From 76eec8884bd59e5ef81f363cdce0a3075ce077a7 Mon Sep 17 00:00:00 2001
From: Jacob Barthelmeh <jacob@wolfssl.com>
Date: Thu, 30 Jan 2020 10:22:01 -0700
Subject: [PATCH] clean up memory after test and don't leak x509 with get
 session peer

---
 src/ssl.c          | 16 +++++++++++++++-
 tests/api.c        |  4 +++-
 wolfssl/internal.h |  3 +++
 3 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 1f40611dd..67c1e4759 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -13468,9 +13468,14 @@ WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session)
             WOLFSSL_MSG("bad count found");
             return NULL;
         }
-        return wolfSSL_get_chain_X509(&session->chain, 0);
+
+        if (session->peer == NULL) {
+            session->peer = wolfSSL_get_chain_X509(&session->chain, 0);
+        }
+        return session->peer;
     }
     WOLFSSL_MSG("No session passed in");
+
     return NULL;
 }
 
@@ -21638,6 +21643,9 @@ WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
         } else {
             copy->ticket = copy->staticTicket;
         }
+#endif
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+        copy->peer = wolfSSL_X509_dup(session->peer);
 #endif
     }
     return copy;
@@ -21654,6 +21662,12 @@ void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
     if (session == NULL)
         return;
 
+#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
+    if (session->peer) {
+        wolfSSL_X509_free(session->peer);
+    }
+#endif
+
 #ifdef HAVE_EXT_CACHE
     if (session->isAlloced) {
     #ifdef HAVE_SESSION_TICKET
diff --git a/tests/api.c b/tests/api.c
index 81e7b0df0..5974c90ef 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -23993,7 +23993,7 @@ static void test_wolfSSL_BIO_should_retry(void)
     wolfSSL_SSLSetIORecv(ssl, forceWantRead);
 
     AssertNotNull(bio = BIO_new(BIO_f_ssl()));
-    BIO_set_ssl(bio, ssl, BIO_NOCLOSE);
+    BIO_set_ssl(bio, ssl, BIO_CLOSE);
 
     AssertIntLE(BIO_write(bio, msg, msgSz), 0);
     AssertIntNE(BIO_should_retry(bio), 0);
@@ -24013,6 +24013,7 @@ static void test_wolfSSL_BIO_should_retry(void)
     AssertIntEQ(XMEMCMP(reply, "I hear you fa shizzle!",
                 XSTRLEN("I hear you fa shizzle!")), 0);
     BIO_free(bio);
+    wolfSSL_CTX_free(ctx);
 
     join_thread(serverThread);
     FreeTcpReady(&ready);
@@ -24217,6 +24218,7 @@ static void test_wolfSSL_BIO_f_md(void)
 
     AssertIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0);
 
+    EVP_PKEY_free(key);
     BIO_free(bio);
     BIO_free(mem);
 
diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 17d9fc496..ec054c0ee 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -3076,6 +3076,9 @@ struct WOLFSSL_SESSION {
     byte               masterSecret[SECRET_LEN];  /* stored secret            */
     word16             haveEMS;                   /* ext master secret flag   */
 #ifdef SESSION_CERTS
+#ifdef OPENSSL_EXTRA
+    WOLFSSL_X509*      peer;                      /* peer cert */
+#endif
     WOLFSSL_X509_CHAIN chain;                     /* peer cert chain, static  */
     #ifdef WOLFSSL_ALT_CERT_CHAINS
     WOLFSSL_X509_CHAIN altChain;                  /* peer alt cert chain, static */