SYS/ESYS/FAPI: wipe sensitive data using secure_mem_zero

JuergenReppSIT · JuergenReppSIT · commit 63646bf5d915 · 2026-04-14T09:13:49.000+02:00
Update functions handling sensitive data to use secure_mem_zero instead of regular memory clearing. This ensures that buffers containing secrets are reliably overwritten and not subject to compiler optimizations. Addresses: #2994 Signed-off-by: Juergen Repp <juergen_repp@web.de>
diff --git a/src/tss2-esys/api/Esys_Create.c b/src/tss2-esys/api/Esys_Create.c
@@ -202,22 +202,22 @@ Esys_Create_Async(ESYS_CONTEXT                 *esysContext,
         r = iesys_adapt_auth_value(&esysContext->crypto_backend,
                                    &esysContext->in.Create.inSensitive->sensitive.userAuth,
                                    inPublic->publicArea.nameAlg);
-        return_state_if_error(r, ESYS_STATE_INIT, "Adapt auth value.");
+        goto_state_if_error(r, ESYS_STATE_INIT, "Adapt auth value.", error_cleanup);
     }
 
     /* Retrieve the metadata objects for provided handles */
     r = esys_GetResourceObject(esysContext, parentHandle, &parentHandleNode);
-    return_state_if_error(r, ESYS_STATE_INIT, "parentHandle unknown.");
+    goto_state_if_error(r, ESYS_STATE_INIT, "parentHandle unknown.", error_cleanup);
 
     /* Initial invocation of SAPI to prepare the command buffer with parameters */
     r = Tss2_Sys_Create_Prepare(
         esysContext->sys, (parentHandleNode == NULL) ? TPM2_RH_NULL : parentHandleNode->rsrc.handle,
         esysContext->in.Create.inSensitive, inPublic, outsideInfo, creationPCR);
-    return_state_if_error(r, ESYS_STATE_INIT, "SAPI Prepare returned error.");
+    goto_state_if_error(r, ESYS_STATE_INIT, "SAPI Prepare returned error.", error_cleanup);
 
     /* Calculate the cpHash Values */
     r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
-    return_state_if_error(r, ESYS_STATE_INIT, "Initialize session resources");
+    goto_state_if_error(r, ESYS_STATE_INIT, "Initialize session resources", error_cleanup);
 
     if (parentHandleNode != NULL)
         iesys_compute_session_value(esysContext->session_tab[0], &parentHandleNode->rsrc.name,
@@ -230,7 +230,7 @@ Esys_Create_Async(ESYS_CONTEXT                 *esysContext,
 
     /* Generate the auth values and set them in the SAPI command buffer */
     r = iesys_gen_auths(esysContext, parentHandleNode, NULL, NULL, &auths);
-    return_state_if_error(r, ESYS_STATE_INIT, "Error in computation of auth values");
+    goto_state_if_error(r, ESYS_STATE_INIT, "Error in computation of auth values", error_cleanup);
 
     esysContext->authsCount = auths.count;
     if (auths.count > 0) {
@@ -240,11 +240,16 @@ Esys_Create_Async(ESYS_CONTEXT                 *esysContext,
 
     /* Trigger execution and finish the async invocation */
     r = Tss2_Sys_ExecuteAsync(esysContext->sys);
-    return_state_if_error(r, ESYS_STATE_INTERNALERROR, "Finish (Execute Async)");
+    goto_state_if_error(r, ESYS_STATE_INTERNALERROR, "Finish (Execute Async)", error_cleanup);
 
     esysContext->state = ESYS_STATE_SENT;
 
     return r;
+
+error_cleanup:
+    secure_mem_zero((void *)&esysContext->in.Create.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
+    return r;
 }
 
 /** Asynchronous finish function for TPM2_Create
@@ -409,11 +414,16 @@ Esys_Create_Finish(ESYS_CONTEXT         *esysContext,
     goto_state_if_error(r, ESYS_STATE_INTERNALERROR, "Received error from SAPI unmarshaling",
                         error_cleanup);
 
+    secure_mem_zero((void *)&esysContext->in.Create.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
+
     esysContext->state = ESYS_STATE_INIT;
 
     return TSS2_RC_SUCCESS;
 
 error_cleanup:
+    secure_mem_zero((void *)&esysContext->in.Create.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
     if (outPrivate != NULL)
         SAFE_FREE(*outPrivate);
     if (outPublic != NULL)
diff --git a/src/tss2-esys/api/Esys_CreatePrimary.c b/src/tss2-esys/api/Esys_CreatePrimary.c
@@ -204,23 +204,23 @@ Esys_CreatePrimary_Async(ESYS_CONTEXT                 *esysContext,
         r = iesys_adapt_auth_value(&esysContext->crypto_backend,
                                    &esysContext->in.CreatePrimary.inSensitive->sensitive.userAuth,
                                    inPublic->publicArea.nameAlg);
-        return_state_if_error(r, ESYS_STATE_INIT, "Adapt auth value.");
+        goto_state_if_error(r, ESYS_STATE_INIT, "Adapt auth value.", error_cleanup);
     }
 
     /* Retrieve the metadata objects for provided handles */
     r = esys_GetResourceObject(esysContext, primaryHandle, &primaryHandleNode);
-    return_state_if_error(r, ESYS_STATE_INIT, "primaryHandle unknown.");
+    goto_state_if_error(r, ESYS_STATE_INIT, "primaryHandle unknown.", error_cleanup);
 
     /* Initial invocation of SAPI to prepare the command buffer with parameters */
     r = Tss2_Sys_CreatePrimary_Prepare(
         esysContext->sys,
         (primaryHandleNode == NULL) ? TPM2_RH_NULL : primaryHandleNode->rsrc.handle,
         esysContext->in.CreatePrimary.inSensitive, inPublic, outsideInfo, creationPCR);
-    return_state_if_error(r, ESYS_STATE_INIT, "SAPI Prepare returned error.");
+    goto_state_if_error(r, ESYS_STATE_INIT, "SAPI Prepare returned error.", error_cleanup);
 
     /* Calculate the cpHash Values */
     r = init_session_tab(esysContext, shandle1, shandle2, shandle3);
-    return_state_if_error(r, ESYS_STATE_INIT, "Initialize session resources");
+    goto_state_if_error(r, ESYS_STATE_INIT, "Initialize session resources", error_cleanup);
     if (primaryHandleNode != NULL)
         iesys_compute_session_value(esysContext->session_tab[0], &primaryHandleNode->rsrc.name,
                                     &primaryHandleNode->auth);
@@ -232,12 +232,12 @@ Esys_CreatePrimary_Async(ESYS_CONTEXT                 *esysContext,
 
     /* Generate the auth values and set them in the SAPI command buffer */
     r = iesys_gen_auths(esysContext, primaryHandleNode, NULL, NULL, &auths);
-    return_state_if_error(r, ESYS_STATE_INIT, "Error in computation of auth values");
+    goto_state_if_error(r, ESYS_STATE_INIT, "Error in computation of auth values", error_cleanup);
 
     esysContext->authsCount = auths.count;
     if (auths.count > 0) {
         r = Tss2_Sys_SetCmdAuths(esysContext->sys, &auths);
-        return_state_if_error(r, ESYS_STATE_INIT, "SAPI error on SetCmdAuths");
+        goto_state_if_error(r, ESYS_STATE_INIT, "SAPI error on SetCmdAuths", error_cleanup);
     }
 
     /* Trigger execution and finish the async invocation */
@@ -247,6 +247,12 @@ Esys_CreatePrimary_Async(ESYS_CONTEXT                 *esysContext,
     esysContext->state = ESYS_STATE_SENT;
 
     return r;
+
+error_cleanup:
+    secure_mem_zero((void *)&esysContext->in.CreatePrimary.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
+
+    return r;
 }
 
 /** Asynchronous finish function for TPM2_CreatePrimary
@@ -368,19 +374,19 @@ Esys_CreatePrimary_Finish(ESYS_CONTEXT         *esysContext,
         if (esysContext->submissionCount++ >= ESYS_MAX_SUBMISSIONS) {
             LOG_WARNING("Maximum number of (re)submissions has been reached.");
             esysContext->state = ESYS_STATE_INIT;
-            goto error_cleanup;
+            goto cleanup;
         }
         esysContext->state = ESYS_STATE_RESUBMISSION;
         r = Tss2_Sys_ExecuteAsync(esysContext->sys);
         if (r != TSS2_RC_SUCCESS) {
             LOG_WARNING("Error attempting to resubmit");
             /* We do not set esysContext->state here but inherit the most recent
              * state of the _async function. */
-            goto error_cleanup;
+            goto cleanup;
         }
         r = TSS2_ESYS_RC_TRY_AGAIN;
         LOG_DEBUG("Resubmission initiated and returning RC_TRY_AGAIN.");
-        goto error_cleanup;
+        goto cleanup;
     }
     /* The following is the "regular error" handling. */
     if (iesys_tpm_error(r)) {
@@ -426,11 +432,16 @@ Esys_CreatePrimary_Finish(ESYS_CONTEXT         *esysContext,
     else
         SAFE_FREE(loutPublic);
 
