Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment.

src/internal.c

@@ -2252,13 +2252,25 @@ void wolfSSL_CRYPTO_cleanup_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data)
 }
 #endif /* HAVE_EX_DATA_CLEANUP_HOOKS */
 
-/* In case contexts are held in array and don't want to free actual ctx */
+/* In case contexts are held in array and don't want to free actual ctx. */
+
+/* The allocations done in InitSSL_Ctx must be free'd with ctx->onHeapHint
+ * logic. A WOLFSSL_CTX can be assigned a static memory heap hint using 
+ * wolfSSL_CTX_load_static_memory after CTX creation, which means variables 
+ * allocated in InitSSL_Ctx were allocated from heap and should be free'd with 
+ * a NULL heap hint. */
 void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
 {
 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && \
                      defined(HAVE_TLS_EXTENSIONS) && !defined(NO_WOLFSSL_SERVER)
     int i;
 #endif
+    void* heapAtCTXInit = ctx->heap;
+#ifdef WOLFSSL_STATIC_MEMORY
+    if (ctx->onHeapHint == 0) {
+        heapAtCTXInit = NULL;
+    }
+#endif
 
 #ifdef HAVE_EX_DATA_CLEANUP_HOOKS
     wolfSSL_CRYPTO_cleanup_ex_data(&ctx->ex_data);
@@ -2268,17 +2280,9 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
     wolfEventQueue_Free(&ctx->event_queue);
 #endif /* HAVE_WOLF_EVENT */
 
-#ifdef WOLFSSL_STATIC_MEMORY
-    if (ctx->onHeap == 1) {
-        XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
-    }
-    else {
-        XFREE(ctx->method, NULL, DYNAMIC_TYPE_METHOD);
-    }
-#else
-    XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
-#endif
+    XFREE(ctx->method, heapAtCTXInit, DYNAMIC_TYPE_METHOD);
     ctx->method = NULL;
+
     if (ctx->suites) {
         XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
         ctx->suites = NULL;
@@ -2366,7 +2370,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         ctx->alpn_cli_protos = NULL;
     }
     if (ctx->param) {
-        XFREE(ctx->param, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        XFREE(ctx->param, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
         ctx->param = NULL;
     }
 
@@ -2378,7 +2382,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         
 #endif
         wc_FreeMutex(&ctx->x509_store.lookup.dirs->lock);
-        XFREE(ctx->x509_store.lookup.dirs, ctx->heap, DYNAMIC_TYPE_OPENSSL);
+        XFREE(ctx->x509_store.lookup.dirs, heapAtCTXInit, DYNAMIC_TYPE_OPENSSL);
     }
 #endif
 #ifdef WOLFSSL_STATIC_EPHEMERAL
@@ -2395,6 +2399,7 @@ void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
         FreeDer(&ctx->staticKE.x25519Key);
     #endif
 #endif
+    (void)heapAtCTXInit;
 }
 
 #ifdef WOLFSSL_STATIC_MEMORY
@@ -2418,7 +2423,7 @@ void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
     int refCount;
     void* heap = ctx->heap;
 #ifdef WOLFSSL_STATIC_MEMORY
-    if (ctx->onHeap == 0) {
+    if (ctx->onHeapHint == 0) {
         heap = NULL;
     }
 #endif

src/ssl.c

@@ -469,14 +469,14 @@ WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
     if (method == NULL)
         return ctx;
 
-    ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
+    ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
     if (ctx) {
         int ret;
 
         ret = InitSSL_Ctx(ctx, method, heap);
     #ifdef WOLFSSL_STATIC_MEMORY
         if (heap != NULL) {
-            ctx->onHeap = 1; /* free the memory back to heap when done */
+            ctx->onHeapHint = 1; /* free the memory back to heap when done */
         }
     #endif
         if (ret < 0) {