Import upstream version 5.1.3

7 files changed, 29 insertions, 7 deletions

diff --git a/src/libpts/plugins/imc_attestation/Makefile.in b/src/libpts/plugins/imc_attestation/Makefile.in
index 7a539ef22..dd347d2d8 100644
--- a/src/libpts/plugins/imc_attestation/Makefile.in
+++ b/src/libpts/plugins/imc_attestation/Makefile.in
@@ -372,7 +372,6 @@ nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
 pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
diff --git a/src/libpts/plugins/imc_attestation/imc_attestation.c b/src/libpts/plugins/imc_attestation/imc_attestation.c
index 467b998c8..c71b21666 100644
--- a/src/libpts/plugins/imc_attestation/imc_attestation.c
+++ b/src/libpts/plugins/imc_attestation/imc_attestation.c
@@ -66,6 +66,8 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 							  TNC_Version max_version,
 							  TNC_Version *actual_version)
 {
+	bool mandatory_dh_groups;
+
 	if (imc_attestation)
 	{
 		DBG1(DBG_IMC, "IMC \"%s\" has already been initialized", imc_name);
@@ -78,8 +80,11 @@ TNC_Result TNC_IMC_Initialize(TNC_IMCID imc_id,
 		return TNC_RESULT_FATAL;
 	}
 
+	mandatory_dh_groups = lib->settings->get_bool(lib->settings,
+			"%s.plugins.imc-attestation.mandatory_dh_groups", TRUE, lib->ns);
+
 	if (!pts_meas_algo_probe(&supported_algorithms) ||
-		!pts_dh_group_probe(&supported_dh_groups))
+		!pts_dh_group_probe(&supported_dh_groups, mandatory_dh_groups))
 	{
 		imc_attestation->destroy(imc_attestation);
 		imc_attestation = NULL;
diff --git a/src/libpts/plugins/imc_swid/Makefile.in b/src/libpts/plugins/imc_swid/Makefile.in
index e1c932e45..58402636f 100644
--- a/src/libpts/plugins/imc_swid/Makefile.in
+++ b/src/libpts/plugins/imc_swid/Makefile.in
@@ -372,7 +372,6 @@ nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
 pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
diff --git a/src/libpts/plugins/imv_attestation/Makefile.in b/src/libpts/plugins/imv_attestation/Makefile.in
index c1c14d476..ff94363bf 100644
--- a/src/libpts/plugins/imv_attestation/Makefile.in
+++ b/src/libpts/plugins/imv_attestation/Makefile.in
@@ -382,7 +382,6 @@ nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
 pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@
diff --git a/src/libpts/plugins/imv_attestation/attest.c b/src/libpts/plugins/imv_attestation/attest.c
index b8a6854cb..8f4df39e7 100644
--- a/src/libpts/plugins/imv_attestation/attest.c
+++ b/src/libpts/plugins/imv_attestation/attest.c
@@ -278,12 +278,14 @@ static void do_args(int argc, char *argv[])
 						exit(EXIT_FAILURE);
 					}
 				}
-				free(file);
 				free(dir);
+
 				if (!attest->set_file(attest, file, op == OP_ADD))
 				{
+					free(file);
 					exit(EXIT_FAILURE);
 				}
+				free(file);
 				continue;
 			}
 			case 'G':
diff --git a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
index e8c3c5e40..ae2660bae 100644
--- a/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
+++ b/src/libpts/plugins/imv_attestation/imv_attestation_agent.c
@@ -482,6 +482,22 @@ METHOD(imv_agent_if_t, batch_ending, TNC_Result,
 							}
 						}
 
+						/* do TPM TRUSTED BOOT measurements */
+						if (strchr(workitem->get_arg_str(workitem), 'T'))
+						{
+							comp_name = pts_comp_func_name_create(PEN_ITA,
+											 PTS_ITA_COMP_FUNC_NAME_TBOOT,
+											PTS_ITA_QUALIFIER_FLAG_KERNEL |
+											PTS_ITA_QUALIFIER_TYPE_TRUSTED);
+							comp = attestation_state->create_component(
+											attestation_state, comp_name,
+											0, this->pts_db);
+							if (!comp)
+							{
+								comp_name->log(comp_name, "unregistered ");
+								comp_name->destroy(comp_name);
+							}
+						}
 						attestation_state->set_handshake_state(attestation_state,
 											IMV_ATTESTATION_STATE_NONCE_REQ);
 						continue;
@@ -706,6 +722,7 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
 	private_imv_attestation_agent_t *this;
 	imv_agent_t *agent;
 	char *hash_alg, *dh_group, *cadir;
+	bool mandatory_dh_groups;
 
 	agent = imv_agent_create(name, msg_types, countof(msg_types), id,
 							 actual_version);
@@ -718,6 +735,8 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
 				"%s.plugins.imv-attestation.hash_algorithm", "sha256", lib->ns);
 	dh_group = lib->settings->get_str(lib->settings,
 				"%s.plugins.imv-attestation.dh_group", "ecp256", lib->ns);
+	mandatory_dh_groups = lib->settings->get_bool(lib->settings,
+				"%s.plugins.imv-attestation.mandatory_dh_groups", TRUE, lib->ns);
 	cadir = lib->settings->get_str(lib->settings,
 				"%s.plugins.imv-attestation.cadir", NULL, lib->ns);
 
@@ -742,7 +761,7 @@ imv_agent_if_t *imv_attestation_agent_create(const char *name, TNC_IMVID id,
 	libpts_init();
 
 	if (!pts_meas_algo_probe(&this->supported_algorithms) ||
-		!pts_dh_group_probe(&this->supported_dh_groups) ||
+		!pts_dh_group_probe(&this->supported_dh_groups, mandatory_dh_groups) ||
 		!pts_meas_algo_update(hash_alg, &this->supported_algorithms) ||
 		!pts_dh_group_update(dh_group, &this->supported_dh_groups))
 	{
diff --git a/src/libpts/plugins/imv_swid/Makefile.in b/src/libpts/plugins/imv_swid/Makefile.in
index b92f7d4d0..f9bd93ce0 100644
--- a/src/libpts/plugins/imv_swid/Makefile.in
+++ b/src/libpts/plugins/imv_swid/Makefile.in
@@ -370,7 +370,6 @@ nm_LIBS = @nm_LIBS@
 nm_ca_dir = @nm_ca_dir@
 nm_plugins = @nm_plugins@
 oldincludedir = @oldincludedir@
-openac_plugins = @openac_plugins@
 pcsclite_CFLAGS = @pcsclite_CFLAGS@
 pcsclite_LIBS = @pcsclite_LIBS@
 pdfdir = @pdfdir@