Fix memleak in EdDSA key conversion API

[maxtropets]

Minimal repro

  auto jwk_str =
    "{\"crv\":\"X25519\",\"d\":\"iBajS4-xI2dTNNY_WZ94kX8EfVUy_oNMGDmnnA92IlA\","
    "\"kid\":\"4t4Ravodr_J_FHqBzPcy3ZW0PcwB_31AtbV4fyOOOwc\",\"kty\":\"OKP\","
    "\"x\":\"YmDs4SXGtFbHE5Ad4dw6qjoDVCrQBOOIshA9wN55Az4\"}";
  JsonWebKeyEdDSAPrivate jwk = nlohmann::json::parse(jwk_str);
  auto kp2 = ccf::crypto::make_eddsa_key_pair(jwk);

causes

==5128==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x58fe3003a1bf in malloc (/home/maxtropets/workspace/CCF/build/crypto_test+0x2ff1bf)
    #1 0x7c54ac218c30 in CRYPTO_malloc (/usr/lib/libcrypto.so.3+0x218c30)

SUMMARY: AddressSanitizer: 56 byte(s) leaked in 1 allocation(s).

[maxtropets]

Happens in

  EdDSAKeyPair_OpenSSL::EdDSAKeyPair_OpenSSL(const JsonWebKeyEdDSAPrivate& jwk)
  {
    OpenSSL::CHECKNULL(
      key = EVP_PKEY_new_raw_private_key(
        curve, nullptr, d_raw.data(), d_raw.size()));
  }

[maxtropets]

Basic googling didn't reveal any known bugs. Tried quick possible quick mitigations

• slapping OPENSSL_cleanup()
• using EVP_PKEY_new_raw_private_key_ex()

No luck here.

Didn't find any other examples of how does one create an EdDSA key.

Will try build OpenSSL from source and get a more precise leak location.

[maxtropets]

Looks similar openssl/openssl#11064

[maxtropets]

Tried

root [ /workspace/build ]# ./crypto_test
[doctest] doctest version is "2.4.11"
[doctest] run with "--help" for options
===============================================================================
[doctest] test cases: 1 | 1 passed | 0 failed | 0 skipped
[doctest] assertions: 0 | 0 passed | 0 failed |
[doctest] Status: SUCCESS!

=================================================================
==30066==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 56 byte(s) in 1 object(s) allocated from:
    #0 0x558bc60961bf in malloc (/workspace/build/crypto_test+0x2ff1bf)
    #1 0x7f7ffe204c30 in CRYPTO_malloc (/usr/lib/libcrypto.so.3+0x218c30)

SUMMARY: AddressSanitizer: 56 byte(s) leaked in 1 allocation(s).
root [ /workspace/build ]# cd /usr/l
bash: cd: /usr/l: No such file or directory
root [ /workspace/build ]# cd /usr/lib
root [ /usr/lib ]# cd /usr/lc^C
root [ /usr/lib ]# ^C
root [ /usr/lib ]# rm libcrypto.so.3
root [ /usr/lib ]# ln -s /opt/openssl/lib64/libcrypto.so.3 libcrypto.so.3
root [ /usr/lib ]# ln -s /opt/openssl/lib64/libcrypto.so.3 libcrypto.s^C3
root [ /usr/lib ]# rm libssl.so.3
root [ /usr/lib ]# ln -s /opt/openssl/lib64/libssl.so.3 libssl.so.3
root [ /usr/lib ]# cd -
/workspace/build
root [ /workspace/build ]# ./crypto_test
[doctest] doctest version is "2.4.11"
[doctest] run with "--help" for options
===============================================================================
[doctest] test cases: 1 | 1 passed | 0 failed | 0 skipped
[doctest] assertions: 0 | 0 passed | 0 failed |
[doctest] Status: SUCCESS!
root [ /workspace/build ]#

Long story short, rebulding openssl 3.3.2 from source solved the issue. I assume there's an issue with symcrypt here.