From a6033ac431503d7de23c4dfb497051715bcba1fe Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Tue, 30 May 2023 15:16:34 -0400
Subject: [PATCH] Add missing guards in tls 1.3

Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 library/ssl_tls13_client.c  | 3 +++
 library/ssl_tls13_generic.c | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index eb733b3a98..6ec3170076 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -35,6 +35,7 @@
 #include "ssl_debug_helpers.h"
 #include "md_psa.h"
 
+#if defined(PSA_WANT_ALG_ECDH)
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
 static int local_err_translation(psa_status_t status)
@@ -44,6 +45,8 @@ static int local_err_translation(psa_status_t status)
                                  psa_generic_status_to_mbedtls);
 }
 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
+#endif
+
 /* Write extensions */
 
 /*
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index e58c3e5b87..fa193ffb63 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -39,6 +39,8 @@
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
 
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) || \
+    defined(PSA_WANT_ALG_ECDH)
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
 static int local_err_translation(psa_status_t status)
@@ -48,6 +50,7 @@ static int local_err_translation(psa_status_t status)
                                  psa_generic_status_to_mbedtls);
 }
 #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status)
+#endif
 
 const uint8_t mbedtls_ssl_tls13_hello_retry_request_magic[
     MBEDTLS_SERVER_HELLO_RANDOM_LEN] =