Closed joshuagl closed 5 years ago
Just had a quick look and, don't you need to call Esys_TR_Close() on the ak_handle? https://github.com/joshuagl/tpm2-tools/blob/joshuagl/esapi-integration/tools/tpm2_createak.c#L399
It may be correct to call Esys_TR_Close()
on _akhandle but that doesn't appear to be the cause of the leak - adding in an Esys_TR_Close()
call doesn't remove the leak and we have a similar mismatched Esys_EvictControl()
call without corresponding Esys_TR_Close()
call in _tpm2getmanufec, but we don't see a similar leak there.
https://github.com/joshuagl/tpm2-tools/blob/joshuagl/esapi-integration/tools/tpm2_getmanufec.c#L217
Since the switch to using the OpenSSL crypto backend by default I've noticed my branch porting the tpm2-tools to ESAPI (tpm2-software/tpm2-tools#1239) is failing in our CI builds at integration testing time when built with clang and ASAN, for example:
At first I thought this was a leak in OpenSSL itself as our container images were running an older OpenSSL, however I've reproduced on Ubuntu 18.04 with OpenSSL 1.1.0g and the OpenSSL FAQ states that: "Starting with OpenSSL 1.1.0, everything should be cleaned up on exit (or when the shared library unloads)." FAQ 14
For now I'm switching to using the gnucrypt backend when building with clang on our CI in order to work around this.