From 4ec0591e457e8f00f60998b57487fc3513528901 Mon Sep 17 00:00:00 2001
From: kaleb-himes <kaleb@wolfssl.com>
Date: Mon, 6 Apr 2020 09:43:24 -0600
Subject: [PATCH] Avoid leak when HAVE_AESGCM and NO_AES_DECRYPT. Thanks to
 G.G. on ZD #10106 for the report

---
 src/internal.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/internal.c b/src/internal.c
index 320bb78e3..932fe161d 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -2014,7 +2014,9 @@ void FreeCiphers(WOLFSSL* ssl)
     XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
     XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
 #endif
-#ifdef BUILD_AES
+#if defined(BUILD_AES) || defined(BUILD_AESGCM) /* See: InitKeys() in keys.c
+                                                 * on addition of BUILD_AESGCM
+                                                 * check (enc->aes, dec->aes) */
     wc_AesFree(ssl->encrypt.aes);
     wc_AesFree(ssl->decrypt.aes);
     #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \