From 52379636c5ed5e0680c72d5b05abf84e030ff5e4 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Fri, 13 Mar 2026 14:06:17 +0100
Subject: [PATCH 1/3] library: check_config: remove RSA encryption requirement
 from ECDHE-RSA

ECDHE-RSA only requires RSA signature, not encryption. This commits fixes
guards in "mbedtls_check_config.h".

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/mbedtls_check_config.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h
index f6ca813a37..e0023b6284 100644
--- a/library/mbedtls_check_config.h
+++ b/library/mbedtls_check_config.h
@@ -60,7 +60,7 @@
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
     ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) )
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN) )
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 

From 63df2f79a418c8c6dd782dade943a406f39d7e2c Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 16 Mar 2026 23:12:51 +0100
Subject: [PATCH 2/3] tests: depends.py: fix reverse dependency for RSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/depends.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index a9d1d09507..f83e117e1f 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -274,9 +274,9 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ALG_JPAKE': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED'],
     'PSA_WANT_ALG_RSA_OAEP': ['PSA_WANT_ALG_RSA_PSS',
                               'MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
-    'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT': ['PSA_WANT_ALG_RSA_PKCS1V15_SIGN',
-                                        'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED'],
+    'PSA_WANT_ALG_RSA_PKCS1V15_SIGN': ['MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED'],
     'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC': [
+        'PSA_WANT_ALG_RSA_PKCS1V15_SIGN',
         'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
         'PSA_WANT_ALG_RSA_OAEP',
         'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY',

From a201a74b7d2d255474d8b01d5156762c80ba9c07 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 18 Mar 2026 17:40:28 +0100
Subject: [PATCH 3/3] tests: depends.py: extend pkalgs including
 PSA_WANT_ALG_RSA_PKCS1V15_SIGN

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/depends.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index f83e117e1f..24f120b05e 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -495,6 +495,7 @@ class DomainData:
                                            'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC',
                                            'PSA_WANT_ALG_RSA_OAEP',
                                            'PSA_WANT_ALG_RSA_PKCS1V15_CRYPT',
+                                           'PSA_WANT_ALG_RSA_PKCS1V15_SIGN',
                                            'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC',
                                            'MBEDTLS_X509_RSASSA_PSS_SUPPORT'],
                                           build_and_test),