From 389f56b5c7da08f106017da2ed6d9ac53fea7171 Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Mon, 20 Aug 2018 16:29:48 -0700
Subject: [PATCH] Fix for building with TLS 1.3 only when AES CBC is enabled.
 Algorithm is allowed to be enabled, but the AES CBC cipher suites should not
 be. Fixed AEAD enable to check AES CBC based on `HAVE_AES_CBC` define.

---
 wolfssl/internal.h           | 7 ++++++-
 wolfssl/wolfcrypt/settings.h | 2 +-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/wolfssl/internal.h b/wolfssl/internal.h
index 63998c68d..ae6f1084b 100644
--- a/wolfssl/internal.h
+++ b/wolfssl/internal.h
@@ -249,6 +249,11 @@
 
 #ifndef WOLFSSL_MAX_STRENGTH
 
+#ifdef WOLFSSL_AEAD_ONLY
+    /* AES CBC ciphers are not allowed in AEAD only mode */
+    #undef HAVE_AES_CBC
+#endif
+
 #ifndef WOLFSSL_AEAD_ONLY
     #if !defined(NO_RSA) && !defined(NO_RC4)
         #if defined(WOLFSSL_STATIC_RSA)
@@ -282,7 +287,7 @@
             #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
         #endif
     #endif
-#endif
+#endif /* !WOLFSSL_AEAD_ONLY */
 
     #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
         #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
diff --git a/wolfssl/wolfcrypt/settings.h b/wolfssl/wolfcrypt/settings.h
index 1f372a5be..1b7b5eae2 100644
--- a/wolfssl/wolfcrypt/settings.h
+++ b/wolfssl/wolfcrypt/settings.h
@@ -1548,7 +1548,7 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 #if (defined(WOLFSSL_TLS13) && defined(WOLFSSL_NO_TLS12)) || \
-    (defined(NO_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
+    (!defined(HAVE_AES_CBC) && defined(NO_DES3) && defined(NO_RC4) && \
      !defined(HAVE_IDEA) && !defined(HAVE_NULL_CIPHER) && !defined(HAVE_HC128))
     #define WOLFSSL_AEAD_ONLY
 #endif