FAPI: Fix usage of external PEM keys for PolicyAuthorize.

* PolicyAuthorize with an external imported PEM key did not work if
  the default nameAlg for the imported key (sha1) was not equal to
  the default nameAlg in the current fapi profile.
  The nameAlg from the profile is now used for the imported key.
* To prevent a possible double free after cleanup of a policy
  the NULL pointer is set for the reference to this policy.

Signed-off-by: Juergen Repp <juergen_repp@web.de>

src/tss2-fapi/api/Fapi_Import.c

@@ -204,6 +204,8 @@ Fapi_Import_Async(
                                             &extPubKey->public);
         goto_if_error(r, "Convert PEM public key into TPM public key.", cleanup_error);
 
+        extPubKey->public.publicArea.nameAlg = context->profiles.default_profile.nameAlg;
+
         command->new_object = *object;
         if (strncmp("/", path, 1) == 0)
             pos = 1;

src/tss2-fapi/fapi_crypto.c

@@ -134,7 +134,7 @@ static const TPM2B_PUBLIC templateRsaSign = {
     .size = 0,
     .publicArea = {
         .type = TPM2_ALG_RSA,
-        .nameAlg = TPM2_ALG_SHA1,
+        .nameAlg = TPM2_ALG_SHA256,
         .objectAttributes = ( TPMA_OBJECT_SIGN_ENCRYPT ),
         .authPolicy = {
             .size = 0,
@@ -165,7 +165,7 @@ static const TPM2B_PUBLIC templateEccSign = {
     .size = 0,
     .publicArea = {
         .type = TPM2_ALG_ECC,
-        .nameAlg = TPM2_ALG_SHA1,
+        .nameAlg = TPM2_ALG_SHA256,
         .objectAttributes = ( TPMA_OBJECT_SIGN_ENCRYPT ),
         .authPolicy = {
             .size = 0,

src/tss2-fapi/ifapi_policy_callbacks.c

@@ -1470,8 +1470,10 @@ ifapi_exec_auth_policy(
 cleanup:
     SAFE_FREE(names);
     /* Check whether cleanup was executed. */
-    if (fapi_ctx->policy.policyutil_stack)
+    if (fapi_ctx->policy.policyutil_stack) {
         cleanup_policy_list(current_policy->policy_list);
+        current_policy->policy_list = NULL;
+    }
     return r;
 }