From e4da9c6f48f55d118580bbb599905c242508082c Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Fri, 22 Oct 2021 14:29:06 -0700
Subject: [PATCH] Fix for sniffer key callback. Fix for building sniffer
 without RSA. Fix for wolfCrypt test cert ext without RSA.

---
 src/sniffer.c                         | 21 ++++++++++++++-------
 sslSniffer/sslSnifferTest/snifftest.c | 22 +++++++++++-----------
 wolfcrypt/test/test.c                 |  4 ++--
 3 files changed, 27 insertions(+), 20 deletions(-)

diff --git a/src/sniffer.c b/src/sniffer.c
index 7995b5843..6cfb52548 100644
--- a/src/sniffer.c
+++ b/src/sniffer.c
@@ -2660,7 +2660,9 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
     keys.x25519Key = session->sslServer->staticKE.x25519Key;
     #endif
 #endif
+#ifndef NO_RSA
     keys.rsaKey = session->sslServer->buffers.key;
+#endif
     return SetupKeys(input, sslBytes, session, error, NULL, &keys);
 }
 
@@ -3283,7 +3285,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) {
         KeyBuffers_t keys;
         XMEMSET(&keys, 0, sizeof(keys));
+    #ifndef NO_RSA
         keys.rsaKey = session->sslServer->buffers.key;
+    #endif
     #ifdef WOLFSSL_STATIC_EPHEMERAL
         #ifndef NO_DH
         keys.dhKey = session->sslServer->staticKE.dhKey;
@@ -6042,15 +6046,18 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     ret = wolfSSL_set_ephemeral_key(sniffer->sslServer, 
         WC_PK_TYPE_NONE, (const char*)key, keySz,
             WOLFSSL_FILETYPE_ASN1);
-    if (ret == 0) {
-        ret = WOLFSSL_SUCCESS;
+    if (ret != 0) {
+    #ifdef DEBUG_SNIFFER
+        /* print warnings */
+        printf("key watch set ephemeral failed %d\n", ret);
+    #endif
     }
-    else
 #endif
-    {
-        ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
-            key, keySz, keyType);
-    }
+
+    /* always try and load private key */
+    ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
+        key, keySz, keyType);
+
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
         return -1;
diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c
index 4e0a4fe8d..171662be8 100644
--- a/sslSniffer/sslSnifferTest/snifftest.c
+++ b/sslSniffer/sslSnifferTest/snifftest.c
@@ -129,20 +129,20 @@ enum {
         #define DEFAULT_SERVER_KEY DEFAULT_SERVER_KEY_ECC
     #endif
 #endif
-     
+
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 static const byte rsaHash[] = {
-    0x4e, 0xa8, 0x55, 0x02, 0xe1, 0x84, 0x7e, 0xe1, 
-    0xb5, 0x97, 0xd2, 0xf0, 0x92, 0x3a, 0xfd, 0x0d, 
-    0x98, 0x26, 0x06, 0x85, 0x8d, 0xa4, 0xc7, 0x35, 
-    0xd4, 0x74, 0x8f, 0xd0, 0xe7, 0xa8, 0x27, 0xaa
+    0x3d, 0x4a, 0x60, 0xfc, 0xbf, 0xe5, 0x4d, 0x3e,
+    0x85, 0x62, 0xf2, 0xfc, 0xdb, 0x0d, 0x51, 0xdd,
+    0xcd, 0xc2, 0x53, 0x81, 0x1a, 0x67, 0x31, 0xa0,
+    0x7f, 0xd2, 0x11, 0x74, 0xbf, 0xea, 0xc9, 0xc5
 };
 static const byte eccHash[] = {
-    0x80, 0x3d, 0xff, 0xca, 0x2e, 0x20, 0xd9, 0xdf, 
-    0xfe, 0x64, 0x4e, 0x25, 0x6a, 0xee, 0xee, 0x60, 
-    0xc1, 0x48, 0x7b, 0xff, 0xa0, 0xfb, 0xeb, 0xac, 
-    0xe2, 0xa4, 0xdd, 0xb5, 0x18, 0x38, 0x78, 0x38
+    0x9e, 0x45, 0xb6, 0xf8, 0xc6, 0x5d, 0x60, 0x90,
+    0x40, 0x8f, 0xd2, 0x0e, 0xb1, 0x59, 0xe7, 0xbd,
+    0xb0, 0x9b, 0x3c, 0x7a, 0x3a, 0xbe, 0x13, 0x52,
+    0x07, 0x4f, 0x1a, 0x64, 0x45, 0xe0, 0x13, 0x34
 };
 #endif
 
@@ -327,7 +327,7 @@ static int myStoreDataCb(const unsigned char* decryptBuf,
 /* try and load as both static ephemeral and private key */
 /* only fail if no key is loaded */
 /* Allow comma seperated list of files */
-static int load_key(const char* name, const char* server, int port, 
+static int load_key(const char* name, const char* server, int port,
     const char* keyFiles, const char* passwd, char* err)
 {
     int ret = -1;
@@ -356,7 +356,7 @@ static int load_key(const char* name, const char* server, int port,
     #endif
         if (ret == 0)
             loadCount++;
-        
+
         if (loadCount == 0) {
             printf("Failed loading private key %s: ret %d\n", keyFile, ret);
             printf("Please run directly from sslSniffer/sslSnifferTest dir\n");
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index bc7f7c4cc..b6bba8d81 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -1237,7 +1237,7 @@ initDefaultName();
 #endif
 
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     if ( (ret = certext_test()) != 0)
         return err_sys("CERT EXT test failed!\n", ret);
     else
@@ -12578,7 +12578,7 @@ WOLFSSL_TEST_SUBROUTINE int certext_test(void)
 
     return 0;
 }
-#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
+#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
 
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)