Fix memory leak around the libcrypto boundary

[colmmacc]

Several functions allocate memory through calls into libcrypto and release it upon successful completion. However the memory is not released under some error conditions which cause
the functions to return early resulting in the memory being leaked.

s2n_dh_compute_shared_secret_as_server() is called by TLS servers every time a client negotiates a session key using integer Diffie-Hellman. It makes one allocation using BN_bin2bn() to hold the client's public key. If the public key is invalid (for instance, all zeroes) the call to DH_compute_key will fail resulting in pub_key memory not being freed. With enough invocations, this could lead to memory exhaustion.

The function s2n_asn1der_to_rsa_public_key() decodes a DER-encoded certificate and extracts an RSA public key from it. Two memory allocations are made in this function by the calls to d2i_X509() and X590_get_pubkey(). Both are correctly released when the function returns. However it can return early under a few error conditions, such as if the certificate does not contain an RSA public key. In these cases the allocations are leaked. At the moment this leak affects only TLS clients since this function is only called on clients.

s2n_pkcs3_to_dh_params() is used to load integer Diffie-Hellman parameters on TLS servers. It makes one allocation using d2i_DHparams() which is not cleaned up if the parameters contain extraneous data. This function is only called during server start-up so it does not appear to be remotely exploitable.