Fix more memory leaks on malloc failure.

Caught by malloc valgrind tests on Basic-Client-Sync. Also one by inspection
and verified with valgrind. Those should pass now with the exception of
CRYPTO_free_ex_data being internally implemented with malloc.

(Clearly we next should make our malloc tests assert that the containing
function fails to catch when we fail to check for some error and things
silently move one.)

Change-Id: I56c51dc8a32a7d3c7ac907d54015dc241728c761
Reviewed-on: https://boringssl-review.googlesource.com/3440
Reviewed-by: Adam Langley <agl@google.com>

crypto/asn1/tasn_new.c

@@ -212,6 +212,7 @@ static int asn1_item_ex_combine_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
 
 	memerr:
 	OPENSSL_PUT_ERROR(ASN1, asn1_item_ex_combine_new,  ERR_R_MALLOC_FAILURE);
+	ASN1_item_ex_free(pval, it);
 #ifdef CRYPTO_MDEBUG
 	if (it->sname) CRYPTO_pop_info();
 #endif

crypto/ec/ec_montgomery.c

@@ -247,6 +247,9 @@ err:
   if (mont != NULL) {
     BN_MONT_CTX_free(mont);
   }
+  if (one != NULL) {
+    BN_free(one);
+  }
   return ret;
 }
 

ssl/s3_clnt.c

@@ -1243,8 +1243,12 @@ int ssl3_get_server_key_exchange(SSL *s) {
     }
 
     ngroup = EC_GROUP_new_by_curve_name(curve_nid);
-    if (ngroup == NULL ||
-        EC_KEY_set_group(ecdh, ngroup) == 0) {
+    if (ngroup == NULL) {
+      OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, ERR_R_EC_LIB);
+      goto err;
+    }
+    if (!EC_KEY_set_group(ecdh, ngroup)) {
+      EC_GROUP_free(ngroup);
       OPENSSL_PUT_ERROR(SSL, ssl3_get_server_key_exchange, ERR_R_EC_LIB);
       goto err;
     }

ssl/s3_srvr.c

@@ -1979,6 +1979,7 @@ int ssl3_get_client_key_exchange(SSL *s) {
     if (premaster_secret == NULL) {
       OPENSSL_PUT_ERROR(SSL, ssl3_get_client_key_exchange,
                         ERR_R_MALLOC_FAILURE);
+      BN_clear_free(pub);
       goto err;
     }