TLSv1.3 PSK binders: always use id protection

[SparkiDev]

Description

Removed WOLFSSL_PSK_ID_PROTECTION from use as it is now on by default. Always check whether the server has a certificate (not a CA chain). If there is a certificate then continue, otherwise, report a binder error.

Added test to ensure binder error returned and alert sent when no NO_CERT. test_tls13_bad_psk_binder already tested no certificate.

Allowed memio test harness to be built when NO_CERT is defined.

Fixes #10195

Testing

./configure --disable-shared --enable-psk --enable-session-ticket
./configure --disable-shared --disable-rsa --disable-ecc --enable-session-ticket

[SparkiDev]

Jenkins: retest this please

[wolfSSL-Fenrir-bot]

Fenrir Automated Review — PR #10534

Scan targets checked: wolfcrypt-rs-bugs, wolfssl-bugs, wolfssl-src

Findings: 3
3 finding(s) posted as inline comments (see file-level comments below)

This review was generated automatically by Fenrir. Findings are non-blocking.

[SparkiDev]

Jenkins: retest this please

FIPS

[github-actions]

MemBrowse Memory Report

gcc-arm-cortex-m4-openssl-compat

• FLASH: .text +64 B (+0.0%, 764,756 B / 1,048,576 B, total: 73% used)

gcc-arm-cortex-m4-pq

• FLASH: .text +64 B (+0.0%, 276,184 B / 1,048,576 B, total: 26% used)

gcc-arm-cortex-m7-pq

• FLASH: .text +64 B (+0.0%, 276,760 B / 1,048,576 B, total: 26% used)
  No memory changes detected for:
• gcc-arm-cortex-m0plus
• gcc-arm-cortex-m3
• gcc-arm-cortex-m4
• gcc-arm-cortex-m4-baremetal
• gcc-arm-cortex-m4-crypto-only
• gcc-arm-cortex-m4-dtls13
• gcc-arm-cortex-m4-min-ecc
• gcc-arm-cortex-m4-pkcs7
• gcc-arm-cortex-m4-rsa-only
• gcc-arm-cortex-m4-sp-math
• gcc-arm-cortex-m4-tls12
• gcc-arm-cortex-m4-tls13
• gcc-arm-cortex-m7
• gcc-arm-cortex-m7-tls13
• linuxkm-pie
• linuxkm-standard
• stm32-sim-stm32h753