From f35069a82df6080b02eea3d8b278d85675f2a83a Mon Sep 17 00:00:00 2001
From: John Durkop <john.durkop@fermatsoftware.com>
Date: Mon, 17 Aug 2020 22:05:14 -0700
Subject: [PATCH] Fix undefined ref error when ECDSA not defined

Add guards in pk_wrap.c to ensure if ECDSA is not defined, errors
are returned.
Remove warnings in pk.c for unused variables.
Add new test (test_depends_pkalgs_psa) to all.sh to confirm
when USE_PSA_CRYPTO is defined that features are working properly.

Fix #3294

Signed-off-by: John Durkop <john.durkop@fermatsoftware.com>
---
 library/pk.c         |  3 +++
 library/pk_wrap.c    | 18 +++++++++++++++++-
 tests/scripts/all.sh |  6 ++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/library/pk.c b/library/pk.c
index 631415cca..6706344cc 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -593,6 +593,9 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
                                psa_algorithm_t hash_alg )
 {
 #if !defined(MBEDTLS_ECP_C)
+    ((void) pk);
+    ((void) handle);
+    ((void) hash_alg);
     return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
 #else
     const mbedtls_ecp_keypair *ec;
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 0c6d5a590..fd4a87509 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -34,7 +34,7 @@
 #include "mbedtls/ecp.h"
 #endif
 
-#if defined(MBEDTLS_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "mbedtls/ecdsa.h"
 #endif
 
@@ -912,6 +912,8 @@ static int pk_opaque_can_do( mbedtls_pk_type_t type )
             type == MBEDTLS_PK_ECDSA );
 }
 
+#if defined(MBEDTLS_ECDSA_C)
+
 /*
  * Simultaneously convert and move raw MPI from the beginning of a buffer
  * to an ASN.1 MPI at the end of the buffer.
@@ -994,11 +996,24 @@ static int pk_ecdsa_sig_asn1_from_psa( unsigned char *sig, size_t *sig_len,
     return( 0 );
 }
 
+#endif
+
 static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
                    const unsigned char *hash, size_t hash_len,
                    unsigned char *sig, size_t *sig_len,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
 {
+#if !defined(MBEDTLS_ECDSA_C)
+    ((void) ctx);
+    ((void) md_alg);
+    ((void) hash);
+    ((void) hash_len);
+    ((void) sig);
+    ((void) sig_len);
+    ((void) f_rng);
+    ((void) p_rng);
+    return( PSA_ERROR_NOT_SUPPORTED );
+#else
     const psa_key_handle_t *key = (const psa_key_handle_t *) ctx;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_algorithm_t alg = PSA_ALG_ECDSA( mbedtls_psa_translate_md( md_alg ) );
@@ -1029,6 +1044,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
 
     /* transcode it to ASN.1 sequence */
     return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, buf_len ) );
+#endif
 }
 
 const mbedtls_pk_info_t mbedtls_pk_opaque_info = {
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 558016d04..f95d8cf91 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -1184,6 +1184,12 @@ component_test_depends_hashes () {
     record_status tests/scripts/depends-hashes.pl
 }
 
+component_test_depends_pkalgs_psa () {
+    msg "test/build: depends-pkalgs.pl with MBEDTLS_USE_PSA_CRYPTO defined (gcc)"
+    scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+    record_status tests/scripts/depends-pkalgs.pl
+}
+
 component_test_depends_pkalgs () {
     msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min
     record_status tests/scripts/depends-pkalgs.pl