From 0ea39e0ee49267df3f6dfcf412e2a4c97c85e98b Mon Sep 17 00:00:00 2001
From: John Durkop <john.durkop@fermatsoftware.com>
Date: Tue, 13 Oct 2020 19:58:20 -0700
Subject: [PATCH] Correct use of MBEDTLS_PSA_BUILTIN_ALG_xxx in crypto library

The psa crypto library was generically using PSA_WANT_ALG_xxx, but
should have been using the correct MBEDTLS_PSA_BUILTIN_ALG_xxx
definition since that code is the builtin version. There were also
a couple of spots that needed to ensure the code block was enabled
for either ECDSA or DETERMINISTIC_ECDSA, not just one of them.

Fixed all the new ALG_ECDSA_DETERMINISTIC names to be
ALG_DETERMINISTIC_ECDSA instead.

Fixed test to use correct definitions.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
---
 include/mbedtls/config_psa.h | 12 ++++++------
 include/psa/crypto_config.h  |  4 ++--
 library/psa_crypto.c         | 22 +++++++++++-----------
 tests/scripts/all.sh         |  2 +-
 4 files changed, 20 insertions(+), 20 deletions(-)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 87c092a17..9a1a1efba 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -47,11 +47,11 @@ extern "C" {
 #endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
 #endif /* PSA_WANT_ALG_ECDSA */
 
-#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA_DETERMINISTIC     1
+#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA     1
 #define MBEDTLS_ECDSA_DETERMINISTIC
-#endif /* MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC */
+#endif /* MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
 #endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
 
 #else /* MBEDTLS_PSA_CRYPTO_CONFIG */
@@ -61,11 +61,11 @@ extern "C" {
  * is not defined
  */
 #if defined(MBEDTLS_ECDSA_C)
-#define PSA_WANT_ALG_ECDSA
+#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA
 #endif /* MBEDTLS_ECDSA_C */
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define PSA_WANT_ALG_ECDSA_DETERMINISTIC
+#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 28702ebfa..8dbb18d50 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -50,7 +50,7 @@
 #ifndef PSA_CRYPTO_CONFIG_H
 #define PSA_CRYPTO_CONFIG_H
 
-#define PSA_WANT_ALG_ECDSA                  1
-#define PSA_WANT_ALG_ECDSA_DETERMINISTIC    1
+#define PSA_WANT_ALG_ECDSA                      1
+#define PSA_WANT_ALG_DETERMINISTIC_ECDSA        1
 
 #endif /* PSA_CRYPTO_CONFIG_H */
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index fa3cea382..a73c6c7bc 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -2256,7 +2256,7 @@ exit:
 /* Message digests */
 /****************************************************************/
 
-#if defined(MBEDTLS_RSA_C) || defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
+#if defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
 static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
 {
     switch( alg )
@@ -2299,7 +2299,7 @@ static const mbedtls_md_info_t *mbedtls_md_info_from_psa( psa_algorithm_t alg )
             return( NULL );
     }
 }
-#endif
+#endif /* defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
 
 psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
 {
@@ -3530,7 +3530,7 @@ static psa_status_t psa_rsa_verify( mbedtls_rsa_context *rsa,
 }
 #endif /* MBEDTLS_RSA_C */
 
-#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
 /* `ecp` cannot be const because `ecp->grp` needs to be non-const
  * for mbedtls_ecdsa_sign() and mbedtls_ecdsa_sign_det()
  * (even though these functions don't modify it). */
@@ -3554,7 +3554,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
         goto cleanup;
     }
 
-#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
     if( PSA_ALG_DSA_IS_DETERMINISTIC( alg ) )
     {
         psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH( alg );
@@ -3567,7 +3567,7 @@ static psa_status_t psa_ecdsa_sign( mbedtls_ecp_keypair *ecp,
                                                      &global_data.ctr_drbg ) );
     }
     else
-#endif /* PSA_WANT_ALG_ECDSA_DETERMINISTIC */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA) */
     {
         (void) alg;
         MBEDTLS_MPI_CHK( mbedtls_ecdsa_sign( &ecp->grp, &r, &s, &ecp->d,
@@ -3629,7 +3629,7 @@ cleanup:
     mbedtls_mpi_free( &s );
     return( mbedtls_to_psa_error( ret ) );
 }
-#endif /* PSA_WANT_ALG_ECDSA */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
 
 psa_status_t psa_sign_hash( psa_key_handle_t handle,
                             psa_algorithm_t alg,
@@ -3698,9 +3698,9 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
 #if defined(MBEDTLS_ECP_C)
     if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
     {
-#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
         if(
-#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
             PSA_ALG_IS_ECDSA( alg )
 #else
             PSA_ALG_IS_RANDOMIZED_ECDSA( alg )
@@ -3723,7 +3723,7 @@ psa_status_t psa_sign_hash( psa_key_handle_t handle,
             mbedtls_free( ecp );
         }
         else
-#endif /* defined(PSA_WANT_ALG_ECDSA) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
         {
             status = PSA_ERROR_INVALID_ARGUMENT;
         }
@@ -3799,7 +3799,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
 #if defined(MBEDTLS_ECP_C)
     if( PSA_KEY_TYPE_IS_ECC( slot->attr.type ) )
     {
-#if defined(PSA_WANT_ALG_ECDSA)
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA)
         if( PSA_ALG_IS_ECDSA( alg ) )
         {
             mbedtls_ecp_keypair *ecp = NULL;
@@ -3817,7 +3817,7 @@ psa_status_t psa_verify_hash( psa_key_handle_t handle,
             return( status );
         }
         else
-#endif /* defined(PSA_WANT_ALG_ECDSA) */
+#endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) */
         {
             return( PSA_ERROR_INVALID_ARGUMENT );
         }
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index fe50134cc..d42c6816b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1314,7 +1314,7 @@ component_test_psa_want_ecdsa_disabled_software() {
     scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
     scripts/config.py unset MBEDTLS_ECDSA_C
     scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA
-    scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_ECDSA_DETERMINISTIC
+    scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_DETERMINISTIC_ECDSA
     # Need to define the correct symbol and include the test driver header path in order to build with the test driver
     make CC=gcc CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -I../tests/include -O2" LDFLAGS="$ASAN_CFLAGS"