Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.

src/sniffer.c

@@ -2660,7 +2660,9 @@ static int ProcessClientKeyExchange(const byte* input, int* sslBytes,
     keys.x25519Key = session->sslServer->staticKE.x25519Key;
     #endif
 #endif
+#ifndef NO_RSA
     keys.rsaKey = session->sslServer->buffers.key;
+#endif
     return SetupKeys(input, sslBytes, session, error, NULL, &keys);
 }
 
@@ -3283,7 +3285,9 @@ static int ProcessServerHello(int msgSz, const byte* input, int* sslBytes,
     if (IsAtLeastTLSv1_3(session->sslServer->version) && session->srvKs.key_len > 0) {
         KeyBuffers_t keys;
         XMEMSET(&keys, 0, sizeof(keys));
+    #ifndef NO_RSA
         keys.rsaKey = session->sslServer->buffers.key;
+    #endif
     #ifdef WOLFSSL_STATIC_EPHEMERAL
         #ifndef NO_DH
         keys.dhKey = session->sslServer->staticKE.dhKey;
@@ -6042,15 +6046,18 @@ int ssl_SetWatchKey_buffer(void* vSniffer, const byte* key, word32 keySz,
     ret = wolfSSL_set_ephemeral_key(sniffer->sslServer, 
         WC_PK_TYPE_NONE, (const char*)key, keySz,
             WOLFSSL_FILETYPE_ASN1);
-    if (ret == 0) {
-        ret = WOLFSSL_SUCCESS;
+    if (ret != 0) {
+    #ifdef DEBUG_SNIFFER
+        /* print warnings */
+        printf("key watch set ephemeral failed %d\n", ret);
+    #endif
     }
-    else
 #endif
-    {
+
+    /* always try and load private key */
     ret = wolfSSL_use_PrivateKey_buffer(sniffer->sslServer,
         key, keySz, keyType);
-    }
+
     if (ret != WOLFSSL_SUCCESS) {
         SetError(KEY_FILE_STR, error, sniffer, FATAL_ERROR_STATE);
         return -1;

sslSniffer/sslSnifferTest/snifftest.c

@@ -133,16 +133,16 @@ enum {
 
 #ifdef WOLFSSL_SNIFFER_WATCH
 static const byte rsaHash[] = {
-    0x4e, 0xa8, 0x55, 0x02, 0xe1, 0x84, 0x7e, 0xe1, 
-    0xb5, 0x97, 0xd2, 0xf0, 0x92, 0x3a, 0xfd, 0x0d, 
-    0x98, 0x26, 0x06, 0x85, 0x8d, 0xa4, 0xc7, 0x35, 
-    0xd4, 0x74, 0x8f, 0xd0, 0xe7, 0xa8, 0x27, 0xaa
+    0x3d, 0x4a, 0x60, 0xfc, 0xbf, 0xe5, 0x4d, 0x3e,
+    0x85, 0x62, 0xf2, 0xfc, 0xdb, 0x0d, 0x51, 0xdd,
+    0xcd, 0xc2, 0x53, 0x81, 0x1a, 0x67, 0x31, 0xa0,
+    0x7f, 0xd2, 0x11, 0x74, 0xbf, 0xea, 0xc9, 0xc5
 };
 static const byte eccHash[] = {
-    0x80, 0x3d, 0xff, 0xca, 0x2e, 0x20, 0xd9, 0xdf, 
-    0xfe, 0x64, 0x4e, 0x25, 0x6a, 0xee, 0xee, 0x60, 
-    0xc1, 0x48, 0x7b, 0xff, 0xa0, 0xfb, 0xeb, 0xac, 
-    0xe2, 0xa4, 0xdd, 0xb5, 0x18, 0x38, 0x78, 0x38
+    0x9e, 0x45, 0xb6, 0xf8, 0xc6, 0x5d, 0x60, 0x90,
+    0x40, 0x8f, 0xd2, 0x0e, 0xb1, 0x59, 0xe7, 0xbd,
+    0xb0, 0x9b, 0x3c, 0x7a, 0x3a, 0xbe, 0x13, 0x52,
+    0x07, 0x4f, 0x1a, 0x64, 0x45, 0xe0, 0x13, 0x34
 };
 #endif
 

wolfcrypt/test/test.c

@@ -1237,7 +1237,7 @@ initDefaultName();
 #endif
 
 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \
-   !defined(NO_FILESYSTEM)
+   !defined(NO_FILESYSTEM) && !defined(NO_RSA)
     if ( (ret = certext_test()) != 0)
         return err_sys("CERT EXT test failed!\n", ret);
     else
@@ -12578,7 +12578,7 @@ WOLFSSL_TEST_SUBROUTINE int certext_test(void)
 
     return 0;
 }
-#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT */
+#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && !NO_FILESYSTEM */
 
 #if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \
     defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)