From c500fd5a865b86783437ba5a6023783f6b7098b6 Mon Sep 17 00:00:00 2001
From: Sean Parkinson <sean@wolfssl.com>
Date: Wed, 19 Jun 2019 08:39:15 +1000
Subject: [PATCH] Free RSA key later in TLS v1.3 CertificateVerify

---
 src/tls13.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/tls13.c b/src/tls13.c
index d37835a49..a054f60e3 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5835,9 +5835,6 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                 if (ret >= 0) {
                     args->sendSz = ret;
                     ret = 0;
-
-                    FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
-                    ssl->peerRsaKeyPresent = 0;
                 }
             }
         #endif /* !NO_RSA */
@@ -5901,6 +5898,9 @@ static int DoTls13CertificateVerify(WOLFSSL* ssl, byte* input,
                                         args->output, args->sendSz);
                 if (ret != 0)
                     goto exit_dcv;
+
+                FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
+                ssl->peerRsaKeyPresent = 0;
             }
         #endif /* !NO_RSA */