Import upstream version 5.1.3

4 files changed, 30 insertions, 18 deletions

diff --git a/src/libpts/pts/pts.c b/src/libpts/pts/pts.c
index 8699282f0..3ab9b92e6 100644
--- a/src/libpts/pts/pts.c
+++ b/src/libpts/pts/pts.c
@@ -393,7 +393,7 @@ static void load_aik_blob(private_pts_t *this)
 		fseek(fp, 0L, SEEK_SET);
 
 		this->aik_blob = chunk_alloc(aikBlobLen);
-		if (fread(this->aik_blob.ptr, 1, aikBlobLen, fp))
+		if (fread(this->aik_blob.ptr, 1, aikBlobLen, fp) == aikBlobLen)
 		{
 			DBG2(DBG_PTS, "loaded AIK Blob from '%s'", blob_path);
 			DBG3(DBG_PTS, "AIK Blob: %B", &this->aik_blob);
@@ -401,6 +401,7 @@ static void load_aik_blob(private_pts_t *this)
 		else
 		{
 			DBG1(DBG_PTS, "unable to read AIK Blob file '%s'", blob_path);
+			chunk_free(&this->aik_blob);
 		}
 		fclose(fp);
 		return;
diff --git a/src/libpts/pts/pts_database.c b/src/libpts/pts/pts_database.c
index 07e8ae1da..fda644a6a 100644
--- a/src/libpts/pts/pts_database.c
+++ b/src/libpts/pts/pts_database.c
@@ -280,20 +280,17 @@ METHOD(pts_database_t, check_file_measurement, status_t,
 				DB_TEXT, dir, DB_INT);
 		if (!e)
 		{
-			free(file);
-			free(dir);
-			return FAILED;
+			status = FAILED;
+			goto err;
 		}
 		dir_found = e->enumerate(e, &did);
 		e->destroy(e);
 
 		if (!dir_found)
 		{
-			free(file);
-			free(dir);
-			return NOT_FOUND;
+			status = NOT_FOUND;
+			goto err;
 		}
-
 		e = this->db->query(this->db,
 				"SELECT fh.hash FROM file_hashes AS fh "
 				"JOIN files AS f ON f.id = fh.file "
@@ -302,12 +299,10 @@ METHOD(pts_database_t, check_file_measurement, status_t,
 				DB_TEXT, product, DB_INT, did, DB_TEXT, file, DB_INT, algo,
 				DB_BLOB);
 	}
-	free(file);
-	free(dir);
-
 	if (!e)
 	{
-		return FAILED;
+		status = FAILED;
+		goto err;
 	}
 	while (e->enumerate(e, &hash))
 	{
@@ -324,6 +319,10 @@ METHOD(pts_database_t, check_file_measurement, status_t,
 	}
 	e->destroy(e);
 
+err:
+	free(file);
+	free(dir);
+
 	return status;
 }
 
diff --git a/src/libpts/pts/pts_dh_group.c b/src/libpts/pts/pts_dh_group.c
index 41a436036..305b4ec4f 100644
--- a/src/libpts/pts/pts_dh_group.c
+++ b/src/libpts/pts/pts_dh_group.c
@@ -20,7 +20,7 @@
 /**
  * Described in header.
  */
-bool pts_dh_group_probe(pts_dh_group_t *dh_groups)
+bool pts_dh_group_probe(pts_dh_group_t *dh_groups, bool mandatory_dh_groups)
 {
 	enumerator_t *enumerator;
 	diffie_hellman_group_t dh_group;
@@ -68,14 +68,23 @@ bool pts_dh_group_probe(pts_dh_group_t *dh_groups)
 
 	if (*dh_groups & PTS_DH_GROUP_IKE19)
 	{
+		/* mandatory PTS DH group is available */
 		return TRUE;
 	}
-	else
+	if (*dh_groups == PTS_DH_GROUP_NONE)
+	{
+		DBG1(DBG_PTS, "no PTS DH group available");
+		return FALSE;
+	}
+	if (mandatory_dh_groups)
 	{
 		DBG1(DBG_PTS, format2, "mandatory", diffie_hellman_group_names,
 											ECP_256_BIT);
+		return FALSE;
 	}
-	return FALSE;
+
+	/* at least one optional PTS DH group is available */
+	return TRUE;
 }
 
 /**
diff --git a/src/libpts/pts/pts_dh_group.h b/src/libpts/pts/pts_dh_group.h
index 2aab90263..f5d951e9a 100644
--- a/src/libpts/pts/pts_dh_group.h
+++ b/src/libpts/pts/pts_dh_group.h
@@ -59,10 +59,13 @@ enum pts_dh_group_t {
 /**
  * Probe available PTS Diffie-Hellman groups
  *
- * @param dh_groups			returns set of available DH groups
- * @return					TRUE if mandatory DH groups are available
+ * @param dh_groups				returns set of available DH groups
+ * @param mandatory_dh_groups	if TRUE enforce mandatory PTS DH groups
+ * @return						TRUE if mandatory DH groups are available
+ *								or at least one optional DH group if 
+ *								mandatory_dh_groups is set to FALSE.
  */
-bool pts_dh_group_probe(pts_dh_group_t *dh_groups);
+bool pts_dh_group_probe(pts_dh_group_t *dh_groups, bool mandatory_dh_groups);
 
 /**
  * Update supported Diffie-Hellman groups according to configuration