diff --git a/ChangeLog.d/timing.txt b/ChangeLog.d/timing.txt
index f7d9f1a42b..96f4feb0e4 100644
--- a/ChangeLog.d/timing.txt
+++ b/ChangeLog.d/timing.txt
@@ -3,3 +3,11 @@ API changes
      TF-PSA-Crypto configuration, unless MBEDTLS_TIMING_ALT is enabled.
      As a benefit, platforms where the default implementation is not
      supported now only need to implement MBEDTLS_PLATFORM_MS_TIME_ALT.
+   * When MBEDTLS_TIMING_ALT is enabled, the function
+     mbedtls_timing_get_timer() now returns unsigned long long instead
+     of unsigned long.
+
+Bugfix
+   * mbedtls_timing_get_delay() now correctly treats a timer as expired
+     after more than 2^32 ms (about 49 days) on platforms where long is
+     a 32-bit type.
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 01364dd0ba..7a2eb938de 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -53,7 +53,7 @@ typedef struct mbedtls_timing_delay_context {
 #endif /* MBEDTLS_TIMING_ALT */
 
 /* Internal use */
-unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset);
+unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset);
 
 /**
  * \brief          Set a pair of delays to watch
diff --git a/library/timing.c b/library/timing.c
index 45a3ae1575..6273f44c00 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -13,7 +13,7 @@
 
 #if !defined(MBEDTLS_TIMING_ALT)
 
-unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
+unsigned long long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
 {
     if (reset) {
         val->ms = mbedtls_ms_time();
@@ -45,7 +45,7 @@ void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms)
 int mbedtls_timing_get_delay(void *data)
 {
     mbedtls_timing_delay_context *ctx = (mbedtls_timing_delay_context *) data;
-    unsigned long elapsed_ms;
+    unsigned long long elapsed_ms;
 
     if (ctx->fin_ms == 0) {
         return -1;
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 81de042a50..eab15feb38 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -360,7 +360,9 @@ static unsigned elapsed_time(void)
         return 0;
     }
 
-    return mbedtls_timing_get_timer(&hires, 0);
+    /* Wraps after ~49.7 days (assuming 32-bit int).
+     * Don't run udp_proxy that long! */
+    return (unsigned) mbedtls_timing_get_timer(&hires, 0);
 }
 
 typedef struct {
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 0222d0f795..8fdccdd6ab 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -82,7 +82,7 @@ int main(int argc, char *argv[])
     int exit_code = MBEDTLS_EXIT_FAILURE;
     unsigned i, j;
     struct mbedtls_timing_hr_time timer;
-    unsigned long ms;
+    unsigned long long ms;
 
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
@@ -151,7 +151,7 @@ int main(int argc, char *argv[])
         mbedtls_printf(".");
     }
     ms = mbedtls_timing_get_timer(&timer, 0);
-    mbedtls_printf("\n%u iterations -> %lu ms\n", opt.iterations, ms);
+    mbedtls_printf("\n%u iterations -> %llu ms\n", opt.iterations, ms);
     exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit: