Fix build flags for opaque/raw psk checks

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

library/ssl_tls.c

@@ -5001,8 +5001,13 @@ static int ssl_set_handshake_prfs( mbedtls_ssl_handshake_params *handshake,
     return( 0 );
 }
 
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                   \
+    ( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||       \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||   \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) )
 static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
 {
     if( ssl->conf->f_psk != NULL )
@@ -5021,7 +5026,10 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
     return( 0 );
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO &&
-          MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
+          ( MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ) */
 
 /*
  * Compute master secret if needed
@@ -5093,10 +5101,11 @@ static int ssl_compute_master( mbedtls_ssl_handshake_params *handshake,
     }
 #endif /* MBEDTLS_SSL_EXTENDED_MS_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                 \
-    ( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||     \
-      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) )
+#if defined(MBEDTLS_USE_PSA_CRYPTO) &&                   \
+    ( defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||       \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||   \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) )
     if( ( handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
           handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
           handshake->ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||

library/ssl_tls12_client.c

@@ -73,7 +73,9 @@ int mbedtls_ssl_conf_has_static_psk( mbedtls_ssl_config const *conf )
     return( 0 );
 }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \
+      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) )
 static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
 {
     if( conf->psk_identity     == NULL ||
@@ -87,7 +89,9 @@ static int ssl_conf_has_static_raw_psk( mbedtls_ssl_config const *conf )
 
     return( 0 );
 }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+          ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ) */
 
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 

library/ssl_tls12_server.c

@@ -171,7 +171,10 @@ static int ssl_conf_has_psk_or_cb( mbedtls_ssl_config const *conf )
     return( 0 );
 }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
+    ( defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ) || \
+      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||        \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) )
 static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
 {
     if( ssl->conf->f_psk != NULL )
@@ -190,7 +193,10 @@ static int ssl_use_opaque_psk( mbedtls_ssl_context const *ssl )
 
     return( 0 );
 }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_USE_PSA_CRYPTO &&
+          ( MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_PSK_ENABLED ||
+            MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 static int ssl_parse_renegotiation_info( mbedtls_ssl_context *ssl,