+    secure_mem_zero((void *)&esysContext->in.CreatePrimary.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
     esysContext->state = ESYS_STATE_INIT;
 
     return TSS2_RC_SUCCESS;
 
 error_cleanup:
+    secure_mem_zero((void *)&esysContext->in.CreatePrimary.inSensitiveData,
+                    sizeof(TPM2B_SENSITIVE_CREATE));
+cleanup:
     Esys_TR_Close(esysContext, objectHandle);
     SAFE_FREE(loutPublic);
     if (creationData != NULL)
diff --git a/src/tss2-esys/api/Esys_StartAuthSession.c b/src/tss2-esys/api/Esys_StartAuthSession.c
@@ -462,6 +462,7 @@ Esys_StartAuthSession_Finish(ESYS_CONTEXT *esysContext, ESYS_TR *sessionHandle)
                 secret_size, "ATH", &lnonceTPM, esysContext->in.StartAuthSession.nonceCaller,
                 authHash_size * 8, NULL,
                 &sessionHandleNode->rsrc.misc.rsrc_session.sessionKey.buffer[0], FALSE);
+            secure_mem_zero(secret, secret_size);
             free(secret);
             return_if_error(r, "Error in KDFa computation.");
 
diff --git a/src/tss2-esys/esys_iutil.c b/src/tss2-esys/esys_iutil.c
@@ -3,6 +3,7 @@
  * Copyright 2017-2018, Fraunhofer SIT sponsored by Infineon Technologies AG
  * All rights reserved.
  ******************************************************************************/
+#include "util/aux_util.h"
 #ifdef HAVE_CONFIG_H
 #include "config.h" // IWYU pragma: keep
 #endif
@@ -13,10 +14,11 @@
 #include "esys_crypto.h" // for iesys_crypto_hash_get_digest_size, iesys_cr...
 #include "esys_int.h"    // for RSRC_NODE_T, ESYS_CONTEXT, _ESYS_STATE_INIT
 #include "esys_iutil.h"
-#include "esys_mu.h"    // for FALSE
-#include "esys_types.h" // for IESYS_SESSION, IESYS_RESOURCE, IESYS_RSRC_U...
-#include "tss2_esys.h"  // for ESYS_CONTEXT, ESYS_TR, ESYS_TR_NONE, ESYS_C...
-#include "tss2_mu.h"    // for Tss2_MU_TPMI_ALG_HASH_Marshal, Tss2_MU_TPM2...
+#include "esys_mu.h"       // for FALSE
+#include "esys_types.h"    // for IESYS_SESSION, IESYS_RESOURCE, IESYS_RSRC_U...
+#include "tss2_esys.h"     // for ESYS_CONTEXT, ESYS_TR, ESYS_TR_NONE, ESYS_C...
+#include "tss2_mu.h"       // for Tss2_MU_TPMI_ALG_HASH_Marshal, Tss2_MU_TPM2...
+#include "util/aux_util.h" // for secure_mem_zero
 
 #define LOGMODULE esys
 #include "util/log.h" // for return_if_error, LOG_ERROR, LOG_TRACE, goto...
@@ -135,6 +137,7 @@ iesys_DeleteAllResourceObjects(ESYS_CONTEXT *esys_context) {
     RSRC_NODE_T *next_node_rsrc;
     for (node_rsrc = esys_context->rsrc_list; node_rsrc != NULL; node_rsrc = next_node_rsrc) {
         next_node_rsrc = node_rsrc->next;
+        secure_mem_zero(node_rsrc, sizeof(RSRC_NODE_T));
         free(node_rsrc);
     }
     esys_context->rsrc_list = NULL;
diff --git a/src/tss2-esys/esys_tr.c b/src/tss2-esys/esys_tr.c
@@ -427,6 +427,7 @@ Esys_TR_Close(ESYS_CONTEXT *esys_context, ESYS_TR *object) {
                 return TSS2_RC_SUCCESS;
             }
             *update_ptr = node->next;
+            secure_mem_zero(node, sizeof(RSRC_NODE_T));
             free(node);
             *object = ESYS_TR_NONE;
             return TSS2_RC_SUCCESS;
diff --git a/src/tss2-fapi/api/Fapi_ChangeAuth.c b/src/tss2-fapi/api/Fapi_ChangeAuth.c
@@ -4,6 +4,7 @@
  * All rights reserved.
  ******************************************************************************/
 
+#include "util/aux_util.h"
 #ifdef HAVE_CONFIG_H
 #include "config.h" // IWYU pragma: keep
 #endif
@@ -212,6 +213,7 @@ Fapi_ChangeAuth_Async(FAPI_CONTEXT *context, char const *entityPath, char const
 error_cleanup:
     /* Cleanup duplicated input parameters that were copied before. */
     SAFE_FREE(command->entityPath);
+    secure_mem_zero((void *)command->authValue, strlen(command->authValue));
     SAFE_FREE(command->authValue);
     return r;
 }
@@ -580,13 +582,15 @@ Fapi_ChangeAuth_Finish(FAPI_CONTEXT *context) {
     ifapi_cleanup_ifapi_object(&context->createPrimary.pkey_object);
     ifapi_cleanup_ifapi_object(command->key_object);
     SAFE_FREE(command->entityPath);
+    secure_mem_zero((void *)command->authValue, strlen(command->authValue));
     SAFE_FREE(command->authValue);
     if (command->pathlist) {
         for (size_t i = 0; i < command->numPathsCleanup; i++) {
             SAFE_FREE(command->pathlist[i]);
         }
         SAFE_FREE(command->pathlist);
     }
+    secure_mem_zero((void *)&command->newAuthValue, sizeof(TPM2B_AUTH));
     LOG_TRACE("finished");
     context->state = FAPI_STATE_INIT;
     return r;
diff --git a/src/tss2-fapi/api/Fapi_Provision.c b/src/tss2-fapi/api/Fapi_Provision.c
@@ -32,7 +32,7 @@
 #include "tss2_policy.h"             // for TSS2_OBJECT
 #include "tss2_tcti.h"               // for TSS2_TCTI_TIMEOUT_BLOCK
 #include "tss2_tpm2_types.h"         // for TPMS_CAPABILITY_DATA, TPMU_CAPABILITIES
-
+#include "util/aux_util.h"           // for UNUSED, secure_mem_zero
 #define LOGMODULE fapi
 #include "util/log.h" // for goto_if_error, SAFE_FREE, goto_error
 
@@ -1632,8 +1632,17 @@ Fapi_Provision_Finish(FAPI_CONTEXT *context) {
     ifapi_primary_clean(context);
     SAFE_FREE(command->root_crt);
     SAFE_FREE(*capabilityData);
+    if (command->authValueLockout) {
+        secure_mem_zero(command->authValueLockout, strlen(command->authValueLockout));
+    }
     SAFE_FREE(command->authValueLockout);
+    if (command->authValueEh) {
+        secure_mem_zero(command->authValueLockout, strlen(command->authValueEh));
+    }
     SAFE_FREE(command->authValueEh);
+    if (command->authValueSh) {
+        secure_mem_zero(command->authValueLockout, strlen(command->authValueSh));
+    }
     SAFE_FREE(command->authValueSh);
     SAFE_FREE(command->pem_cert);
     SAFE_FREE(certData);
diff --git a/src/tss2-fapi/fapi_int.h b/src/tss2-fapi/fapi_int.h
@@ -580,10 +580,10 @@ typedef struct {
     TPM2B_DATA             outsideInfo;
     TPML_PCR_SELECTION     creationPCR;
     ESYS_TR                handle;
-    const char            *authValueLockout;
-    const char            *authValueEh;
+    char                  *authValueLockout;
+    char                  *authValueEh;
     const char            *policyPathEh;
-    const char            *authValueSh;
+    char                  *authValueSh;
     const char            *policyPathSh;
     size_t                 digest_idx;
     size_t                 hash_size;
diff --git a/src/tss2-sys/api/Tss2_Sys_Finalize.c b/src/tss2-sys/api/Tss2_Sys_Finalize.c
@@ -8,10 +8,17 @@
 #include "config.h" // IWYU pragma: keep
 #endif
 
