocalAddressCount; \r
}\r
+\r
+ return Status;\r
}\r
\r
/**\r
// Create a new ChildSaSession.Insert it into processing list and initiate the common parameters.\r
//\r
ChildSaSession = Ikev2ChildSaSessionAlloc (UdpService, IkeSaSession);\r
- ASSERT (ChildSaSession != NULL);\r
+ if (ChildSaSession == NULL) {\r
+ return NULL;\r
+ }\r
\r
//\r
// Set the specific parameters.\r
// The ChildSaSession->SpdSelector might be changed after the traffic selector\r
// negoniation and it will be copied into the SAData after ChildSA established.\r
//\r
- Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession);\r
+ if (EFI_ERROR (Ikev2ChildSaSessionSpdSelectorCreate (ChildSaSession))) {\r
+ Ikev2ChildSaSessionFree (ChildSaSession);\r
+ return NULL;\r
+ }\r
\r
//\r
// Copy first NiBlock and NrBlock to ChildSa Session\r
//\r
ChildSaSession->NiBlock = AllocateZeroPool (IkeSaSession->NiBlkSize);\r
- ASSERT (ChildSaSession->NiBlock != NULL);\r
+ if (ChildSaSession->NiBlock == NULL) {\r
+ Ikev2ChildSaSessionFree (ChildSaSession);\r
+ return NULL;\r
+ }\r
+ \r
ChildSaSession->NiBlkSize = IkeSaSession->NiBlkSize;\r
CopyMem (ChildSaSession->NiBlock, IkeSaSession->NiBlock, IkeSaSession->NiBlkSize);\r
\r
ChildSaSession->NrBlock = AllocateZeroPool (IkeSaSession->NrBlkSize);\r
- ASSERT (ChildSaSession->NrBlock != NULL);\r
+ if (ChildSaSession->NrBlock == NULL) {\r
+ Ikev2ChildSaSessionFree (ChildSaSession);\r
+ return NULL;\r
+ }\r
+ \r
ChildSaSession->NrBlkSize = IkeSaSession->NrBlkSize;\r
CopyMem (ChildSaSession->NrBlock, IkeSaSession->NrBlock, IkeSaSession->NrBlkSize);\r
\r
// Find the matched one. \r
//\r
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));\r
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);\r
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {\r
+ return FALSE;\r
+ }\r
+ \r
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;\r
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;\r
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;\r
sizeof (IKEV2_PROPOSAL_DATA) +\r
sizeof (IKEV2_TRANSFORM_DATA) * 4;\r
IkeSaSession->SaData = AllocateZeroPool (SaDataSize);\r
- ASSERT (IkeSaSession->SaData != NULL);\r
+ if (IkeSaSession->SaData == NULL) {\r
+ FreePool (IkeSaSession->SessionCommon.SaParams);\r
+ return FALSE;\r
+ }\r
\r
IkeSaSession->SaData->NumProposals = 1;\r
\r
);\r
\r
((IKEV2_PROPOSAL_DATA *) (IkeSaSession->SaData + 1))->ProposalIndex = 1;\r
+ \r
return TRUE;\r
} else {\r
PreferEncryptAlgorithm = 0;\r
\r
if (IsMatch) {\r
IkeSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));\r
- ASSERT (IkeSaSession->SessionCommon.SaParams != NULL);\r
+ if (IkeSaSession->SessionCommon.SaParams == NULL) {\r
+ return FALSE;\r
+ }\r
+ \r
IkeSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;\r
IkeSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;\r
IkeSaSession->SessionCommon.SaParams->DhGroup = PreferDhGroup;\r
return TRUE;\r
}\r
}\r
+ \r
return FALSE;\r
}\r
\r
IntegrityAlgorithm = 0;\r
EncryptAlgorithm = 0;\r
EncryptKeylength = 0;\r
- IsMatch = TRUE;\r
+ IsMatch = FALSE;\r
IsSupportEsn = FALSE;\r
PreferIsSupportEsn = FALSE;\r
\r
// Find the matched one. \r
//\r
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));\r
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);\r
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {\r
+ return FALSE;\r
+ }\r
+ \r
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;\r
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;\r
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;\r
sizeof (IKEV2_TRANSFORM_DATA) * 4;\r
\r
ChildSaSession->SaData = AllocateZeroPool (SaDataSize);\r
- ASSERT (ChildSaSession->SaData != NULL);\r
+ if (ChildSaSession->SaData == NULL) {\r
+ FreePool (ChildSaSession->SessionCommon.SaParams);\r
+ return FALSE;\r
+ }\r
\r
ChildSaSession->SaData->NumProposals = 1;\r
\r
sizeof (ChildSaSession->LocalPeerSpi), \r
&ChildSaSession->LocalPeerSpi\r
);\r
- ASSERT (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi != NULL);\r
+ if (((IKEV2_PROPOSAL_DATA *) (ChildSaSession->SaData + 1))->Spi == NULL) {\r
+ FreePool (ChildSaSession->SessionCommon.SaParams);\r
+\r
+ FreePool (ChildSaSession->SaData );\r
+ \r
+ return FALSE;\r
+ }\r
+ \r
return TRUE;\r
\r
} else {\r
ProposalData = (IKEV2_PROPOSAL_DATA *)((IKEV2_SA_DATA *)SaPayload->PayloadBuf + 1);\r
if (IsMatch) {\r
ChildSaSession->SessionCommon.SaParams = AllocateZeroPool (sizeof (IKEV2_SA_PARAMS));\r
- ASSERT (ChildSaSession->SessionCommon.SaParams != NULL);\r
+ if (ChildSaSession->SessionCommon.SaParams == NULL) {\r
+ return FALSE;\r
+ }\r
+ \r
ChildSaSession->SessionCommon.SaParams->EncAlgId = PreferEncryptAlgorithm;\r
ChildSaSession->SessionCommon.SaParams->EnckeyLen = PreferEncryptKeylength;\r
ChildSaSession->SessionCommon.SaParams->IntegAlgId = PreferIntegrityAlgorithm;\r
\r
@retval EFI_SUCCESS The operation complete successfully.\r
@retval EFI_INVALID_PARAMETER If NumFragments is zero.\r
+ If the authentication algorithm given by HashAlgId\r
+ cannot be found.\r
@retval EFI_OUT_OF_RESOURCES If the required resource can't be allocated.\r
@retval Others The operation is failed.\r
\r
LocalFragments[2].Data = NULL;\r
\r
AuthKeyLength = IpSecGetHmacDigestLength (HashAlgId);\r
+ if (AuthKeyLength == 0) {\r
+ return EFI_INVALID_PARAMETER;\r
+ }\r
+\r
DigestSize = AuthKeyLength;\r
Digest = AllocateZeroPool (AuthKeyLength);\r
\r
}\r
\r
LocalFragments[1].Data = AllocateZeroPool (FragmentsSize);\r
- ASSERT (LocalFragments[1].Data != NULL);\r
+ if (LocalFragments[1].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+ \r
LocalFragments[1].DataSize = FragmentsSize;\r
\r
//\r
// Allocate buffer for the first fragment\r
//\r
LocalFragments[0].Data = AllocateZeroPool (AuthKeyLength);\r
- ASSERT (LocalFragments[0].Data != NULL);\r
+ if (LocalFragments[0].Data == NULL) {\r
+ Status = EFI_OUT_OF_RESOURCES;\r
+ goto Exit;\r
+ }\r
+ \r
LocalFragments[0].DataSize = AuthKeyLength;\r
\r
Round = (OutputKeyLength - 1) / AuthKeyLength + 1;\r