From 5bb12604667fa8f4b0917002a2797d424ef146dc Mon Sep 17 00:00:00 2001
From: Yosuke Shimizu <yosuke@wolfssl.com>
Date: Fri, 17 Apr 2026 11:04:22 +0900
Subject: [PATCH] Add wc_Sha256Free after the final use

---
 src/agent.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/agent.c b/src/agent.c
index 9f87e9207..7b7ac5c5d 100644
--- a/src/agent.c
+++ b/src/agent.c
@@ -436,6 +436,7 @@ static int PostAddRsaId(WOLFSSH_AGENT_CTX* agent,
             ret = wc_Sha256Update(&sha, key, nSz + eSz + (LENGTH_SZ * 2));
         if (ret == 0)
             ret = wc_Sha256Final(&sha, id->id);
+        wc_Sha256Free(&sha);
 
         if (ret == 0)
             ret = WS_SUCCESS;
@@ -518,6 +519,7 @@ static int PostAddEcdsaId(WOLFSSH_AGENT_CTX* agent,
                     curveNameSz + qSz + (LENGTH_SZ * 2));
         if (ret == 0)
             ret = wc_Sha256Final(&sha, id->id);
+        wc_Sha256Free(&sha);
 
         if (ret == 0)
             ret = WS_SUCCESS;
@@ -584,6 +586,7 @@ static int PostRemoveId(WOLFSSH_AGENT_CTX* agent,
             ret = wc_Sha256Update(&sha, keyBlob, keyBlobSz);
         if (ret == 0)
             ret = wc_Sha256Final(&sha, id);
+        wc_Sha256Free(&sha);
         ret = (ret == 0) ? WS_SUCCESS : WS_CRYPTO_FAILED;
     }
 
@@ -661,6 +664,10 @@ static WOLFSSH_AGENT_ID* FindKeyId(WOLFSSH_AGENT_ID* id,
         ret = wc_Sha256Final(&sha, digest);
         ret = (ret == 0) ? WS_SUCCESS : WS_CRYPTO_FAILED;
     }
+    else {
+        ret = WS_CRYPTO_FAILED;
+    }
+    wc_Sha256Free(&sha);
 
     if (ret == WS_SUCCESS) {
         while (id != NULL &&
@@ -669,6 +676,9 @@ static WOLFSSH_AGENT_ID* FindKeyId(WOLFSSH_AGENT_ID* id,
             id = id->next;
         }
     }
+    else {
+        id = NULL;
+    }
 
     return id;
 }