From 288ee5487513089177fb1f98e3ac30735cb216dc Mon Sep 17 00:00:00 2001
From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Wed, 31 Aug 2016 16:12:47 +0200
Subject: [PATCH] libimcv: No need to load AIK pubkey if AIK certificate is
 available

---
 src/libimcv/pts/pts.c | 29 ++++++++++++++++-------------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/src/libimcv/pts/pts.c b/src/libimcv/pts/pts.c
index 2ba949e40..906cfa7a0 100644
--- a/src/libimcv/pts/pts.c
+++ b/src/libimcv/pts/pts.c
@@ -388,26 +388,29 @@ static void load_aik(private_pts_t *this)
 			DBG1(DBG_PTS, "AIK Blob is not available");
 		}
 
-		/* get AIK public key */
-		if (key_path)
+		/* get AIK public key if no AIK certificate is available */
+		if (!this->aik_cert)
 		{
-			map = chunk_map(key_path, FALSE);
-			if (map)
+			if (key_path)
 			{
-				DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
-				aik_pubkey = chunk_clone(*map);
-				chunk_unmap(map);
+				map = chunk_map(key_path, FALSE);
+				if (map)
+				{
+					DBG2(DBG_PTS, "loaded AIK public key from '%s'", key_path);
+					aik_pubkey = chunk_clone(*map);
+					chunk_unmap(map);
+				}
+				else
+				{
+					DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
+								   key_path, strerror(errno));
+				}
 			}
 			else
 			{
-				DBG1(DBG_PTS, "unable to map AIK public key file '%s': %s",
-							   key_path, strerror(errno));
+				DBG1(DBG_PTS, "AIK public key is not available");
 			}
 		}
-		else
-		{
-			DBG1(DBG_PTS, "AIK public key is not available");
-		}
 
 		/* Load AIK item into TPM 1.2 object */
 		tpm_12 = (tpm_tss_trousers_t *)this->tpm;