From d1e13a973c41cbe807039c5756822d42a62c7daf Mon Sep 17 00:00:00 2001
From: David Garske <david@wolfssl.com>
Date: Tue, 14 Aug 2018 13:01:04 -0600
Subject: [PATCH] Fix for building `WOLFSSL_CERT_EXT` without
 `WOLFSSL_CERT_GEN` due to missing `CTC_MAX_EKU_OID_SZ`. Change to allow
 --enable-certext without certgen.

---
 configure.ac                   | 4 ----
 tests/api.c                    | 4 ++--
 wolfcrypt/test/test.c          | 2 +-
 wolfssl/wolfcrypt/asn_public.h | 5 +++--
 4 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/configure.ac b/configure.ac
index b3510c4a2..2eb925848 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1207,10 +1207,6 @@ AC_ARG_ENABLE([certext],
 
 if test "$ENABLED_CERTEXT" = "yes"
 then
-    if test "$ENABLED_CERTGEN" = "no"
-    then
-        AC_MSG_ERROR([cannot enable certext without enabling certgen.])
-    fi
     AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_CERT_EXT"
 fi
 
diff --git a/tests/api.c b/tests/api.c
index 70678eb56..02155b482 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -10076,7 +10076,7 @@ static int test_RsaDecryptBoundsCheck(void)
 static int test_wc_SetKeyUsage (void)
 {
     int     ret = 0;
-#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && !defined(HAVE_FIPS)
+#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS)
     Cert    myCert;
 
     ret = wc_InitCert(&myCert);
@@ -18217,7 +18217,7 @@ static void test_wolfSSL_d2i_PrivateKeys_bio(void)
     EVP_PKEY* pkey  = NULL;
     RSA*  rsa  = NULL;
     WOLFSSL_CTX* ctx;
-    
+
 #if defined(WOLFSSL_KEY_GEN)
     unsigned char buffer[4096];
     unsigned char* bufPtr;
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index a42f705c1..9023fb0fd 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -8510,7 +8510,7 @@ byte GetEntropy(ENTROPY_CMD cmd, byte* out)
 #endif /* HAVE_ECC */
 
 #ifndef NO_RSA
-    #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
+    #ifdef WOLFSSL_CERT_GEN
         static const char* otherCertDerFile = CERT_PREFIX "othercert.der";
         static const char* certDerFile = CERT_PREFIX "cert.der";
     #endif
diff --git a/wolfssl/wolfcrypt/asn_public.h b/wolfssl/wolfcrypt/asn_public.h
index 906e8d547..4f1b7e5c2 100644
--- a/wolfssl/wolfcrypt/asn_public.h
+++ b/wolfssl/wolfcrypt/asn_public.h
@@ -158,8 +158,7 @@ typedef struct EncryptedInfo {
 } EncryptedInfo;
 
 
-#ifdef WOLFSSL_CERT_GEN
-
+#if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_CERT_EXT)
 #ifdef WOLFSSL_EKU_OID
     #ifndef CTC_MAX_EKU_NB
         #define CTC_MAX_EKU_NB 1
@@ -171,7 +170,9 @@ typedef struct EncryptedInfo {
     #undef CTC_MAX_EKU_OID_SZ
     #define CTC_MAX_EKU_OID_SZ 0
 #endif
+#endif /* WOLFSSL_CERT_GEN || WOLFSSL_CERT_EXT */
 
+#ifdef WOLFSSL_CERT_GEN
 
 #ifdef WOLFSSL_MULTI_ATTRIB
 #ifndef CTC_MAX_ATTRIB