Initial implementation of new option to always copy over key to SSL ctx

wolfSSL · Sep 23, 2024 · 634e547 · 634e547
1 parent bc68819
commit 634e547
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/src/internal.c b/src/internal.c
@@ -6829,7 +6829,14 @@ int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
  ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+ AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+ ctx->privateKey->length, ctx->privateKey->type,
+ ctx->privateKey->heap);
+ ssl->buffers.weOwnKey = 1;
+#else
  ssl->buffers.key = ctx->privateKey;
+#endif
 #else
  if (ctx->privateKey != NULL) {
  AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

diff --git a/src/ssl.c b/src/ssl.c
@@ -20410,7 +20410,14 @@ WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
  ssl->buffers.certChainCnt = ctx->certChainCnt;
 #endif
 #ifndef WOLFSSL_BLIND_PRIVATE_KEY
+#ifdef WOLFSSL_COPY_KEY
+ AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,
+ ctx->privateKey->length, ctx->privateKey->type,
+ ctx->privateKey->heap);
+ ssl->buffers.weOwnKey = 1;
+#else
  ssl->buffers.key = ctx->privateKey;
+#endif
 #else
  if (ctx->privateKey != NULL) {
  AllocCopyDer(&ssl->buffers.key, ctx->privateKey->buffer,

diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
@@ -3581,6 +3581,11 @@ extern void uITRON4_free(void *p) ;
  #define WOLFSSL_COPY_CERT
 #endif
 
+#if defined(OPENSSL_ALL) && !defined(WOLFSSL_NO_COPY_KEY)
+ #undef WOLFSSL_COPY_KEY
+ #define WOLFSSL_COPY_KEY
+#endif
+
 /*
  * Keeps the "Finished" messages after a TLS handshake for use as the so-called
  * "tls-unique" channel binding. See comment in internal.h around clientFinished