From e3a4f468c14e2c4fe8bf1fed1774ecc8db02616f Mon Sep 17 00:00:00 2001
From: Chris Conlon <chris@wolfssl.com>
Date: Mon, 20 Nov 2017 13:16:44 -0700
Subject: [PATCH] PKCS7 and SCEP need either AES or 3DES enabled, error out if
 not

---
 configure.ac                 | 10 ++++++++++
 wolfssl/wolfcrypt/settings.h |  3 +++
 2 files changed, 13 insertions(+)

diff --git a/configure.ac b/configure.ac
index 71a55b74a..6a6edefe4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -3721,6 +3721,16 @@ AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
        test "x$ENABLED_SHA" = "xno"],
       [AC_MSG_ERROR([please enable sha if enabling pkcs7.])])
 
+AS_IF([test "x$ENABLED_PKCS7" = "xyes" && \
+       test "x$ENABLED_AES" = "xno" && \
+       test "x$ENABLED_DES3" = "xno"],
+      [AC_MSG_ERROR([please enable either AES or 3DES if enabling pkcs7.])])
+
+AS_IF([test "x$ENABLED_WOLFSCEP" = "xyes" && \
+       test "x$ENABLED_AES" = "xno" && \
+       test "x$ENABLED_DES3" = "xno"],
+      [AC_MSG_ERROR([please enable either AES or 3DES if enabling scep.])])
+
 AS_IF([test "x$ENABLED_LEANTLS" = "xyes" && \
        test "x$ENABLED_ECC" = "xno"],
       [AC_MSG_ERROR([please enable ecc if enabling leantls.])])
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index a27959a7f..6254b727d 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1493,6 +1493,9 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 #ifdef HAVE_PKCS7
+    #if defined(NO_AES) && defined(NO_DES3)
+        #error PKCS7 needs either AES or 3DES enabled, please enable one
+    #endif
     #ifndef HAVE_AES_KEYWRAP
         #error PKCS7 requires AES key wrap please define HAVE_AES_KEYWRAP
     #endif