Minor cleanup to fix errors with some unit tests

With the new feature MBEDTLS_PSA_CRYPTO_CONFIG, needed to
add support that when the feature is disabled, if there
are defines like MBEDTLS_ECDSA_C defined, then the PSA_WANT_
equivalent define is also enabled. This ensures the guards in
the library psa_crypto will work properly.

Also fixed an error return code in the driver wrapper for cipher
encrypt setup so it will properly pass unit tests.

Ensured config.py full works properly with the new
MBEDTLS_PSA_CRYPTO_CONFIG, it should not be set when the full
option is used.

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>

include/mbedtls/config_psa.h

@@ -26,7 +26,9 @@
 #ifndef MBEDTLS_CONFIG_PSA_H
 #define MBEDTLS_CONFIG_PSA_H
 
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 #include "psa/crypto_config.h"
+#endif /* defined(MBEDTLS_PSAY_CRYPTO_CONFIG) */
 
 #ifdef __cplusplus
 extern "C" {
@@ -42,7 +44,7 @@ extern "C" {
 #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */
 #endif /* defined(PSA_WANT_ALG_ECDSA) */
 
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC)
 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
 #else /*  && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */
@@ -50,6 +52,20 @@ extern "C" {
 #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */
 #endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */
 
+#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+/*
+ * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
+ * is not defined
+ */
+#ifdef MBEDTLS_ECDSA_C
+#define PSA_WANT_ALG_ECDSA
+#endif /* MBEDTLS_ECDSA_C */
+
+#ifdef MBEDTLS_ECDSA_DETERMINISTIC
+#define PSA_WANT_ALG_ECDSA_DETERMINISTIC
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
 
 #ifdef __cplusplus

library/psa_crypto_driver_wrappers.c

@@ -583,7 +583,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
 #endif /* PSA_CRYPTO_DRIVER_TEST */
         default:
             /* Key is declared with a lifetime not known to us */
-            return( PSA_ERROR_BAD_STATE );
+            return( PSA_ERROR_NOT_SUPPORTED );
     }
 #else /* PSA_CRYPTO_DRIVER_PRESENT */
     (void)slot;

scripts/config.py

@@ -184,6 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
     'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
     'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
+    'MBEDTLS_PSA_CRYPTO_CONFIG', # used to switch between old/new style config
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
     'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
     'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature