FAPI: Fix usage of external PEM keys for PolicyAuthorize.

* PolicyAuthorize with an external imported PEM key did not work if the default nameAlg for the imported key (sha1) was not equal to the default nameAlg in the current fapi profile. The nameAlg from the profile is now used for the imported key. * To prevent a possible double free after cleanup of a policy the NULL pointer is set for the reference to this policy. Signed-off-by: Juergen Repp <juergen_repp@web.de>
JuergenReppSIT · Jun 2, 2024 · ea2337f · ea2337f
1 parent e625875
commit ea2337f
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 1 deletion.
diff --git a/src/tss2-fapi/api/Fapi_Import.c b/src/tss2-fapi/api/Fapi_Import.c
@@ -204,6 +204,8 @@ Fapi_Import_Async(
                                             &extPubKey->public);
         goto_if_error(r, "Convert PEM public key into TPM public key.", cleanup_error);
 
+        extPubKey->public.publicArea.nameAlg = context->profiles.default_profile.nameAlg;
+
         command->new_object = *object;
         if (strncmp("/", path, 1) == 0)
             pos = 1;

diff --git a/src/tss2-fapi/ifapi_policy_callbacks.c b/src/tss2-fapi/ifapi_policy_callbacks.c
@@ -1470,8 +1470,10 @@ ifapi_exec_auth_policy(
 cleanup:
     SAFE_FREE(names);
     /* Check whether cleanup was executed. */
-    if (fapi_ctx->policy.policyutil_stack)
+    if (fapi_ctx->policy.policyutil_stack) {
         cleanup_policy_list(current_policy->policy_list);
+        current_policy->policy_list = NULL;
+    }
     return r;
 }