From d0f6b5476d3f01b0a2947be99a7e1742c6078b2d Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 6 Jan 2026 17:04:52 +0100
Subject: [PATCH 1/2] Don't call SHA3 selftest when SHA3 is accelerated

`mbedtls_sha3_self_test` only exists in the built-in implementation.

The SHA3 self-test won't run until the tf-psa-crypto submodule moves past
https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/618

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/test/selftest.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 0e906ab4a3..04d35cd8ed 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -289,10 +289,7 @@ const selftest_t selftests[] =
 #if defined(MBEDTLS_SHA512_C)
     { "sha512", mbedtls_sha512_self_test },
 #endif
-#if defined(PSA_WANT_ALG_SHA3_224) || \
-    defined(PSA_WANT_ALG_SHA3_256) || \
-    defined(PSA_WANT_ALG_SHA3_384) || \
-    defined(PSA_WANT_ALG_SHA3_512)
+#if defined(MBEDTLS_SHA3_C)
     { "sha3", mbedtls_sha3_self_test },
 #endif
 #if defined(MBEDTLS_AES_C)

From 40b11f59df91ba23b7916d1c56dd4d63cbe6ed77 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 6 Jan 2026 17:07:17 +0100
Subject: [PATCH 2/2] Remove component_test_sha3_variations

TF-PSA-Crypto is getting a component with similar coverage in
https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/618

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../components-configuration-crypto.sh        | 31 -------------------
 1 file changed, 31 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index a03dce152c..d1ce15e40a 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2007,37 +2007,6 @@ component_build_aes_variations () {
         "MBEDTLS_AESNI_C" "MBEDTLS_AESCE_C" "MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH"
 }
 
-component_test_sha3_variations () {
-    msg "sha3 loop unroll variations"
-
-    # define minimal config sufficient to test SHA3
-     cat > include/mbedtls/mbedtls_config.h << END
-END
-
-    cat > tf-psa-crypto/include/psa/crypto_config.h << END
-        #define PSA_WANT_ALG_SHA_256   1
-        #define PSA_WANT_ALG_SHA3_224  1
-        #define PSA_WANT_ALG_SHA3_256  1
-        #define PSA_WANT_ALG_SHA3_384  1
-        #define PSA_WANT_ALG_SHA3_512  1
-        #define PSA_WANT_KEY_TYPE_AES  1
-        #define MBEDTLS_PSA_CRYPTO_C
-        #define MBEDTLS_CTR_DRBG_C
-        #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
-        #define MBEDTLS_SELF_TEST
-END
-
-    msg "all loops unrolled"
-    $MAKE_COMMAND clean
-    make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=1 -DMBEDTLS_SHA3_PI_UNROLL=1 -DMBEDTLS_SHA3_CHI_UNROLL=1 -DMBEDTLS_SHA3_RHO_UNROLL=1"
-    ./tf-psa-crypto/tests/test_suite_shax
-
-    msg "all loops rolled up"
-    $MAKE_COMMAND clean
-    make -C tests ../tf-psa-crypto/tests/test_suite_shax CFLAGS="-DMBEDTLS_SHA3_THETA_UNROLL=0 -DMBEDTLS_SHA3_PI_UNROLL=0 -DMBEDTLS_SHA3_CHI_UNROLL=0 -DMBEDTLS_SHA3_RHO_UNROLL=0"
-    ./tf-psa-crypto/tests/test_suite_shax
-}
-
 support_build_aes_aesce_armcc () {
     support_build_armcc
 }