From 30beca35f1bc67b9f1fb73473f03bf2a4859b97b Mon Sep 17 00:00:00 2001
From: Neil Armstrong <narmstrong@baylibre.com>
Date: Tue, 3 May 2022 15:42:13 +0200
Subject: [PATCH] Guard pk_opaque_rsa_decrypt() with
 PSA_WANT_KEY_TYPE_RSA_KEY_PAIR

Then mbedtls_pk_error_from_psa_rsa() also needs to be guarded with
PSA_WANT_KEY_TYPE_RSA_KEY_PAIR to be used by pk_opaque_rsa_decrypt()

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
---
 library/pk_wrap.c | 11 +++++++++--
 library/pk_wrap.h |  5 +++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 36bb8c9f4..e234a8de3 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -100,7 +100,8 @@ int mbedtls_pk_error_from_psa( psa_status_t status )
     }
 }
 
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
+    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
 int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
 {
     switch( status )
@@ -121,7 +122,7 @@ int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
             return( mbedtls_pk_error_from_psa( status ) );
     }
 }
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
@@ -1602,6 +1603,7 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
     NULL, /* debug - could be done later, or even left NULL */
 };
 
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
 static int pk_opaque_rsa_decrypt( void *ctx,
                     const unsigned char *input, size_t ilen,
                     unsigned char *output, size_t *olen, size_t osize,
@@ -1625,6 +1627,7 @@ static int pk_opaque_rsa_decrypt( void *ctx,
 
     return 0;
 }
+#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
 
 const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
     MBEDTLS_PK_OPAQUE,
@@ -1637,7 +1640,11 @@ const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
     NULL, /* restartable verify - not relevant */
     NULL, /* restartable sign - not relevant */
 #endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
     pk_opaque_rsa_decrypt,
+#else
+    NULL, /* decrypt - not available */
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
     NULL, /* encrypt - will be done later */
     NULL, /* check_pair - could be done later or left NULL */
     pk_opaque_alloc_wrap,
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 5e81a652a..fc756db65 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -148,9 +148,10 @@ int mbedtls_pk_error_from_psa_ecdsa( psa_status_t status );
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 int mbedtls_pk_error_from_psa( psa_status_t status );
 
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY) ||    \
+    defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
 int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
-#endif
+#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY || PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
 
 #if defined(MBEDTLS_RSA_C)
 int  mbedtls_pk_psa_rsa_sign_ext( psa_algorithm_t psa_alg_md,