-#include "tss2_sys.h"      // for TSS2_SYS_CONTEXT, Tss2_Sys_Finalize
-#include "util/aux_util.h" // for UNUSED
+#include <string.h>
 
+#include "sysapi_util.h"   // for _TSS2_SYS_CONTEXT_BLOB, syscontext_cast
+#include "tss2_sys.h"      // for TSS2_SYS_CONTEXT, Tss2_Sys_Finalize
+#include "util/aux_util.h" // for UNUSED, secure_mem_zero
 void
 Tss2_Sys_Finalize(TSS2_SYS_CONTEXT *sysContext) {
-    UNUSED(sysContext);
+
+    TSS2_SYS_CONTEXT_BLOB *ctx = syscontext_cast(sysContext);
+
+    if (ctx && ctx->cmdBuffer) {
+        secure_mem_zero(ctx->cmdBuffer, ctx->maxCmdSize);
+    }
 }
diff --git a/src/util/aux_util.h b/src/util/aux_util.h
@@ -11,13 +11,47 @@
 #include <config.h>
 #endif
 #include <inttypes.h> // for PRIx32
+#include <string.h>   // for explicit_bzero
 
 #include "tss2_common.h"     // for TSS2_RC_SUCCESS, TSS2_RC_LAYER_MASK
 #include "tss2_tpm2_types.h" // for TPM2_RC_1, TPM2_RC_ASYMMETRIC, TPM2_RC_...
+#if defined(_WIN32)
+#include <windows.h> // for SecureZeroMemory
+#endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 
+/*
+ * secure_mem_zero(buf, size)
+ *
+ * Securely zeroes a memory region that may contain sensitive data.
+ *
+ * This macro ensures that the memory is actually overwritten and not
+ * optimized away by the compile.
+ */
+#if defined(__GLIBC__)
+#define secure_mem_zero(buf, size)                                                                 \
+    if ((buf) && (size))                                                                           \
+    explicit_bzero((buf), (size))
+#elif defined(_WIN32)
+#define secure_mem_zero(buf, size)                                                                 \
+    if ((buf) && (size))                                                                           \
+    SecureZeroMemory((buf), (size))
+#else
+#define secure_mem_zero(buf, size)                                                                 \
+    do {                                                                                           \
+        void  *mz_ptr = (buf);                                                                     \
+        size_t mz_len = (size);                                                                    \
+        if (mz_ptr && mz_len) {                                                                    \
+            volatile unsigned char *mz_p = (volatile unsigned char *)mz_ptr;                       \
+            while (mz_len--) {                                                                     \
+                *mz_p++ = 0;                                                                       \
+            }                                                                                      \
+        }                                                                                          \
+    } while (0)
+#endif
+
 #define SAFE_FREE(S)                                                                               \
     if ((S) != NULL) {                                                                             \
         free((void *)(S));                                                                         \
diff --git a/test/helper/cmocka_all.h b/test/helper/cmocka_all.h
@@ -21,4 +21,4 @@
 #include <cmocka.h> // IWYU: export
 // clang-format on
 
-#endif // CMOCKA_ALL_H
+#endif // CMOCKA_ALL_H
diff --git a/test/integration/sys-read-clock.int.c b/test/integration/sys-read-clock.int.c
@@ -98,4 +98,4 @@ test_invoke(TSS2_SYS_CONTEXT *sys_context) {
         return EXIT_FAILURE;
     }
     return (rc) ? EXIT_FAILURE : EXIT_SUCCESS;
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -427,6 +427,7 @@ Esys_TR_Close(ESYS_CONTEXT esys_context, ESYS_TR object) {`
`427`	`427`	`return TSS2_RC_SUCCESS;`
`428`	`428`	`}`
`429`	`429`	`*update_ptr = node->next;`
	`430`	`+ secure_mem_zero(node, sizeof(RSRC_NODE_T));`
`430`	`431`	`free(node);`
`431`	`432`	`*object = ESYS_TR_NONE;`
`432`	`433`	`return TSS2_RC_SUCCESS;`