Possible leaks in tss2-esys OpenSSL crypto backend

[joshuagl]

Since the switch to using the OpenSSL crypto backend by default I've noticed my branch porting the tpm2-tools to ESAPI (tpm2-software/tpm2-tools#1239) is failing in our CI builds at integration testing time when built with clang and ASAN, for example:

==956==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 224 byte(s) in 4 object(s) allocated from:

0 0x4dd6a8 in __interceptor_malloc (/workspace/tpm2-tools/build/tools/tpm2_createak+0x4dd6a8)

#1 0x7fd1c6867e77 in CRYPTO_malloc (/lib/x86_64-linux-gnu/libcrypto.so.1.0.0+0x62e77)

Indirect leak of 100 byte(s) in 8 object(s) allocated from:

0 0x4dd6a8 in __interceptor_malloc (/workspace/tpm2-tools/build/tools/tpm2_createak+0x4dd6a8)

#1 0x7fd1c6867e77 in CRYPTO_malloc (/lib/x86_64-linux-gnu/libcrypto.so.1.0.0+0x62e77)

SUMMARY: AddressSanitizer: 324 byte(s) leaked in 12 allocation(s).

At first I thought this was a leak in OpenSSL itself as our container images were running an older OpenSSL, however I've reproduced on Ubuntu 18.04 with OpenSSL 1.1.0g and the OpenSSL FAQ states that: "Starting with OpenSSL 1.1.0, everything should be cleaned up on exit (or when the shared library unloads)." FAQ 14

For now I'm switching to using the gnucrypt backend when building with clang on our CI in order to work around this.

[tstruk]

Just had a quick look and, don't you need to call Esys_TR_Close() on the ak_handle? https://github.com/joshuagl/tpm2-tools/blob/joshuagl/esapi-integration/tools/tpm2_createak.c#L399

[joshuagl]

It may be correct to call Esys_TR_Close() on _akhandle but that doesn't appear to be the cause of the leak - adding in an Esys_TR_Close() call doesn't remove the leak and we have a similar mismatched Esys_EvictControl() call without corresponding Esys_TR_Close() call in _tpm2getmanufec, but we don't see a similar leak there. https://github.com/joshuagl/tpm2-tools/blob/joshuagl/esapi-integration/tools/tpm2_getmanufec.c#L217