Skip to content

tpm2-provider-cipher: Fix potential allocator–deallocator inconsistency for IV buffers#168

Merged
gotthardp merged 2 commits intomasterfrom
cleanse
Mar 8, 2026
Merged

tpm2-provider-cipher: Fix potential allocator–deallocator inconsistency for IV buffers#168
gotthardp merged 2 commits intomasterfrom
cleanse

Conversation

@gotthardp
Copy link
Copy Markdown
Contributor

@gotthardp gotthardp commented Mar 8, 2026

Alternative solution to #163.

gotthardp and others added 2 commits March 8, 2026 16:56
@gotthardp
add cleanse_free for sensitive buffer deallocation
7ec301c
@gotthardp @hyperfinitism
fix(cipher): resolve allocator inconsistency for IV buffers
034bb41 
In tpm2-provider-cipher, cctx->ivector is allocated using OPENSSL_zalloc
and deallocated using OPENSSL_clear_free().

During tpm2_cipher_process_buffer/update_stream(), the IV buffer
cctx->ivector will be replaced with the IV buffer ivector allocated in
encrypt_decrypt(); this may happen (de)allocator inconsistency.

tpm2-tss uses the standard malloc/free(), while OpenSSL uses the
OPENSSL_malloc/free(); the latter may use custom (de)allocator set via
CRYPTO_set_mem_functions().

This commit resolves this potential malloc/free inconsistency.

Co-authored-by: Takuma IMAMURA <209989118+hyperfinitism@users.noreply.github.com>
Co-authored-by: Petr Gotthard <petr.gotthard@centrum.cz>
This was referenced Mar 8, 2026
Closed
Merged
@gotthardp gotthardp merged commit 11a5d71 into master Mar 8, 2026
10 of 13 checks passed
@gotthardp gotthardp deleted the cleanse branch April 11, 2026 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@gotthardp