From 9d1b855129b91f882857105a257427c804ee52f6 Mon Sep 17 00:00:00 2001
From: Felipe Pena <felipensp@gmail.com>
Date: Mon, 13 Jan 2025 00:01:33 -0300
Subject: [PATCH] crypto.ecdsa: fix memleaks, reported by the CI sanitizer jobs
 (#23450)

---
 vlib/crypto/ecdsa/ecdsa_test.v | 3 +++
 vlib/crypto/ecdsa/util.v       | 1 +
 vlib/crypto/ecdsa/util_test.v  | 3 +++
 3 files changed, 7 insertions(+)

diff --git a/vlib/crypto/ecdsa/ecdsa_test.v b/vlib/crypto/ecdsa/ecdsa_test.v
index 07b24ab8f8..cd8bb4c301 100644
--- a/vlib/crypto/ecdsa/ecdsa_test.v
+++ b/vlib/crypto/ecdsa/ecdsa_test.v
@@ -31,6 +31,7 @@ fn test_ecdsa_signing_with_options() {
 	// Verify the signature
 	is_valid := pub_key.verify(message, signature) or { panic(err) }
 	println('Signature valid: ${is_valid}')
+	key_free(pub_key.key)
 	assert is_valid
 }
 
@@ -97,6 +98,8 @@ fn test_private_key_equality_on_different_curve() ! {
 	// using different group
 	priv_key2 := new_key_from_seed(seed, nid: .secp384r1) or { panic(err) }
 	assert !priv_key1.equal(priv_key2)
+	key_free(priv_key1.key)
+	key_free(priv_key2.key)
 }
 
 fn test_public_key_equal() ! {
diff --git a/vlib/crypto/ecdsa/util.v b/vlib/crypto/ecdsa/util.v
index cd5bff006e..4a96d0badc 100644
--- a/vlib/crypto/ecdsa/util.v
+++ b/vlib/crypto/ecdsa/util.v
@@ -93,6 +93,7 @@ pub fn pubkey_from_bytes(bytes []u8) !PublicKey {
 		&& nidgroup != nid_secp256k1 {
 		return error('Unsupported group')
 	}
+	C.EVP_PKEY_free(pub_key)
 	// Its OK to return
 	return PublicKey{
 		key: eckey
diff --git a/vlib/crypto/ecdsa/util_test.v b/vlib/crypto/ecdsa/util_test.v
index 410539ecb9..75eec855f2 100644
--- a/vlib/crypto/ecdsa/util_test.v
+++ b/vlib/crypto/ecdsa/util_test.v
@@ -34,6 +34,7 @@ fn test_load_pubkey_from_der_serialized_bytes() ! {
 	hashed_msg := sha512.sum384(message_tobe_signed.bytes())
 	status_with_hashed := pbkey.verify(hashed_msg, expected_signature)!
 	assert status_with_hashed == true
+	key_free(pbkey.key)
 }
 
 fn test_for_pubkey_bytes() ! {
@@ -45,4 +46,6 @@ fn test_for_pubkey_bytes() ! {
 	assert pvkey.seed()!.hex() == pv
 	pbkey := pvkey.public_key()!
 	assert pbkey.bytes()!.hex() == pb
+	key_free(pbkey.key)
+	key_free(pvkey.key)
 }