fix(cipher): resolve allocator inconsistency for IV buffers

gotthardp · hyperfinitism · gotthardp · commit 034bb41e14fe · 2026-03-08T16:58:21.000+01:00
In tpm2-provider-cipher, cctx-&gt;ivector is allocated using OPENSSL_zalloc
and deallocated using OPENSSL_clear_free().

During tpm2_cipher_process_buffer/update_stream(), the IV buffer
cctx-&gt;ivector will be replaced with the IV buffer ivector allocated in
encrypt_decrypt(); this may happen (de)allocator inconsistency.

tpm2-tss uses the standard malloc/free(), while OpenSSL uses the
OPENSSL_malloc/free(); the latter may use custom (de)allocator set via
CRYPTO_set_mem_functions().

This commit resolves this potential malloc/free inconsistency.

Co-authored-by: Takuma IMAMURA &lt;209989118+hyperfinitism@users.noreply.github.com&gt;
Co-authored-by: Petr Gotthard &lt;petr.gotthard@centrum.cz&gt;
diff --git a/src/tpm2-provider-cipher.c b/src/tpm2-provider-cipher.c
@@ -10,6 +10,7 @@
 #include <tss2/tss2_mu.h>
 
 #include "tpm2-provider-pkey.h"
+#include "tpm2-provider-types.h"
 
 typedef struct tpm2_cipher_ctx_st TPM2_CIPHER_CTX;
 
@@ -54,7 +55,7 @@ tpm2_cipher_all_newctx(void *provctx,
     cctx->algorithm = algdef;
     cctx->block_size = block_bits/8;
     cctx->padding = 1;
-    cctx->ivector = OPENSSL_zalloc(sizeof(TPM2B_IV));
+    cctx->ivector = calloc(1, sizeof(TPM2B_IV));
     if (cctx->ivector == NULL) {
         OPENSSL_clear_free(cctx, sizeof(TPM2_CIPHER_CTX));
         return NULL;
@@ -90,7 +91,7 @@ tpm2_cipher_freectx(void *ctx)
         return;
 
     tpm2_esys_flush_context(cctx->esys_lock, cctx->esys_ctx, cctx->object);
-    OPENSSL_clear_free(cctx->ivector, sizeof(TPM2B_IV));
+    cleanse_free(cctx->ivector, sizeof(TPM2B_IV));
 
     OPENSSL_clear_free(cctx, sizeof(TPM2_CIPHER_CTX));
 }
@@ -259,7 +260,7 @@ tpm2_cipher_process_buffer(TPM2_CIPHER_CTX *cctx, int padded,
     r = encrypt_decrypt(cctx, &outbuff, &ivector);
     TPM2_CHECK_RC(cctx->core, r, TPM2_ERR_CANNOT_ENCRYPT, return 0);
 
-    OPENSSL_clear_free(cctx->ivector, sizeof(TPM2B_IV));
+    cleanse_free(cctx->ivector, sizeof(TPM2B_IV));
     cctx->ivector = ivector;
 
     cctx->buffer.size = 0;
@@ -388,7 +389,7 @@ tpm2_cipher_update_stream(void *ctx,
         r = encrypt_decrypt(cctx, &outbuff, &ivector);
         TPM2_CHECK_RC(cctx->core, r, TPM2_ERR_CANNOT_ENCRYPT, return 0);
 
-        OPENSSL_clear_free(cctx->ivector, sizeof(TPM2B_IV));
+        cleanse_free(cctx->ivector, sizeof(TPM2B_IV));
         cctx->ivector = ivector;
 
         if (outbuff->size < consume
