Initial implementation of new option to always copy over key to SSL ctx

src/internal.c

@@ -6829,7 +6829,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+    AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        ctx->privateKey->length, ctx->privateKey->type,
+        ctx->privateKey->heap);
+    ssl->buffers.weOwnKey = 1;
+#else
     ssl->buffers.key      = ctx->privateKey;
+#endif
 #else
     if (ctx->privateKey != NULL) {
         AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

src/ssl.c

@@ -20410,7 +20410,14 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
     ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+    AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+        ctx->privateKey->length, ctx->privateKey->type,
+        ctx->privateKey->heap);
+    ssl->buffers.weOwnKey = 1;
+#else
     ssl->buffers.key      = ctx->privateKey;
+#endif
 #else
     if (ctx->privateKey != NULL) {
         AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

wolfssl/wolfcrypt/settings.h

@@ -3581,6 +3581,11 @@ extern void uITRON4_free(void *p) ;
     #define WOLFSSL_COPY_CERT
 #endif
 
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
+    #undef WOLFSSL_COPY_KEY
+    #define WOLFSSL_COPY_KEY
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished