From 7879e83ae0eaf34bf24126e0e672f8b5e3eefe12 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Thu, 4 Jun 2020 16:31:19 -0700
Subject: [PATCH] Fixes for building with `./configure --enable-tls13
 --disable-rsa --disable-ecc --enable-psk`. Fix to properly detect if missing
 a asymmetric key algorithm (required by TLS v1.3).

---
 configure.ac   | 4 ++--
 src/tls13.c    | 9 +++++++--
 tests/suites.c | 6 ++++--
 3 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/configure.ac b/configure.ac
index 017f0b4cc..f027c92ae 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3137,8 +3137,8 @@ then
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_REQUIRE_FFDHE"
 fi
 
-# TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or DH
-if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_DH" = "xno"
+# TLS 1.3 Requires either ECC, CURVE25519, CURVE448 or RSA
+if test "x$ENABLED_ECC" = "xno" && test "x$ENABLED_CURVE25519" = "xno" && test "x$ENABLED_CURVE448" = "xno" && test "x$ENABLED_RSA" = "xno"
 then
     # disable TLS 1.3
     ENABLED_TLS13=no
diff --git a/src/tls13.c b/src/tls13.c
index db3284254..c70e37241 100644
--- a/src/tls13.c
+++ b/src/tls13.c
@@ -5036,6 +5036,8 @@ static int SendTls13Certificate(WOLFSSL* ssl)
     return ret;
 }
 
+#if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \
+     defined(HAVE_ED448)
 typedef struct Scv13Args {
     byte*  output; /* not allocated */
     byte*  verify; /* not allocated */
@@ -5420,6 +5422,7 @@ exit_scv:
 
     return ret;
 }
+#endif
 
 /* handle processing TLS v1.3 certificate (11) */
 /* Parse and handle a TLS v1.3 Certificate message.
@@ -7497,7 +7500,8 @@ int wolfSSL_connect_TLSv13(WOLFSSL* ssl)
             FALL_THROUGH;
 
         case FIRST_REPLY_THIRD:
-        #ifndef NO_CERTS
+        #if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
+             defined(HAVE_ED25519) || defined(HAVE_ED448))
             if (!ssl->options.resuming && ssl->options.sendVerify) {
                 ssl->error = SendTls13CertificateVerify(ssl);
                 if (ssl->error != 0) {
@@ -8221,7 +8225,8 @@ int wolfSSL_accept_TLSv13(WOLFSSL* ssl)
             FALL_THROUGH;
 
         case TLS13_CERT_SENT :
-#ifndef NO_CERTS
+#if !defined(NO_CERTS) && (!defined(NO_RSA) || defined(HAVE_ECC) || \
+     defined(HAVE_ED25519) || defined(HAVE_ED448))
             if (!ssl->options.resuming && ssl->options.sendVerify) {
                 if ((ssl->error = SendTls13CertificateVerify(ssl)) != 0) {
                     WOLFSSL_ERROR(ssl->error);
diff --git a/tests/suites.c b/tests/suites.c
index 43a023550..efd21485a 100644
--- a/tests/suites.c
+++ b/tests/suites.c
@@ -467,14 +467,16 @@ static int execute_test_case(int svr_argc, char** svr_argv,
     /* verify results */
     if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) ||
         (cliArgs.return_code == 0 && cliTestShouldFail != 0)) {
-        printf("client_test failed\n");
+        printf("client_test failed %d %s\n", cliArgs.return_code, 
+            cliTestShouldFail ? "(should fail)" : "");
         XEXIT(EXIT_FAILURE);
     }
 
     join_thread(serverThread);
     if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) ||
         (svrArgs.return_code == 0 && svrTestShouldFail != 0)) {
-        printf("server_test failed\n");
+        printf("server_test failed %d %s\n", svrArgs.return_code,
+            svrTestShouldFail ? "(should fail)" : "");
         XEXIT(EXIT_FAILURE);
     }