From d60907b85d469b66d1b3c0fafe9ed92cd1d097b0 Mon Sep 17 00:00:00 2001
From: Andrzej Kurek <andrzej.kurek@arm.com>
Date: Wed, 14 Sep 2022 10:02:30 -0400
Subject: [PATCH] Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is
 available

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
---
 include/mbedtls/config_psa.h  | 7 +++++--
 library/check_crypto_config.h | 5 +++++
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 88052d228..61950cd9c 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -635,8 +635,6 @@ extern "C" {
 #define PSA_WANT_ALG_TLS12_PRF 1
 #define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
 #define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
-#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
 #endif /* MBEDTLS_MD_C */
 
 #if defined(MBEDTLS_MD5_C)
@@ -714,6 +712,11 @@ extern "C" {
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
 #endif
 
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_SHA_256)
+#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS 1
+#define PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS 1
+#endif
+
 #if defined(MBEDTLS_CHACHA20_C)
 #define PSA_WANT_KEY_TYPE_CHACHA20 1
 #define PSA_WANT_ALG_STREAM_CIPHER 1
diff --git a/library/check_crypto_config.h b/library/check_crypto_config.h
index c74437e7d..e60e66616 100644
--- a/library/check_crypto_config.h
+++ b/library/check_crypto_config.h
@@ -93,4 +93,9 @@
 #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
 #endif
 
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS) && \
+    !defined(PSA_WANT_ALG_SHA_256)
+#error "PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS defined, but not all prerequisites"
+#endif
+
 #endif /* MBEDTLS_CHECK_CRYPTO_CONFIG_H */