From 93a53d72de92204b1b40594716e39d128c2e5d03 Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Mon, 16 Aug 2021 13:38:08 +0200
Subject: [PATCH 1/2] `mem_buf` only used with memory and pair BIOs

---
 src/ssl.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/ssl.c b/src/ssl.c
index 34b407e90..462fd0651 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -55994,9 +55994,8 @@ int wolfSSL_CONF_cmd(WOLFSSL_CONF_CTX* cctx, const char* cmd, const char* value)
             bio->shutdown = BIO_CLOSE; /* default to close things */
             bio->num = SOCKET_INVALID; /* Default to invalid socket */
             bio->init = 1;
-            if (method->type != WOLFSSL_BIO_FILE &&
-                    method->type != WOLFSSL_BIO_SOCKET &&
-                    method->type != WOLFSSL_BIO_MD) {
+            if (method->type == WOLFSSL_BIO_MEMORY ||
+                    method->type == WOLFSSL_BIO_BIO) {
                 bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM),
                                                        0, DYNAMIC_TYPE_OPENSSL);
                 if (bio->mem_buf == NULL) {

From bfbb445e06f9185086c9c49bf3aa36e8dd3df59a Mon Sep 17 00:00:00 2001
From: Juliusz Sosinowicz <juliusz@wolfssl.com>
Date: Sat, 14 Aug 2021 00:19:12 +0200
Subject: [PATCH 2/2] Register cleanup with atexit for OpenSSL compat layer

---
 configure.ac |  2 +-
 src/ssl.c    | 18 ++++++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index bc72485ea..b44af24d9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -115,7 +115,7 @@ AC_C_BIGENDIAN
 # check if functions of interest are linkable, but also check if
 # they're declared by the expected headers, and if not, supersede the
 # unusable positive from AC_CHECK_FUNCS().
-AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime])
+AC_CHECK_FUNCS([gethostbyname getaddrinfo gettimeofday gmtime_r inet_ntoa memset socket strftime atexit])
 AC_CHECK_DECLS([gethostbyname, getaddrinfo, gettimeofday, gmtime_r, inet_ntoa, memset, socket, strftime], [], [
 if test "$(eval echo \$"$(eval 'echo ac_cv_func_${as_decl_name}')")" = "yes"
 then
diff --git a/src/ssl.c b/src/ssl.c
index 462fd0651..a56377129 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -5004,6 +5004,16 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
 static int wolfSSL_RAND_InitMutex(void);
 #endif
 
+#if defined(OPENSSL_EXTRA) && defined(HAVE_ATEXIT)
+static void AtExitCleanup(void)
+{
+    if (initRefCount > 0) {
+        initRefCount = 1;
+        (void)wolfSSL_Cleanup();
+    }
+}
+#endif
+
 WOLFSSL_ABI
 int wolfSSL_Init(void)
 {
@@ -5024,6 +5034,14 @@ int wolfSSL_Init(void)
 #endif
 
 #ifdef OPENSSL_EXTRA
+    #ifdef HAVE_ATEXIT
+        /* OpenSSL registers cleanup using atexit */
+        if (atexit(AtExitCleanup) != 0) {
+            WOLFSSL_MSG("Bad atexit registration");
+            return WC_INIT_E;
+        }
+    #endif
+
     #ifndef WOLFSSL_NO_OPENSSL_RAND_CB
         if (wolfSSL_RAND_InitMutex() != 0) {
             return BAD_MUTEX_E;