From ed4a10661c6eff4acfa66419e26abb2c86dada8b Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 14 May 2025 10:22:31 +0200
Subject: [PATCH 001/216] cmake: library: Remove unnecessary link_to_source

If we do not generate error.c, version_features.c, ...
then they are supposed to be in the source tree.
The CMake build get them from here and there is no
need for a symbolic link or a copy in the build tree.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/CMakeLists.txt | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 451dbfdb7c..b6693d1a19 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -84,10 +84,6 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
             ${tls_error_headers}
     )
-else()
-    link_to_source(error.c)
-    link_to_source(version_features.c)
-    link_to_source(ssl_debug_helpers_generated.c)
 endif()
 
 if(CMAKE_COMPILER_IS_GNUCC)

From a2c37b3b2d7c2c9a255637c7f5b6c03830f11c52 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 14 May 2025 09:41:04 +0200
Subject: [PATCH 002/216] cmake: library: Add custom targets for generated
 files

Add a custom target that depends on TLS
generated files, and make both the static and
shared crypto libraries depend on it.

This ensures that when both libraries are built,
the files are not generated concurrently
by the static and shared library targets.

Do the same for the x509 libraries.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 library/CMakeLists.txt | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index b6693d1a19..ee0381c036 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -84,6 +84,17 @@ if(GEN_FILES)
             ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
             ${tls_error_headers}
     )
+
+    add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target
+        DEPENDS
+            ${CMAKE_CURRENT_BINARY_DIR}/error.c
+    )
+
+    add_custom_target(${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target
+        DEPENDS
+            ${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
+            ${CMAKE_CURRENT_BINARY_DIR}/version_features.c
+    )
 endif()
 
 if(CMAKE_COMPILER_IS_GNUCC)
@@ -161,6 +172,13 @@ if(USE_STATIC_MBEDTLS_LIBRARY)
     target_compile_options(${mbedtls_static_target} PRIVATE ${LIBS_C_FLAGS})
     set_target_properties(${mbedtls_static_target} PROPERTIES OUTPUT_NAME mbedtls)
     target_link_libraries(${mbedtls_static_target} PUBLIC ${libs} ${mbedx509_static_target})
+
+    if(GEN_FILES)
+        add_dependencies(${mbedx509_static_target}
+            ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target)
+        add_dependencies(${mbedtls_static_target}
+            ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target)
+    endif()
 endif(USE_STATIC_MBEDTLS_LIBRARY)
 
 if(USE_SHARED_MBEDTLS_LIBRARY)
@@ -175,6 +193,13 @@ if(USE_SHARED_MBEDTLS_LIBRARY)
     target_compile_options(${mbedtls_target} PRIVATE ${LIBS_C_FLAGS})
     set_target_properties(${mbedtls_target} PROPERTIES VERSION 4.0.0 SOVERSION 21)
     target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
+
+    if(GEN_FILES)
+        add_dependencies(${mbedx509_target}
+            ${MBEDTLS_TARGET_PREFIX}mbedx509_generated_files_target)
+        add_dependencies(${mbedtls_target}
+            ${MBEDTLS_TARGET_PREFIX}mbedtls_generated_files_target)
+    endif()
 endif(USE_SHARED_MBEDTLS_LIBRARY)
 
 foreach(target IN LISTS target_libraries)

From 37ddcf0ab4d8683eb50fa7f55691068c352bc704 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 14 May 2025 13:15:36 +0200
Subject: [PATCH 003/216] Add change log

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 ChangeLog.d/fix-dependency-on-generated-files.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/fix-dependency-on-generated-files.txt

diff --git a/ChangeLog.d/fix-dependency-on-generated-files.txt b/ChangeLog.d/fix-dependency-on-generated-files.txt
new file mode 100644
index 0000000000..b3e7e4e16b
--- /dev/null
+++ b/ChangeLog.d/fix-dependency-on-generated-files.txt
@@ -0,0 +1,3 @@
+Bugfix
+    * Fix potential CMake parallel build failure when building both the static
+      and shared libraries.

From 2fc0475dc9951892a78285bf562f9508b366f741 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Fri, 20 Jun 2025 09:19:20 +0200
Subject: [PATCH 004/216] cmake_package_install: Fail in case of warnings with
 GNU GCC

Fail the cmake package install demonstration in
case of warnings when building the
cmake_package_install executable.

This would have caught the library installation
issue reported in #10022.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 programs/test/cmake_package_install/CMakeLists.txt | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index 0d7dbe4dad..60a4481e48 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -37,5 +37,11 @@ find_package(MbedTLS REQUIRED)
 #
 
 add_executable(cmake_package_install cmake_package_install.c)
+
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${CMAKE_C_COMPILER_ID}")
+if(CMAKE_COMPILER_IS_GNU)
+    target_compile_options(cmake_package_install PRIVATE -Wall -Werror)
+endif()
+
 target_link_libraries(cmake_package_install
     MbedTLS::mbedtls MbedTLS::mbedx509 MbedTLS::tfpsacrypto)

From c0a562c8959564e4c34f748b4eea28e2cb77bd07 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Jul 2025 17:07:13 +0200
Subject: [PATCH 005/216] query_config.fmt: glob headers instead of listing
 them explicitly

This lets us remove or rename crypto headers without hassle, and means we
don't risk forgetting to add a new header.

Fix #10323

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/data_files/query_config.fmt | 69 ++---------------------------
 scripts/generate_query_config.pl    | 24 ++++++++++
 2 files changed, 27 insertions(+), 66 deletions(-)

diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 12517596d6..559734a6af 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -1,4 +1,4 @@
-/*
+/* -*-c-*-
  *  Query Mbed TLS compile time configurations from mbedtls_config.h
  *
  *  Copyright The Mbed TLS Contributors
@@ -10,73 +10,10 @@
 #include "query_config.h"
 
 #include "mbedtls/platform.h"
-
-/*
- * Include all the headers with public APIs in case they define a macro to its
- * default value when that configuration is not set in mbedtls_config.h, or
- * for PSA_WANT macros, in case they're auto-defined based on mbedtls_config.h
- * rather than defined directly in crypto_config.h.
- */
-#include "psa/crypto.h"
-
-#include "mbedtls/aes.h"
-#include "mbedtls/aria.h"
-#include "mbedtls/asn1.h"
-#include "mbedtls/asn1write.h"
-#include "mbedtls/base64.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/chachapoly.h"
-#include "mbedtls/cipher.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/debug.h"
-#include "mbedtls/des.h"
-#include "mbedtls/ecdh.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/ecjpake.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/error.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/md.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/memory_buffer_alloc.h"
-#include "mbedtls/net_sockets.h"
-#include "mbedtls/nist_kw.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/pkcs12.h"
-#include "mbedtls/pkcs5.h"
-#if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
-#endif
-#include "mbedtls/platform_util.h"
-#include "mbedtls/poly1305.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/ssl.h"
-#include "mbedtls/ssl_cache.h"
-#include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_ticket.h"
-#include "mbedtls/threading.h"
-#include "mbedtls/timing.h"
-#include "mbedtls/version.h"
-#include "mbedtls/x509.h"
-#include "mbedtls/x509_crl.h"
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_csr.h"
-
 #include <string.h>
 
+INCLUDE_HEADERS
+
 /*
  * Helper macros to convert a macro or its expansion into a string
  * WARNING: This does not work for expanding function-like macros. However,
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 6a2f9cbdfa..61ea9028a4 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -100,6 +100,29 @@ EOT
     close(CONFIG_FILE);
 }
 
+# We need to include all the headers with public APIs in case they
+# define a macro to its default value when that configuration is not
+# set in a header included by build_info.h (crypto_config.h,
+# mbedtls_config.h, *adjust*.h). Some module-specific macros are set
+# in that module's header. For simplicity, include all headers, with
+# some ad hoc knowledge of headers that are included by other headers
+# and should not be included directly. We don't include internal headers
+# because those should not define configurable macros.
+my @header_files = ();
+my @header_roots = qw(
+                         include
+                         tf-psa-crypto/include
+                         tf-psa-crypto/drivers/builtin/include
+                    );
+for my $root (@header_roots) {
+    my @paths = glob "$root/*/*.h $root/*/*/*.h";
+    map {s!^\Q$root/!!} @paths;
+    # Exclude some headers that are included by build_info.h and cannot
+    # be included directly.
+    push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths;
+}
+my $include_headers = join('', map {"#include <$_>\n"} @header_files);
+
 # Read the full format file into a string
 local $/;
 open(FORMAT_FILE, "<", $query_config_format_file) or die "Opening query config format file '$query_config_format_file': $!";
@@ -107,6 +130,7 @@ my $query_config_format = <FORMAT_FILE>;
 close(FORMAT_FILE);
 
 # Replace the body of the query_config() function with the code we just wrote
+$query_config_format =~ s/INCLUDE_HEADERS/$include_headers/g;
 $query_config_format =~ s/CHECK_CONFIG/$config_check/g;
 $query_config_format =~ s/LIST_CONFIG/$list_config/g;
 

From 8b006ce95f627be702df7a1c583903847e137a12 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Jul 2025 19:51:17 +0200
Subject: [PATCH 006/216] Invoke generate_query_config.pl from the root

Otherwise it can't find headers to include.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/test/CMakeLists.txt     | 1 +
 scripts/generate_query_config.pl | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 949708420c..ca6e8b2070 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -56,6 +56,7 @@ if(GEN_FILES)
                 ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include/psa/crypto_config.h
                 ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/data_files/query_config.fmt
                 ${CMAKE_CURRENT_BINARY_DIR}/query_config.c
+        WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/../..
         DEPENDS
             ${CMAKE_CURRENT_SOURCE_DIR}/../../scripts/generate_query_config.pl
             ${CMAKE_CURRENT_SOURCE_DIR}/../../include/mbedtls/mbedtls_config.h
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 61ea9028a4..e99d633de6 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -49,6 +49,8 @@ if( @ARGV ) {
           or die "No arguments supplied, must be run from project root or a first-level subdirectory\n";
     }
 }
+-f 'include/mbedtls/build_info.h'
+  or die "$0: must be run from project root, or from a first-level subdirectory with no arguments\n";
 
 # Excluded macros from the generated query_config.c. For example, macros that
 # have commas or function-like macros cannot be transformed into strings easily

From 1b4bfdf554e3badaf65c34a20becd00694d8b8cf Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 26 Jul 2025 00:00:49 +0200
Subject: [PATCH 007/216] Add missing include

Fix compilation error when `mbedtls/oid.h` is included without having first
included `mbedtls/asn1.h`. Fix #10326

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/oid.h | 1 +
 1 file changed, 1 insertion(+)

diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 375ea60cb6..d769ff2180 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -11,6 +11,7 @@
 #define MBEDTLS_OID_H
 
 #include "mbedtls/build_info.h"
+#include "mbedtls/asn1.h"
 
 /*
  * Top level OID tuples

From 409c688c4b595db2e178e805260fbfbbb9de5fd7 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 26 Jul 2025 00:15:21 +0200
Subject: [PATCH 008/216] Include mbedtls/platform_time.h conditionally on
 MBEDTLS_HAVE_TIME

Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/data_files/query_config.fmt | 5 +++++
 scripts/generate_query_config.pl    | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index 559734a6af..c60458b61b 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -12,6 +12,11 @@
 #include "mbedtls/platform.h"
 #include <string.h>
 
+/* Work around https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/393 */
+#if defined(MBEDTLS_HAVE_TIME)
+#include <mbedtls/platform_time.h>
+#endif
+
 INCLUDE_HEADERS
 
 /*
diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index e99d633de6..49e363de54 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -121,7 +121,11 @@ for my $root (@header_roots) {
     map {s!^\Q$root/!!} @paths;
     # Exclude some headers that are included by build_info.h and cannot
     # be included directly.
-    push @header_files, grep {!m!_config\.h|[/_]adjust[/_]!} @paths;
+    push @header_files, grep {!m[
+            ^mbedtls/platform_time\.h$ | # errors without time.h
+            _config\.h |
+            [/_]adjust[/_]
+        ]x} @paths;
 }
 my $include_headers = join('', map {"#include <$_>\n"} @header_files);
 

From 4995d4435c26fe8bcaa11a7db73669ac153d41a2 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 26 Jul 2025 00:19:32 +0200
Subject: [PATCH 009/216] Don't incude auxiliary headers that have alternative
 versions

When compiling with `MBEDTLS_PSA_CRYPTO_PLATFORM_FILE`, we must not include
`<psa/crypto_platform.h`. Same with `MBEDTLS_PSA_CRYPTO_STRUCT_FILE` and
`<psa/crypto_struct.h>`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/generate_query_config.pl | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/generate_query_config.pl b/scripts/generate_query_config.pl
index 49e363de54..99128ca7ac 100755
--- a/scripts/generate_query_config.pl
+++ b/scripts/generate_query_config.pl
@@ -122,6 +122,7 @@ for my $root (@header_roots) {
     # Exclude some headers that are included by build_info.h and cannot
     # be included directly.
     push @header_files, grep {!m[
+            ^psa/crypto_(platform|struct)\.h$ | # have alt versions, included by psa/crypto.h anyway
             ^mbedtls/platform_time\.h$ | # errors without time.h
             _config\.h |
             [/_]adjust[/_]

From bb8bafa5e55952e4eaa2ae61d69aac5c59db872a Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 26 Jul 2025 00:23:05 +0200
Subject: [PATCH 010/216] Pacify uncrustify

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 scripts/data_files/query_config.fmt | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/data_files/query_config.fmt b/scripts/data_files/query_config.fmt
index c60458b61b..603c7dd200 100644
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@@ -17,7 +17,9 @@
 #include <mbedtls/platform_time.h>
 #endif
 
+/* *INDENT-OFF* */
 INCLUDE_HEADERS
+/* *INDENT-ON* */
 
 /*
  * Helper macros to convert a macro or its expansion into a string

From 018e09872d728f291e32f03dd5fbe0a36ae25269 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Wed, 9 Jul 2025 16:16:45 +0200
Subject: [PATCH 011/216] New source file for configuration checks

This will be populated in subsequent commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/CMakeLists.txt   | 1 +
 library/Makefile         | 1 +
 library/mbedtls_config.c | 9 +++++++++
 3 files changed, 11 insertions(+)
 create mode 100644 library/mbedtls_config.c

diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 451dbfdb7c..0875bb92d9 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,5 +1,6 @@
 set(src_x509
     error.c
+    mbedtls_config.c
     pkcs7.c
     x509.c
     x509_create.c
diff --git a/library/Makefile b/library/Makefile
index a880f26171..f8729344b4 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -121,6 +121,7 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
 OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
 
 OBJS_X509= \
+	   mbedtls_config.o \
 	   x509.o \
 	   x509_create.o \
 	   x509_crl.o \
diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c
new file mode 100644
index 0000000000..692dce705f
--- /dev/null
+++ b/library/mbedtls_config.c
@@ -0,0 +1,9 @@
+/*
+ *  Mbed TLS configuration checks
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <mbedtls/build_info.h>

From ac637ac9f81c4218b8c2dfffec244e85915f9338 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 22 Jul 2025 21:54:31 +0200
Subject: [PATCH 012/216] Make check_config.h private

`check_config.h` only needs to run once on the configuration. It doesn't
need to run every time an application is built. It used to be public up to
Mbed TLS 2.x because it was included from `config.h`, and users could
substitute that file completely and should still include `check_config.h`
from their file. But since Mbed TLS 3.x, including `check_config.h` is a
purely internal thing (done in `build_info.h`). So make the file itself
purely internal.

We don't need to include `check_config.h` when building every library file,
just one: `mbedtls_config.c`, that's its job.

Give the file a unique name, to avoid any clashes with TF-PSA-Crypto's
`check_config.h`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 include/mbedtls/build_info.h                                  | 2 --
 .../mbedtls/check_config.h => library/mbedtls_check_config.h  | 0
 library/mbedtls_config.c                                      | 4 ++++
 3 files changed, 4 insertions(+), 2 deletions(-)
 rename include/mbedtls/check_config.h => library/mbedtls_check_config.h (100%)

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 534f01658c..c6e89db677 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -85,6 +85,4 @@
  */
 #define MBEDTLS_CONFIG_IS_FINALIZED
 
-#include "mbedtls/check_config.h"
-
 #endif /* MBEDTLS_BUILD_INFO_H */
diff --git a/include/mbedtls/check_config.h b/library/mbedtls_check_config.h
similarity index 100%
rename from include/mbedtls/check_config.h
rename to library/mbedtls_check_config.h
diff --git a/library/mbedtls_config.c b/library/mbedtls_config.c
index 692dce705f..679f8e36f9 100644
--- a/library/mbedtls_config.c
+++ b/library/mbedtls_config.c
@@ -7,3 +7,7 @@
  */
 
 #include <mbedtls/build_info.h>
+
+/* Consistency checks in the configuration: check for incompatible options,
+ * missing options when at least one of a set needs to be enabled, etc. */
+#include "mbedtls_check_config.h"

From 1819a915bccedd06783b333311a3fd43c5572b81 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 22 Jul 2025 21:54:50 +0200
Subject: [PATCH 013/216] Include limits.h where needed

This will be needed when TF-PSA-Crypto's `build_info.h` stops including
`limits.h`, which it currently does by accident because it includes
`check_config.h` which wants `limits.h` to check `CHAR_BIT`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 library/x509.c                       | 1 +
 library/x509_create.c                | 1 +
 library/x509_crt.c                   | 1 +
 programs/test/udp_proxy.c            | 1 +
 tests/src/test_helpers/ssl_helpers.c | 2 ++
 5 files changed, 6 insertions(+)

diff --git a/library/x509.c b/library/x509.c
index f315821fdf..03ca1b72e6 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -24,6 +24,7 @@
 #include "mbedtls/oid.h"
 #include "x509_oid.h"
 
+#include <limits.h>
 #include <stdio.h>
 #include <string.h>
 
diff --git a/library/x509_create.c b/library/x509_create.c
index 17fc8fbeb5..09ac69d00b 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -14,6 +14,7 @@
 #include "mbedtls/oid.h"
 #include "x509_oid.h"
 
+#include <limits.h>
 #include <string.h>
 
 #include "mbedtls/platform.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3947eb09aa..7b65b698a3 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -27,6 +27,7 @@
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
+#include <limits.h>
 #include <string.h>
 
 #if defined(MBEDTLS_PEM_PARSE_C)
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 6e9ebf9a28..c80a3f59fc 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -16,6 +16,7 @@
 
 #include "mbedtls/build_info.h"
 
+#include <limits.h>
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index faa79ffd92..1eca6e496d 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -11,6 +11,8 @@
 #include <test/ssl_helpers.h>
 #include "mbedtls/psa_util.h"
 
+#include <limits.h>
+
 #if defined(MBEDTLS_SSL_TLS_C)
 int mbedtls_test_random(void *p_rng, unsigned char *output, size_t output_len)
 {

From aca3b5ec79d2cea605de2d8c28d0725e6acec6af Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 22 Jul 2025 23:40:36 +0200
Subject: [PATCH 014/216] Update framework with unittest_config_checks.py

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index df3307f2b4..87dbfb290f 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit df3307f2b4fe512def60886024f7be8fd1523ccd
+Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd

From 01def64425c4a1477a2dcf08c473ca18abb293ce Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 25 Apr 2025 18:30:47 +0200
Subject: [PATCH 015/216] Unit tests for check_config.h

Ensure that `mbedtls_check_config.h` is taken into account.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/scripts/components-basic-checks.sh |  3 ++
 tests/scripts/test_config_checks.py      | 63 ++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100755 tests/scripts/test_config_checks.py

diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 85731a1710..c7d8161893 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -123,4 +123,7 @@ component_check_test_helpers () {
 
     msg "unit test: translate_ciphers.py"
     python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
+
+    msg "unit test: generate_config_checks.py"
+    tests/scripts/test_config_checks.py 2>&1
 }
diff --git a/tests/scripts/test_config_checks.py b/tests/scripts/test_config_checks.py
new file mode 100755
index 0000000000..540144923e
--- /dev/null
+++ b/tests/scripts/test_config_checks.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python3
+"""Test the configuration checks generated by generate_config_checks.py.
+"""
+
+## Copyright The Mbed TLS Contributors
+## SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+import unittest
+
+import scripts_path # pylint: disable=unused-import
+from mbedtls_framework import unittest_config_checks
+
+
+class MbedtlsTestConfigChecks(unittest_config_checks.TestConfigChecks):
+    """Mbed TLS unit tests for checks generated by config_checks_generator."""
+
+    #pylint: disable=invalid-name # uppercase letters make sense here
+
+    PROJECT_CONFIG_C = 'library/mbedtls_config.c'
+    PROJECT_SPECIFIC_INCLUDE_DIRECTORIES = [
+        'tf-psa-crypto/include',
+        'tf-psa-crypto/drivers/builtin/include',
+    ]
+
+    @unittest.skip("At this time, mbedtls does not go through crypto's check_config.h.")
+    def test_crypto_no_fs_io(self) -> None:
+        """A sample error expected from crypto's check_config.h."""
+        self.bad_case('#undef MBEDTLS_FS_IO',
+                      None,
+                      error=('MBEDTLS_PSA_ITS_FILE_C'))
+
+    def test_mbedtls_no_session_tickets_for_early_data(self) -> None:
+        """An error expected from mbedtls_check_config.h based on the TLS configuration."""
+        self.bad_case(None,
+                      '''
+                      #define MBEDTLS_SSL_EARLY_DATA
+                      #undef MBEDTLS_SSL_SESSION_TICKETS
+                      ''',
+                      error=('MBEDTLS_SSL_EARLY_DATA'))
+
+    def test_mbedtls_no_ecdsa(self) -> None:
+        """An error expected from mbedtls_check_config.h based on crypto+TLS configuration."""
+        self.bad_case('''
+                      #undef PSA_WANT_ALG_ECDSA
+                      #undef PSA_WANT_ALG_DETERMINISTIC_ECDSA
+                      #undef MBEDTLS_ECDSA_C
+                      ''',
+                      '''
+                      #if defined(PSA_WANT_ALG_ECDSA)
+                      #error PSA_WANT_ALG_ECDSA unexpected
+                      #endif
+                      #if defined(PSA_WANT_ALG_DETERMINSTIC_ECDSA)
+                      #error PSA_WANT_ALG_DETERMINSTIC_ECDSA unexpected
+                      #endif
+                      #if defined(MBEDTLS_ECDSA_C)
+                      #error MBEDTLS_ECDSA_C unexpected
+                      #endif
+                      ''',
+                      error=('MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED'))
+
+
+if __name__ == '__main__':
+    unittest.main()

From fff4b323242f0c2cad2be2de8ee23ab71a7bf066 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Tue, 22 Jul 2025 23:44:07 +0200
Subject: [PATCH 016/216] Announce that <mbedtls/check_config.h> no longer
 exists

It was already deprecated since 3.0 (although we forgot to announce it in
the changelog back then).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 ChangeLog.d/check_config.txt | 5 +++++
 1 file changed, 5 insertions(+)
 create mode 100644 ChangeLog.d/check_config.txt

diff --git a/ChangeLog.d/check_config.txt b/ChangeLog.d/check_config.txt
new file mode 100644
index 0000000000..f9f44a4b85
--- /dev/null
+++ b/ChangeLog.d/check_config.txt
@@ -0,0 +1,5 @@
+Removals
+   * The header <mbedtls/check_config.h> no longer exists. Including it
+     from a custom config file was no longer needed since Mbed TLS 3.0,
+     and could lead to spurious errors. The checks that it performed are
+     now done automatically when building the library.

From bf650eeb88afe1d1a2e59eb02693f2a4e6b8647d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 3 Jul 2025 13:21:38 +0100
Subject: [PATCH 017/216] Temporarily disable Werror

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 CMakeLists.txt | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 162373182b..1e3c4910a1 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -271,9 +271,6 @@ function(set_gnu_base_compile_options target)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
     target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
 
-    if(MBEDTLS_FATAL_WARNINGS)
-        target_compile_options(${target} PRIVATE -Werror)
-    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_gnu_base_compile_options)
 
 function(set_clang_base_compile_options target)
@@ -296,9 +293,6 @@ function(set_clang_base_compile_options target)
     set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
     target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
 
-    if(MBEDTLS_FATAL_WARNINGS)
-        target_compile_options(${target} PRIVATE -Werror)
-    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_clang_base_compile_options)
 
 function(set_iar_base_compile_options target)
@@ -306,9 +300,6 @@ function(set_iar_base_compile_options target)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
 
-    if(MBEDTLS_FATAL_WARNINGS)
-        target_compile_options(${target} PRIVATE --warnings_are_errors)
-    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_iar_base_compile_options)
 
 function(set_msvc_base_compile_options target)

From 04b03d7712badeaad673019277615c779b398d20 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 14 Jul 2025 09:46:18 +0100
Subject: [PATCH 018/216] Replace Werror removal with pragma

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 CMakeLists.txt                             | 9 +++++++++
 library/ssl_tls12_client.c                 | 1 +
 library/ssl_tls13_generic.c                | 1 +
 library/x509_crt.c                         | 2 ++
 tests/suites/test_suite_x509write.function | 1 +
 5 files changed, 14 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 1e3c4910a1..162373182b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -271,6 +271,9 @@ function(set_gnu_base_compile_options target)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
     target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
 
+    if(MBEDTLS_FATAL_WARNINGS)
+        target_compile_options(${target} PRIVATE -Werror)
+    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_gnu_base_compile_options)
 
 function(set_clang_base_compile_options target)
@@ -293,6 +296,9 @@ function(set_clang_base_compile_options target)
     set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
     target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
 
+    if(MBEDTLS_FATAL_WARNINGS)
+        target_compile_options(${target} PRIVATE -Werror)
+    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_clang_base_compile_options)
 
 function(set_iar_base_compile_options target)
@@ -300,6 +306,9 @@ function(set_iar_base_compile_options target)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
     target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
 
+    if(MBEDTLS_FATAL_WARNINGS)
+        target_compile_options(${target} PRIVATE --warnings_are_errors)
+    endif(MBEDTLS_FATAL_WARNINGS)
 endfunction(set_iar_base_compile_options)
 
 function(set_msvc_base_compile_options target)
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 2129da122d..820cab17a8 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -19,6 +19,7 @@
 
 #include "psa_util_internal.h"
 #include "psa/crypto.h"
+#pragma GCC diagnostic warning "-Wenum-conversion"
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 372bf84608..cdf42128f8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -25,6 +25,7 @@
 
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
+#pragma GCC diagnostic warning "-Wenum-conversion"
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
 /* Define a local translating function to save code size by not using too many
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 3947eb09aa..b6d95f534e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -17,6 +17,8 @@
  *  [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
  */
 
+#pragma GCC diagnostic warning "-Wenum-conversion"
+
 #include "x509_internal.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index e0aad90a04..5e3d470f5a 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -14,6 +14,7 @@
 #include <mbedtls/private/pk_private.h>
 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
 #include "mbedtls/psa_util.h"
+#pragma GCC diagnostic warning "-Wenum-conversion"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)

From 1c1535f153fb46d95137b575fd57c310c7bf4dd7 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 09:29:38 +0100
Subject: [PATCH 019/216] Make pragmas more specific

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 4 +++-
 library/x509_crt.c                         | 2 --
 tests/suites/test_suite_x509write.function | 1 -
 4 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 820cab17a8..21541b8fc4 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -19,7 +19,6 @@
 
 #include "psa_util_internal.h"
 #include "psa/crypto.h"
-#pragma GCC diagnostic warning "-Wenum-conversion"
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
@@ -2086,6 +2085,7 @@ start_processing:
             ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
+            #pragma GCC diagnostic pop
         } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
         ret = mbedtls_pk_verify_restartable(peer_pk,
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index cdf42128f8..cda1f8a426 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -25,7 +25,6 @@
 
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
-#pragma GCC diagnostic warning "-Wenum-conversion"
 
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED)
 /* Define a local translating function to save code size by not using too many
@@ -964,9 +963,12 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
 
         MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
+        #pragma GCC diagnostic push
+        #pragma GCC diagnostic warning "-Wenum-conversion"
         if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
                                        md_alg, verify_hash, verify_hash_len,
                                        p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
+        #pragma GCC diagnostic pop
             MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
                                       mbedtls_ssl_sig_alg_to_str(*sig_alg)));
             MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);
diff --git a/library/x509_crt.c b/library/x509_crt.c
index b6d95f534e..3947eb09aa 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -17,8 +17,6 @@
  *  [SIRO] https://cabforum.org/wp-content/uploads/Chunghwatelecom201503cabforumV4.pdf
  */
 
-#pragma GCC diagnostic warning "-Wenum-conversion"
-
 #include "x509_internal.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 5e3d470f5a..e0aad90a04 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -14,7 +14,6 @@
 #include <mbedtls/private/pk_private.h>
 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
 #include "mbedtls/psa_util.h"
-#pragma GCC diagnostic warning "-Wenum-conversion"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)

From d3ae1701f36db5c2c6282861ed48ec81cebb7588 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 11:34:24 +0100
Subject: [PATCH 020/216] Remove pragmas and use alias

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c  | 2 +-
 library/ssl_tls13_generic.c | 3 ---
 2 files changed, 1 insertion(+), 4 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 21541b8fc4..b882d47a5c 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2083,9 +2083,9 @@ start_processing:
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
             ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
+                                        peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
-            #pragma GCC diagnostic pop
         } else
 #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
         ret = mbedtls_pk_verify_restartable(peer_pk,
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index cda1f8a426..372bf84608 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -963,12 +963,9 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
 
         MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-        #pragma GCC diagnostic push
-        #pragma GCC diagnostic warning "-Wenum-conversion"
         if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
                                        md_alg, verify_hash, verify_hash_len,
                                        p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
-        #pragma GCC diagnostic pop
             MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",
                                       mbedtls_ssl_sig_alg_to_str(*sig_alg)));
             MBEDTLS_SSL_DEBUG_RET(2, "mbedtls_pk_sign_ext", ret);

From 73b39872911d477187fd2f7145a0b5bbfd07acd1 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 14:38:47 +0100
Subject: [PATCH 021/216] Correct rebase and add in additional type cast

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c  | 1 -
 library/ssl_tls13_generic.c | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index b882d47a5c..2129da122d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2083,7 +2083,6 @@ start_processing:
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
             ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
-                                        peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 372bf84608..15731ca150 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -963,7 +963,7 @@ static int ssl_tls13_write_certificate_verify_body(mbedtls_ssl_context *ssl,
 
         MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-        if ((ret = mbedtls_pk_sign_ext(pk_type, own_key,
+        if ((ret = mbedtls_pk_sign_ext((mbedtls_pk_sigalg_t) pk_type, own_key,
                                        md_alg, verify_hash, verify_hash_len,
                                        p + 4, (size_t) (end - (p + 4)), &signature_len)) != 0) {
             MBEDTLS_SSL_DEBUG_MSG(2, ("CertificateVerify signature failed with %s",

From 7523b548e8400e37433a0bfada467444210fc8a2 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 28 Jul 2025 13:08:34 +0100
Subject: [PATCH 022/216] Update tf-psa-crypto submodule

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 19edaa785d..5df033ee3c 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 19edaa785dd71ec8f0c9f72235243314c3d895fa
+Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54

From 532dfeeacb7c6f0de064ab4ec580c1b88c51a5b4 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 22 Jul 2025 08:42:27 +0100
Subject: [PATCH 023/216] Add copy of header file for libtestdriver1

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/Makefile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/Makefile b/tests/Makefile
index 3a6f0e62ea..094c039436 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -332,6 +332,7 @@ libtestdriver1.a:
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
+#	mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/
 	touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
 	touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
 	cp -Rf ../framework/scripts ./libtestdriver1/framework
@@ -342,6 +343,8 @@ libtestdriver1.a:
 	cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
 	cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
 	cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto
+	mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/
+	cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h
 
 	# Set the test driver base (minimal) configuration.
 	cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h

From 1787ea43a7f6ab444e84775e23d3c4d005eff457 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 08:49:06 +0100
Subject: [PATCH 024/216] Removed debug comment

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/Makefile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/Makefile b/tests/Makefile
index 094c039436..ed53f73518 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -332,7 +332,6 @@ libtestdriver1.a:
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/everest
 	mkdir ./libtestdriver1/tf-psa-crypto/drivers/p256-m
-#	mkdir -p ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/
 	touch ./libtestdriver1/tf-psa-crypto/drivers/everest/Makefile.inc
 	touch ./libtestdriver1/tf-psa-crypto/drivers/p256-m/Makefile.inc
 	cp -Rf ../framework/scripts ./libtestdriver1/framework

From d56079944e9c2447ba71e5a7f1802acb5aa74ef5 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 28 Jul 2025 15:09:14 +0100
Subject: [PATCH 025/216] Adjust libtestdriver1_rewrite.pl to work on private

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/libtestdriver1_rewrite.pl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl
index 202575d855..f96ff5e05c 100755
--- a/tests/scripts/libtestdriver1_rewrite.pl
+++ b/tests/scripts/libtestdriver1_rewrite.pl
@@ -15,6 +15,10 @@ my @public_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/*
 
 my $public_files_regex = join('|', map { quotemeta($_) } @public_files);
 
+my @private_files = map { basename($_) } glob("../tf-psa-crypto/include/mbedtls/private/*.h");
+
+my $private_files_regex = join('|', map { quotemeta($_) } @private_files);
+
 while (<>) {
     s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!;
     s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!;
@@ -28,6 +32,9 @@ while (<>) {
     if ( $public_files_regex ) {
         s!^(\s*#\s*include\s*[\"<])mbedtls/($public_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/${2}!;
     }
+    if ( $private_files_regex ) {
+        s!^(\s*#\s*include\s*[\"<])mbedtls/private/($private_files_regex)!${1}libtestdriver1/tf-psa-crypto/include/mbedtls/private/${2}!;
+    }
     s!^(\s*#\s*include\s*[\"<])mbedtls/!${1}libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/!;
     s!^(\s*#\s*include\s*[\"<])psa/!${1}libtestdriver1/tf-psa-crypto/include/psa/!;
     s!^(\s*#\s*include\s*[\"<])tf-psa-crypto/!${1}libtestdriver1/tf-psa-crypto/include/tf-psa-crypto/!;

From cd1b7ffa705bbf4600e21205e2991f1655522457 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 29 Jul 2025 10:40:12 +0200
Subject: [PATCH 026/216] tests: x509write: replace MBEDTLS_ECDSA_DETERMINISTIC
 with PSA_WANT one

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_x509write.data | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 4dcd967226..3860076d2c 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -47,7 +47,7 @@ depends_on:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
 x509_csr_check:"../framework/data_files/server1.key":"../framework/data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0
 
 Certificate Request check Server5 ECDSA, key_usage
-depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_256
 x509_csr_check:"../framework/data_files/server5.key":"../framework/data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0:0
 
 Certificate Request check Server1, set_extension
@@ -155,11 +155,11 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"ffffffffffffffffffffffffffffffff":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.long_serial_FF.crt":0:0:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server5 ECDSA
-depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256
+depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256
 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0
 
 Certificate write check Server5 ECDSA, Opaque
-depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:MBEDTLS_ECDSA_DETERMINISTIC:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO
 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0
 
 Certificate write check Server1 SHA1, SubjectAltNames
@@ -337,4 +337,3 @@ oid_from_numeric_string:"2.4294967215":0:"8FFFFFFF7F"
 
 OID from numeric string - OID with overflowing subidentifier
 oid_from_numeric_string:"2.4294967216":MBEDTLS_ERR_ASN1_INVALID_DATA:""
-

From b3a2005141ec9518531c0eb1e414f0af41f4b120 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 29 Jul 2025 15:19:06 +0100
Subject: [PATCH 027/216] Remove copy from Makefile

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/Makefile | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/Makefile b/tests/Makefile
index ed53f73518..3a6f0e62ea 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -342,8 +342,6 @@ libtestdriver1.a:
 	cp -Rf ../tf-psa-crypto/include ./libtestdriver1/tf-psa-crypto
 	cp -Rf ../tf-psa-crypto/drivers/builtin ./libtestdriver1/tf-psa-crypto/drivers
 	cp -Rf ../tf-psa-crypto/scripts ./libtestdriver1/tf-psa-crypto
-	mkdir -p libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/
-	cp -r libtestdriver1/tf-psa-crypto/include/mbedtls/private/pk_private.h libtestdriver1/tf-psa-crypto/drivers/builtin/include/mbedtls/private/pk_private.h
 
 	# Set the test driver base (minimal) configuration.
 	cp ../tf-psa-crypto/tests/configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h

From 4bb98be277192dcc43e2f9842d111b083073e912 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 7 May 2025 14:21:20 +0100
Subject: [PATCH 028/216] initial remove of MBEDTLS_USE_PSA_CRYPTO

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/fuzz/fuzz_client.c          |   4 -
 programs/fuzz/fuzz_dtlsclient.c      |   4 -
 programs/fuzz/fuzz_dtlsserver.c      |   4 -
 programs/fuzz/fuzz_server.c          |  10 +--
 programs/fuzz/fuzz_x509crl.c         |  10 +--
 programs/fuzz/fuzz_x509crt.c         |   8 +-
 programs/fuzz/fuzz_x509csr.c         |  10 +--
 programs/pkey/gen_key.c              |   4 -
 programs/pkey/pk_sign.c              |   4 -
 programs/pkey/pk_verify.c            |   4 -
 programs/pkey/rsa_sign_pss.c         |   4 -
 programs/pkey/rsa_verify_pss.c       |   4 -
 programs/ssl/ssl_client2.c           |  65 ++--------------
 programs/ssl/ssl_server2.c           |  76 +++----------------
 programs/ssl/ssl_test_lib.c          |   6 +-
 programs/ssl/ssl_test_lib.h          |  21 +-----
 programs/x509/cert_app.c             |   4 -
 programs/x509/cert_req.c             |   4 -
 programs/x509/cert_write.c           |   4 -
 programs/x509/crl_app.c              |   4 -
 programs/x509/load_roots.c           |   4 -
 programs/x509/req_app.c              |   4 -
 tests/include/test/ssl_helpers.h     |   9 ---
 tests/src/test_helpers/ssl_helpers.c | 108 ---------------------------
 24 files changed, 33 insertions(+), 346 deletions(-)

diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 440c0245ff..1840570488 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -78,12 +78,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_entropy_init(&entropy);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
@@ -179,9 +177,7 @@ exit:
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #else
     (void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 7a1da13c38..ca7626d5ba 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -61,12 +61,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_entropy_init(&entropy);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
@@ -124,9 +122,7 @@ exit:
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #else
     (void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 98a70216e1..4f159fbefe 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -58,12 +58,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     mbedtls_ssl_config_init(&conf);
     mbedtls_ssl_cookie_init(&cookie_ctx);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
@@ -166,9 +164,7 @@ exit:
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
     mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #else
     (void) Data;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 05b7480cbc..40fd9caa0f 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -67,12 +67,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
     mbedtls_ssl_ticket_init(&ticket_ctx);
 #endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
@@ -194,19 +192,17 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 exit:
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
     mbedtls_ssl_ticket_free(&ticket_ctx);
-#endif
+#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */
     mbedtls_entropy_free(&entropy);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_free(&srvcert);
     mbedtls_pk_free(&pkey);
-#endif
+#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */
     mbedtls_ssl_free(&ssl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif
-#else
+#else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
     (void) Data;
     (void) Size;
 #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 92e0f5d12e..ae0f85282b 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     unsigned char buf[4096];
 
     mbedtls_x509_crl_init(&crl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     ret = mbedtls_x509_crl_parse(&crl, Data, Size);
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if (ret == 0) {
         ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
     }
-#else
+#else /* MBEDTLS_X509_REMOVE_INFO */
     ((void) ret);
     ((void) buf);
 #endif /* !MBEDTLS_X509_REMOVE_INFO */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_x509_crl_free(&crl);
-#else
+#else /* MBEDTLS_X509_CRL_PARSE_C */
     (void) Data;
     (void) Size;
-#endif
+#endif /* MBEDTLS_X509_CRL_PARSE_C */
 
     return 0;
 }
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index c99ae2e7b1..709fd200f9 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -12,12 +12,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     unsigned char buf[4096];
 
     mbedtls_x509_crt_init(&crt);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     ret = mbedtls_x509_crt_parse(&crt, Data, Size);
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if (ret == 0) {
@@ -28,15 +26,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     ((void) buf);
 #endif /* !MBEDTLS_X509_REMOVE_INFO */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_x509_crt_free(&crt);
-#else
+#else /* MBEDTLS_X509_CRT_PARSE_C */
     (void) Data;
     (void) Size;
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
     return 0;
 }
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index 4ab071f1ca..1c26e6f082 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -12,31 +12,27 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     unsigned char buf[4096];
 
     mbedtls_x509_csr_init(&csr);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     ret = mbedtls_x509_csr_parse(&csr, Data, Size);
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
     if (ret == 0) {
         ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
     }
-#else
+#else /* !MBEDTLS_X509_REMOVE_INFO */
     ((void) ret);
     ((void) buf);
 #endif /* !MBEDTLS_X509_REMOVE_INFO */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 exit:
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_x509_csr_free(&csr);
-#else
+#else /* MBEDTLS_X509_CSR_PARSE_C */
     (void) Data;
     (void) Size;
-#endif
+#endif /* MBEDTLS_X509_CSR_PARSE_C */
 
     return 0;
 }
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 94604ceeb6..ba35534388 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -257,14 +257,12 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     memset(buf, 0, sizeof(buf));
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -473,9 +471,7 @@ exit:
     mbedtls_pk_free(&key);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 551173e496..4ddb473c0f 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -55,14 +55,12 @@ int main(int argc, char *argv[])
     mbedtls_ctr_drbg_init(&ctr_drbg);
     mbedtls_pk_init(&pk);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc != 3) {
         mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
@@ -139,9 +137,7 @@ exit:
     mbedtls_pk_free(&pk);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_ERROR_C)
     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index 507812e350..27aff441a1 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -47,14 +47,12 @@ int main(int argc, char *argv[])
 
     mbedtls_pk_init(&pk);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc != 3) {
         mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
@@ -115,9 +113,7 @@ int main(int argc, char *argv[])
 
 exit:
     mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_ERROR_C)
     if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index 8f605b56bc..d94daf3977 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -57,14 +57,12 @@ int main(int argc, char *argv[])
     mbedtls_pk_init(&pk);
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc != 3) {
         mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
@@ -153,9 +151,7 @@ exit:
     mbedtls_pk_free(&pk);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 97f9d186e8..15049203ee 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -51,14 +51,12 @@ int main(int argc, char *argv[])
 
     mbedtls_pk_init(&pk);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc != 3) {
         mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
@@ -131,9 +129,7 @@ int main(int argc, char *argv[])
 
 exit:
     mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d5e7fdf304..b76055ed5b 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -9,9 +9,7 @@
 
 #include "ssl_test_lib.h"
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
 int main(void)
@@ -145,7 +143,7 @@ int main(void)
 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -172,7 +170,6 @@ int main(void)
     "    psk=%%s              default: \"\" (disabled)\n"     \
     "                          The PSK values are in hex, without 0x.\n" \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -185,7 +182,6 @@ int main(void)
     "                          with prepopulated key slots instead of importing raw key material.\n"
 #else
 #define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -309,14 +305,9 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
-    "    ecjpake_pw=%%s           default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -488,9 +479,7 @@ struct options {
     const char *crt_file;       /* the file with the client certificate     */
     const char *key_file;       /* the file with the client key             */
     int key_opaque;             /* handle private key as if it were opaque  */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -498,9 +487,7 @@ struct options {
     const char *psk;            /* the pre-shared key                       */
     const char *psk_identity;   /* the pre-shared key identity              */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
-#endif
     int ec_max_ops;             /* EC consecutive operations limit          */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -824,16 +811,12 @@ int main(int argc, char *argv[])
 
     const char *pers = "ssl_client2";
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
     psa_algorithm_t alg = 0;
     psa_key_attributes_t key_attributes;
 #endif
     psa_status_t status;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    psa_status_t status;
-#endif
 
     rng_context_t rng;
     mbedtls_ssl_context ssl;
@@ -850,9 +833,7 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
 #endif  /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     char *p, *q;
     const int *list;
@@ -877,10 +858,9 @@ int main(int argc, char *argv[])
         MBEDTLS_TLS_SRTP_UNSET
     };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -907,7 +887,6 @@ int main(int argc, char *argv[])
     memset((void *) alpn_list, 0, sizeof(alpn_list));
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -915,7 +894,6 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -942,17 +920,13 @@ int main(int argc, char *argv[])
     opt.key_opaque          = DFL_KEY_OPAQUE;
     opt.key_pwd             = DFL_KEY_PWD;
     opt.psk                 = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
-#endif
     opt.ec_max_ops          = DFL_EC_MAX_OPS;
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1127,7 +1101,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1152,11 +1126,9 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         }
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1167,11 +1139,9 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
-#endif
         else if (strcmp(p, "ec_max_ops") == 0) {
             opt.ec_max_ops = atoi(q);
         } else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -1500,7 +1470,6 @@ usage:
     }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (opt.psk == NULL) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -1515,7 +1484,6 @@ usage:
             goto usage;
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1550,7 +1518,6 @@ usage:
             }
         }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1562,7 +1529,6 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1786,7 +1752,6 @@ usage:
         goto exit;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t usage = 0;
@@ -1805,7 +1770,6 @@ usage:
             }
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key type: %s)\n",
                    strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
@@ -2006,7 +1970,6 @@ usage:
 #endif
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
@@ -2027,7 +1990,6 @@ usage:
             goto exit;
         }
     } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     if (psk_len > 0) {
         ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                    (const unsigned char *) opt.psk_identity,
@@ -2098,7 +2060,6 @@ usage:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -2124,7 +2085,6 @@ usage:
             }
             mbedtls_printf("using opaque password\n");
         } else
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -3206,13 +3166,10 @@ exit:
     mbedtls_x509_crt_free(&clicert);
     mbedtls_x509_crt_free(&cacert);
     mbedtls_pk_free(&pkey);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
-#endif
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -3229,11 +3186,9 @@ exit:
             }
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
-          MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -3252,9 +3207,8 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -3262,14 +3216,11 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
     !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
-#endif
 
     rng_free(&rng);
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 639fe5616e..cb933e7e6d 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -53,9 +53,7 @@ int main(void)
 #include <windows.h>
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
-#endif
 
 #include "mbedtls/pk.h"
 #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
@@ -205,7 +203,7 @@ int main(void)
 #else
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private keys as if they were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -248,7 +246,6 @@ int main(void)
     "                          The PSK values are in hex, without 0x.\n" \
     "                          id1,psk1[,id2,psk2[,...]]\n"             \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -270,7 +267,6 @@ int main(void)
     "                          with prepopulated key slots instead of importing raw key material.\n"
 #else
 #define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -419,14 +415,9 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
-    "    ecjpake_pw=%%s           default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -641,10 +632,8 @@ struct options {
     int async_private_delay1;   /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
     int async_private_delay2;   /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
     int async_private_error;    /* inject error in async private callback */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
     int psk_list_opaque;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -652,9 +641,7 @@ struct options {
     const char *psk_identity;   /* the pre-shared key identity              */
     char *psk_list;             /* list of PSK id/key pairs for callback    */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
-#endif
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     int tls13_kex_modes;        /* supported TLS 1.3 key exchange modes     */
@@ -962,9 +949,7 @@ struct _psk_entry {
     const char *name;
     size_t key_len;
     unsigned char key[MBEDTLS_PSK_MAX_LEN];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t slot;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     psk_entry *next;
 };
 
@@ -976,7 +961,6 @@ static int psk_free(psk_entry *head)
     psk_entry *next;
 
     while (head != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status;
         mbedtls_svc_key_id_t const slot = head->slot;
 
@@ -986,7 +970,6 @@ static int psk_free(psk_entry *head)
                 return status;
             }
         }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         next = head->next;
         mbedtls_free(head);
@@ -1052,11 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
     while (cur != NULL) {
         if (name_len == strlen(cur->name) &&
             memcmp(name, cur->name, name_len) == 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
             if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
                 return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
             } else
-#endif
             return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
         }
 
@@ -1302,7 +1283,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl)
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
                                            psa_algorithm_t alg,
@@ -1326,7 +1306,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
     return PSA_SUCCESS;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 static int report_cid_usage(mbedtls_ssl_context *ssl,
@@ -1543,10 +1522,8 @@ int main(int argc, char *argv[])
     io_ctx_t io_ctx;
     unsigned char *buf = 0;
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t alg = 0;
     mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char psk[MBEDTLS_PSK_MAX_LEN];
     size_t psk_len = 0;
     psk_entry *psk_info = NULL;
@@ -1574,10 +1551,8 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
     mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
     int key_cert_init = 0, key_cert_init2 = 0;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1609,10 +1584,9 @@ int main(int argc, char *argv[])
     unsigned char *context_buf = NULL;
     size_t context_buf_len = 0;
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
     uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
@@ -1621,9 +1595,7 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q;
     const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     psa_status_t status;
-#endif
     unsigned char eap_tls_keymaterial[16];
     unsigned char eap_tls_iv[8];
     const char *eap_tls_label = "client EAP encryption";
@@ -1684,7 +1656,6 @@ int main(int argc, char *argv[])
     mbedtls_ssl_cookie_init(&cookie_ctx);
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -1692,7 +1663,6 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -1731,19 +1701,15 @@ int main(int argc, char *argv[])
     opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
     opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
     opt.psk                 = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
     opt.psk_list_opaque     = DFL_PSK_LIST_OPAQUE;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.psk_list            = DFL_PSK_LIST;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
-#endif
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     opt.tls13_kex_modes     = DFL_TLS1_3_KEX_MODES;
@@ -1924,7 +1890,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1973,13 +1939,11 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         } else if (strcmp(p, "psk_list_opaque") == 0) {
             opt.psk_list_opaque = atoi(q);
         }
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1992,11 +1956,9 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
-#endif
         else if (strcmp(p, "force_ciphersuite") == 0) {
             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
 
@@ -2367,7 +2329,6 @@ usage:
         goto exit;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (strlen(opt.psk) == 0) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -2397,7 +2358,6 @@ usage:
             goto usage;
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -2427,7 +2387,6 @@ usage:
             opt.min_version = ciphersuite_info->min_tls_version;
         }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -2439,7 +2398,6 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2732,7 +2690,6 @@ usage:
 #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t psa_usage = 0;
@@ -2768,7 +2725,6 @@ usage:
             }
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key types: %s, %s)\n",
                    key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
@@ -3182,7 +3138,6 @@ usage:
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 
     if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_opaque != 0) {
             /* The algorithm has already been determined earlier. */
             status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
@@ -3199,7 +3154,6 @@ usage:
                 goto exit;
             }
         } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (psk_len > 0) {
             ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                        (const unsigned char *) opt.psk_identity,
@@ -3213,7 +3167,6 @@ usage:
     }
 
     if (opt.psk_list != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_list_opaque != 0) {
             psk_entry *cur_psk;
             for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
@@ -3227,7 +3180,6 @@ usage:
                 }
             }
         }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
     }
@@ -3384,7 +3336,6 @@ reset:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -3410,7 +3361,6 @@ reset:
             }
             mbedtls_printf("using opaque password\n");
         } else
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -4253,11 +4203,9 @@ exit:
     mbedtls_pk_free(&pkey);
     mbedtls_x509_crt_free(&srvcert2);
     mbedtls_pk_free(&pkey2);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
     psa_destroy_key(key_slot2);
 #endif
-#endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
@@ -4269,8 +4217,7 @@ exit:
     }
 #endif
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -4284,11 +4231,9 @@ exit:
                            (int) status);
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
-          MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -4307,9 +4252,8 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -4317,12 +4261,10 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
-#endif
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
-    && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
 #endif
 
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index f9a6402525..ad3feb65b8 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -83,13 +83,11 @@ void rng_init(rng_context_t *rng)
 
 int rng_seed(rng_context_t *rng, int reproducible, const char *pers)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (reproducible) {
         mbedtls_fprintf(stderr,
-                        "MBEDTLS_USE_PSA_CRYPTO does not support reproducible mode.\n");
+                        "reproducible mode is not supported.\n");
         return -1;
     }
-#endif
 #if defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     /* The PSA crypto RNG does its own seeding. */
     (void) rng;
@@ -217,7 +215,6 @@ int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2)
     return 0;
 }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
                              psa_algorithm_t *psa_alg1,
                              psa_algorithm_t *psa_alg2,
@@ -301,7 +298,6 @@ int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algor
     return 0;
 }
 #endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
 int ca_callback(void *data, mbedtls_x509_crt const *child,
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index c001a2afa1..ea5dbecb89 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -14,9 +14,8 @@
 #include "mbedtls/md.h"
 
 #undef HAVE_RNG
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&         \
-    (defined(MBEDTLS_USE_PSA_CRYPTO) ||                \
-    defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG))
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
+    defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
 #define HAVE_RNG
 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
 #define HAVE_RNG
@@ -55,10 +54,8 @@
 #include "mbedtls/base64.h"
 #include "test/certs.h"
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
 #include "psa/crypto.h"
 #include "mbedtls/psa_util.h"
-#endif
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #include "mbedtls/memory_buffer_alloc.h"
@@ -108,7 +105,7 @@ void my_debug(void *ctx, int level,
 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
 /* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
  * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
  *
@@ -121,14 +118,6 @@ mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
  *   where the test programs use the PSA RNG while the PSA RNG is itself based
  *   on entropy+DRBG, and at least one configuration where the test programs
  *   do not use the PSA RNG even though it's there.
- *
- * A simple choice that meets the constraints is to use the PSA RNG whenever
- * MBEDTLS_USE_PSA_CRYPTO is enabled. There's no real technical reason the
- * choice to use the PSA RNG in the test programs and the choice to use
- * PSA crypto when TLS code needs crypto have to be tied together, but it
- * happens to be a good match. It's also a good match from an application
- * perspective: either PSA is preferred for TLS (both for crypto and for
- * random generation) or it isn't.
  */
 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
 #endif
@@ -213,7 +202,6 @@ int rng_get(void *p_rng, unsigned char *output, size_t output_len);
  */
 int key_opaque_alg_parse(const char *arg, const char **alg1, const char **alg2);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 /** Parse given opaque key algorithms to obtain psa algs and usage
  *  that will be passed to mbedtls_pk_wrap_as_opaque().
  *
@@ -259,9 +247,8 @@ int key_opaque_set_alg_usage(const char *alg1, const char *alg2,
 int pk_wrap_as_opaque(mbedtls_pk_context *pk, psa_algorithm_t psa_alg, psa_algorithm_t psa_alg2,
                       psa_key_usage_t psa_usage, mbedtls_svc_key_id_t *key_id);
 #endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 /* The test implementation of the PSA external RNG is insecure. When
  * MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled, before using any PSA crypto
  * function that makes use of an RNG, you must call
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index d9d5bb60ac..c747505519 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -152,14 +152,12 @@ int main(int argc, char *argv[])
     memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -446,9 +444,7 @@ exit:
 #endif
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index e59772ffda..02fd567841 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -162,14 +162,12 @@ int main(int argc, char *argv[])
     memset(buf, 0, sizeof(buf));
     mbedtls_entropy_init(&entropy);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -502,9 +500,7 @@ exit:
     mbedtls_pk_free(&key);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     cur = opt.san_list;
     while (cur != NULL) {
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index 3cabff4b5a..fb55c3f291 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -326,14 +326,12 @@ int main(int argc, char *argv[])
     memset(buf, 0, sizeof(buf));
     memset(serial, 0, sizeof(serial));
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -1026,9 +1024,7 @@ exit:
     mbedtls_pk_free(&loaded_issuer_key);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index fee8b693ce..bb518adeef 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -60,14 +60,12 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_crl_init(&crl);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -124,9 +122,7 @@ usage:
 
 exit:
     mbedtls_x509_crl_free(&crl);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index 2ae7c9b017..34d3508459 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -86,14 +86,12 @@ int main(int argc, char *argv[])
     struct mbedtls_timing_hr_time timer;
     unsigned long ms;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc <= 1) {
         mbedtls_printf(USAGE);
@@ -159,9 +157,7 @@ int main(int argc, char *argv[])
     exit_code = MBEDTLS_EXIT_SUCCESS;
 
 exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_exit(exit_code);
 }
 #endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 2929d687d4..b960818a09 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -60,14 +60,12 @@ int main(int argc, char *argv[])
      */
     mbedtls_x509_csr_init(&csr);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
                         (int) status);
         goto exit;
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (argc < 2) {
 usage:
@@ -124,9 +122,7 @@ usage:
 
 exit:
     mbedtls_x509_csr_free(&csr);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_exit(exit_code);
 }
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 5bfdedaaf0..d019c5065e 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -31,11 +31,9 @@
 #include "mbedtls/ssl_cache.h"
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
                                                            psa_to_ssl_errors, \
                                                            psa_generic_status_to_mbedtls)
-#endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #if defined(PSA_WANT_KEY_TYPE_AES)
@@ -751,18 +749,11 @@ int mbedtls_test_get_tls13_ticket(
 
 #define ECJPAKE_TEST_PWD        "bla"
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val)                            \
     ret = (use_opaque_arg) ?                                              \
           mbedtls_ssl_set_hs_ecjpake_password_opaque(&ssl, pwd_slot) :    \
           mbedtls_ssl_set_hs_ecjpake_password(&ssl, pwd_string, pwd_len); \
     TEST_EQUAL(ret, exp_ret_val)
-#else
-#define ECJPAKE_TEST_SET_PASSWORD(exp_ret_val)                            \
-    ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,                       \
-                                              pwd_string, pwd_len);       \
-    TEST_EQUAL(ret, exp_ret_val)
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #define TEST_AVAILABLE_ECC(tls_id_, group_id_, psa_family_, psa_bits_)   \
     TEST_EQUAL(mbedtls_ssl_get_ecp_group_id_from_tls_id(tls_id_),        \
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1eca6e496d..83dac17419 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -644,11 +644,9 @@ static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
         ep->cert = NULL;
     }
     if (ep->pkey != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (mbedtls_pk_get_type(ep->pkey) == MBEDTLS_PK_OPAQUE) {
             psa_destroy_key(ep->pkey->priv_id);
         }
-#endif
         mbedtls_pk_free(ep->pkey);
         mbedtls_free(ep->pkey);
         ep->pkey = NULL;
@@ -725,9 +723,7 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
     int i = 0;
     int ret = -1;
     int ok = 0;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif
 
     if (ep == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -759,7 +755,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
         TEST_EQUAL(load_endpoint_ecc(ep), 0);
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opaque_alg != 0) {
         psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
         /* Use a fake key usage to get a successful initial guess for the PSA attributes. */
@@ -776,11 +771,6 @@ int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
         mbedtls_pk_init(ep->pkey);
         TEST_EQUAL(mbedtls_pk_wrap_psa(ep->pkey, key_slot), 0);
     }
-#else
-    (void) opaque_alg;
-    (void) opaque_alg2;
-    (void) opaque_usage;
-#endif
 
     mbedtls_ssl_conf_ca_chain(&(ep->conf), ep->ca_chain, NULL);
 
@@ -1212,7 +1202,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
                                            unsigned char *output,
                                            size_t *olen)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
     psa_cipher_operation_t cipher_op = PSA_CIPHER_OPERATION_INIT;
     size_t part_len;
@@ -1246,10 +1235,6 @@ int mbedtls_test_psa_cipher_encrypt_helper(mbedtls_ssl_transform *transform,
 
     *olen += part_len;
     return 0;
-#else
-    return mbedtls_cipher_crypt(&transform->cipher_ctx_enc,
-                                iv, iv_len, input, ilen, output, olen);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 }
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 && PSA_WANT_ALG_CBC_NO_PADDING &&
           PSA_WANT_KEY_TYPE_AES */
@@ -1383,14 +1368,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
     size_t key_bits = 0;
     int ret = 0;
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_key_type_t key_type;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_algorithm_t alg;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-#else
-    mbedtls_cipher_info_t const *cipher_info;
-#endif
 
     size_t keylen, maclen, ivlen = 0;
     unsigned char *key0 = NULL, *key1 = NULL;
@@ -1422,58 +1403,10 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
     memset(key0, 0x1, keylen);
     memset(key1, 0x2, keylen);
 
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    /* Pick cipher */
-    cipher_info = mbedtls_cipher_info_from_type((mbedtls_cipher_type_t) cipher_type);
-    CHK(cipher_info != NULL);
-    CHK(mbedtls_cipher_info_get_iv_size(cipher_info) <= 16);
-    CHK(mbedtls_cipher_info_get_key_bitlen(cipher_info) % 8 == 0);
-
-    /* Setup cipher contexts */
-    CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc,  cipher_info) == 0);
-    CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec,  cipher_info) == 0);
-    CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
-    CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-    if (cipher_mode == MBEDTLS_MODE_CBC) {
-        CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
-                                            MBEDTLS_PADDING_NONE) == 0);
-        CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
-                                            MBEDTLS_PADDING_NONE) == 0);
-        CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
-                                            MBEDTLS_PADDING_NONE) == 0);
-        CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
-                                            MBEDTLS_PADDING_NONE) == 0);
-    }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
-    CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
-                              (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
-                              MBEDTLS_ENCRYPT)
-        == 0);
-    CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
-                              (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
-                              MBEDTLS_DECRYPT)
-        == 0);
-    CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
-                              (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
-                              MBEDTLS_ENCRYPT)
-        == 0);
-    CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
-                              (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
-                              MBEDTLS_DECRYPT)
-        == 0);
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
-
     /* Setup MAC contexts */
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
     if (cipher_mode == MBEDTLS_MODE_CBC ||
         cipher_mode == MBEDTLS_MODE_STREAM) {
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-        mbedtls_md_info_t const *md_info = mbedtls_md_info_from_type((mbedtls_md_type_t) hash_id);
-        CHK(md_info != NULL);
-#endif
         maclen = mbedtls_md_get_size_from_type((mbedtls_md_type_t) hash_id);
         CHK(maclen != 0);
         /* Pick hash keys */
@@ -1482,7 +1415,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
         memset(md0, 0x5, maclen);
         memset(md1, 0x6, maclen);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         alg = mbedtls_md_psa_alg_from_type(hash_id);
 
         CHK(alg != 0);
@@ -1523,21 +1455,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
         CHK(psa_import_key(&attributes,
                            md0, maclen,
                            &t_out->psa_mac_dec) == PSA_SUCCESS);
-#else
-        CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
-        CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
-        CHK(mbedtls_md_setup(&t_in->md_ctx_enc,  md_info, 1) == 0);
-        CHK(mbedtls_md_setup(&t_in->md_ctx_dec,  md_info, 1) == 0);
-
-        CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
-                                   md0, maclen) == 0);
-        CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
-                                   md1, maclen) == 0);
-        CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
-                                   md1, maclen) == 0);
-        CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
-                                   md0, maclen) == 0);
-#endif
     }
 #else
     ((void) hash_id);
@@ -1657,7 +1574,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
     t_out->out_cid_len = (uint8_t) cid0_len;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = mbedtls_ssl_cipher_to_psa(cipher_type,
                                        t_in->taglen,
                                        &alg,
@@ -1720,7 +1636,6 @@ int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
             goto cleanup;
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 cleanup:
 
@@ -1737,9 +1652,7 @@ cleanup:
 int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
                                         mbedtls_ssl_transform *transform_out)
 {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#endif
 
     /* Serialized version of record header for MAC purposes */
     unsigned char add_data[13];
@@ -1751,7 +1664,6 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
     add_data[12] = (record->data_len >> 0) & 0xff;
 
     /* MAC with additional data */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     size_t sign_mac_length = 0;
     TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_setup(&operation,
                                                transform_out->psa_mac_enc,
@@ -1767,26 +1679,13 @@ int mbedtls_test_ssl_prepare_record_mac(mbedtls_record *record,
     TEST_EQUAL(PSA_SUCCESS, psa_mac_sign_finish(&operation,
                                                 mac, sizeof(mac),
                                                 &sign_mac_length));
-#else
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc, add_data, 13));
-    TEST_EQUAL(0, mbedtls_md_hmac_update(&transform_out->md_ctx_enc,
-                                         record->buf + record->data_offset,
-                                         record->data_len));
-    /* Use a temporary buffer for the MAC, because with the truncated HMAC
-     * extension, there might not be enough room in the record for the
-     * full-length MAC. */
-    unsigned char mac[MBEDTLS_MD_MAX_SIZE];
-    TEST_EQUAL(0, mbedtls_md_hmac_finish(&transform_out->md_ctx_enc, mac));
-#endif
     memcpy(record->buf + record->data_offset + record->data_len, mac, transform_out->maclen);
     record->data_len += transform_out->maclen;
 
     return 0;
 
 exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_abort(&operation);
-#endif
     return -1;
 }
 #endif /* MBEDTLS_SSL_SOME_SUITES_USE_MAC */
@@ -1840,7 +1739,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
             return -1;
         }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_algorithm_t psa_alg = mbedtls_md_psa_alg_from_type(
             MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE);
         size_t hash_size = 0;
@@ -1851,12 +1749,6 @@ int mbedtls_test_ssl_tls12_populate_session(mbedtls_ssl_session *session,
             MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN,
             &hash_size);
         ret = PSA_TO_MBEDTLS_ERR(status);
-#else
-        ret = mbedtls_md(mbedtls_md_info_from_type(
-                             MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
-                         tmp_crt.raw.p, tmp_crt.raw.len,
-                         session->peer_cert_digest);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (ret != 0) {
             return ret;
         }

From 6bcdd67f8321cef2e695220d4902a0ee2e0fbf58 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 2 Jun 2025 15:51:32 +0100
Subject: [PATCH 029/216] Update ssl progs to restore build

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_client2.c | 65 ++++++++++++++++++++++++++++----
 programs/ssl/ssl_server2.c | 76 +++++++++++++++++++++++++++++++++-----
 2 files changed, 124 insertions(+), 17 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b76055ed5b..d5e7fdf304 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -9,7 +9,9 @@
 
 #include "ssl_test_lib.h"
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
 int main(void)
@@ -143,7 +145,7 @@ int main(void)
 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -170,6 +172,7 @@ int main(void)
     "    psk=%%s              default: \"\" (disabled)\n"     \
     "                          The PSK values are in hex, without 0x.\n" \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -182,6 +185,7 @@ int main(void)
     "                          with prepopulated key slots instead of importing raw key material.\n"
 #else
 #define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -305,9 +309,14 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_ECJPAKE \
+    "    ecjpake_pw=%%s           default: none (disabled)\n"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -479,7 +488,9 @@ struct options {
     const char *crt_file;       /* the file with the client certificate     */
     const char *key_file;       /* the file with the client key             */
     int key_opaque;             /* handle private key as if it were opaque  */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -487,7 +498,9 @@ struct options {
     const char *psk;            /* the pre-shared key                       */
     const char *psk_identity;   /* the pre-shared key identity              */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
+#endif
     int ec_max_ops;             /* EC consecutive operations limit          */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -811,12 +824,16 @@ int main(int argc, char *argv[])
 
     const char *pers = "ssl_client2";
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
     psa_algorithm_t alg = 0;
     psa_key_attributes_t key_attributes;
 #endif
     psa_status_t status;
+#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    psa_status_t status;
+#endif
 
     rng_context_t rng;
     mbedtls_ssl_context ssl;
@@ -833,7 +850,9 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+#endif
 #endif  /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     char *p, *q;
     const int *list;
@@ -858,9 +877,10 @@ int main(int argc, char *argv[])
         MBEDTLS_TLS_SRTP_UNSET
     };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -887,6 +907,7 @@ int main(int argc, char *argv[])
     memset((void *) alpn_list, 0, sizeof(alpn_list));
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -894,6 +915,7 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
+#endif  /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -920,13 +942,17 @@ int main(int argc, char *argv[])
     opt.key_opaque          = DFL_KEY_OPAQUE;
     opt.key_pwd             = DFL_KEY_PWD;
     opt.psk                 = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
+#endif
     opt.ec_max_ops          = DFL_EC_MAX_OPS;
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1101,7 +1127,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1126,9 +1152,11 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         }
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1139,9 +1167,11 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
+#endif
         else if (strcmp(p, "ec_max_ops") == 0) {
             opt.ec_max_ops = atoi(q);
         } else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -1470,6 +1500,7 @@ usage:
     }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (opt.psk == NULL) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -1484,6 +1515,7 @@ usage:
             goto usage;
         }
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1518,6 +1550,7 @@ usage:
             }
         }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1529,6 +1562,7 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1752,6 +1786,7 @@ usage:
         goto exit;
     }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t usage = 0;
@@ -1770,6 +1805,7 @@ usage:
             }
         }
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key type: %s)\n",
                    strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
@@ -1970,6 +2006,7 @@ usage:
 #endif
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
@@ -1990,6 +2027,7 @@ usage:
             goto exit;
         }
     } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     if (psk_len > 0) {
         ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                    (const unsigned char *) opt.psk_identity,
@@ -2060,6 +2098,7 @@ usage:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -2085,6 +2124,7 @@ usage:
             }
             mbedtls_printf("using opaque password\n");
         } else
+#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -3166,10 +3206,13 @@ exit:
     mbedtls_x509_crt_free(&clicert);
     mbedtls_x509_crt_free(&cacert);
     mbedtls_pk_free(&pkey);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
+#endif
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -3186,9 +3229,11 @@ exit:
             }
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+          MBEDTLS_USE_PSA_CRYPTO */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -3207,8 +3252,9 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -3216,11 +3262,14 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
     !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
+#endif
 
     rng_free(&rng);
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index cb933e7e6d..639fe5616e 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -53,7 +53,9 @@ int main(void)
 #include <windows.h>
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
+#endif
 
 #include "mbedtls/pk.h"
 #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
@@ -203,7 +205,7 @@ int main(void)
 #else
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private keys as if they were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -246,6 +248,7 @@ int main(void)
     "                          The PSK values are in hex, without 0x.\n" \
     "                          id1,psk1[,id2,psk2[,...]]\n"             \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -267,6 +270,7 @@ int main(void)
     "                          with prepopulated key slots instead of importing raw key material.\n"
 #else
 #define USAGE_PSK_SLOT ""
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -415,9 +419,14 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
+#else /* MBEDTLS_USE_PSA_CRYPTO */
+#define USAGE_ECJPAKE \
+    "    ecjpake_pw=%%s           default: none (disabled)\n"
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -632,8 +641,10 @@ struct options {
     int async_private_delay1;   /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
     int async_private_delay2;   /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
     int async_private_error;    /* inject error in async private callback */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
     int psk_list_opaque;
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -641,7 +652,9 @@ struct options {
     const char *psk_identity;   /* the pre-shared key identity              */
     char *psk_list;             /* list of PSK id/key pairs for callback    */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
+#endif
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     int tls13_kex_modes;        /* supported TLS 1.3 key exchange modes     */
@@ -949,7 +962,9 @@ struct _psk_entry {
     const char *name;
     size_t key_len;
     unsigned char key[MBEDTLS_PSK_MAX_LEN];
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t slot;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     psk_entry *next;
 };
 
@@ -961,6 +976,7 @@ static int psk_free(psk_entry *head)
     psk_entry *next;
 
     while (head != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status;
         mbedtls_svc_key_id_t const slot = head->slot;
 
@@ -970,6 +986,7 @@ static int psk_free(psk_entry *head)
                 return status;
             }
         }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         next = head->next;
         mbedtls_free(head);
@@ -1035,9 +1052,11 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
     while (cur != NULL) {
         if (name_len == strlen(cur->name) &&
             memcmp(name, cur->name, name_len) == 0) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
             if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
                 return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
             } else
+#endif
             return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
         }
 
@@ -1283,6 +1302,7 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl)
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
                                            psa_algorithm_t alg,
@@ -1306,6 +1326,7 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
     return PSA_SUCCESS;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 static int report_cid_usage(mbedtls_ssl_context *ssl,
@@ -1522,8 +1543,10 @@ int main(int argc, char *argv[])
     io_ctx_t io_ctx;
     unsigned char *buf = 0;
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t alg = 0;
     mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char psk[MBEDTLS_PSK_MAX_LEN];
     size_t psk_len = 0;
     psk_entry *psk_info = NULL;
@@ -1551,8 +1574,10 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
     mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
+#endif
     int key_cert_init = 0, key_cert_init2 = 0;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1584,9 +1609,10 @@ int main(int argc, char *argv[])
     unsigned char *context_buf = NULL;
     size_t context_buf_len = 0;
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
     uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
@@ -1595,7 +1621,9 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q;
     const int *list;
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     psa_status_t status;
+#endif
     unsigned char eap_tls_keymaterial[16];
     unsigned char eap_tls_iv[8];
     const char *eap_tls_label = "client EAP encryption";
@@ -1656,6 +1684,7 @@ int main(int argc, char *argv[])
     mbedtls_ssl_cookie_init(&cookie_ctx);
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -1663,6 +1692,7 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
+#endif  /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -1701,15 +1731,19 @@ int main(int argc, char *argv[])
     opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
     opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
     opt.psk                 = DFL_PSK;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
     opt.psk_list_opaque     = DFL_PSK_LIST_OPAQUE;
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.psk_list            = DFL_PSK_LIST;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
+#endif
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     opt.tls13_kex_modes     = DFL_TLS1_3_KEX_MODES;
@@ -1890,7 +1924,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1939,11 +1973,13 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         } else if (strcmp(p, "psk_list_opaque") == 0) {
             opt.psk_list_opaque = atoi(q);
         }
+#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1956,9 +1992,11 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
+#endif
         else if (strcmp(p, "force_ciphersuite") == 0) {
             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
 
@@ -2329,6 +2367,7 @@ usage:
         goto exit;
     }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (strlen(opt.psk) == 0) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -2358,6 +2397,7 @@ usage:
             goto usage;
         }
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -2387,6 +2427,7 @@ usage:
             opt.min_version = ciphersuite_info->min_tls_version;
         }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -2398,6 +2439,7 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2690,6 +2732,7 @@ usage:
 #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
     }
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t psa_usage = 0;
@@ -2725,6 +2768,7 @@ usage:
             }
         }
     }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key types: %s, %s)\n",
                    key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
@@ -3138,6 +3182,7 @@ usage:
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 
     if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_opaque != 0) {
             /* The algorithm has already been determined earlier. */
             status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
@@ -3154,6 +3199,7 @@ usage:
                 goto exit;
             }
         } else
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (psk_len > 0) {
             ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                        (const unsigned char *) opt.psk_identity,
@@ -3167,6 +3213,7 @@ usage:
     }
 
     if (opt.psk_list != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_list_opaque != 0) {
             psk_entry *cur_psk;
             for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
@@ -3180,6 +3227,7 @@ usage:
                 }
             }
         }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
     }
@@ -3336,6 +3384,7 @@ reset:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -3361,6 +3410,7 @@ reset:
             }
             mbedtls_printf("using opaque password\n");
         } else
+#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -4203,9 +4253,11 @@ exit:
     mbedtls_pk_free(&pkey);
     mbedtls_x509_crt_free(&srvcert2);
     mbedtls_pk_free(&pkey2);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
     psa_destroy_key(key_slot2);
 #endif
+#endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
@@ -4217,7 +4269,8 @@ exit:
     }
 #endif
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -4231,9 +4284,11 @@ exit:
                            (int) status);
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
+          MBEDTLS_USE_PSA_CRYPTO */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
+    defined(MBEDTLS_USE_PSA_CRYPTO)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -4252,8 +4307,9 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -4261,10 +4317,12 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
+#endif
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
-#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
+    && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
 #endif
 

From 62278dc93d5845e1e8356edb25281bb78ce195f2 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 6 Jun 2025 08:17:22 +0100
Subject: [PATCH 030/216] remove MBEDTLS_USE_PSA_CRYPTO from ssl progs

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_client2.c | 68 +++++----------------------------
 programs/ssl/ssl_server2.c | 78 +++++---------------------------------
 2 files changed, 18 insertions(+), 128 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d5e7fdf304..8c0453d6e3 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -9,9 +9,7 @@
 
 #include "ssl_test_lib.h"
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #if defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
 int main(void)
@@ -145,7 +143,7 @@ int main(void)
 #else /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private key as if it were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -172,7 +170,6 @@ int main(void)
     "    psk=%%s              default: \"\" (disabled)\n"     \
     "                          The PSK values are in hex, without 0x.\n" \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -183,9 +180,6 @@ int main(void)
     "                          Note: This is to test integration of PSA-based opaque PSKs with\n"     \
     "                          Mbed TLS only. Production systems are likely to configure Mbed TLS\n"  \
     "                          with prepopulated key slots instead of importing raw key material.\n"
-#else
-#define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -309,14 +303,9 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
-    "    ecjpake_pw=%%s           default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -488,9 +477,7 @@ struct options {
     const char *crt_file;       /* the file with the client certificate     */
     const char *key_file;       /* the file with the client key             */
     int key_opaque;             /* handle private key as if it were opaque  */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -498,9 +485,7 @@ struct options {
     const char *psk;            /* the pre-shared key                       */
     const char *psk_identity;   /* the pre-shared key identity              */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
-#endif
     int ec_max_ops;             /* EC consecutive operations limit          */
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -824,16 +809,12 @@ int main(int argc, char *argv[])
 
     const char *pers = "ssl_client2";
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     mbedtls_svc_key_id_t slot = MBEDTLS_SVC_KEY_ID_INIT;
     psa_algorithm_t alg = 0;
     psa_key_attributes_t key_attributes;
 #endif
     psa_status_t status;
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-    psa_status_t status;
-#endif
 
     rng_context_t rng;
     mbedtls_ssl_context ssl;
@@ -850,9 +831,7 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt clicert;
     mbedtls_pk_context pkey;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
 #endif  /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     char *p, *q;
     const int *list;
@@ -877,10 +856,9 @@ int main(int argc, char *argv[])
         MBEDTLS_TLS_SRTP_UNSET
     };
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
@@ -907,7 +885,6 @@ int main(int argc, char *argv[])
     memset((void *) alpn_list, 0, sizeof(alpn_list));
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -915,7 +892,6 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -942,17 +918,13 @@ int main(int argc, char *argv[])
     opt.key_opaque          = DFL_KEY_OPAQUE;
     opt.key_pwd             = DFL_KEY_PWD;
     opt.psk                 = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
-#endif
     opt.ec_max_ops          = DFL_EC_MAX_OPS;
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@@ -1127,7 +1099,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1152,11 +1124,9 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         }
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1167,11 +1137,9 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
-#endif
         else if (strcmp(p, "ec_max_ops") == 0) {
             opt.ec_max_ops = atoi(q);
         } else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -1500,7 +1468,6 @@ usage:
     }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (opt.psk == NULL) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -1515,7 +1482,6 @@ usage:
             goto usage;
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -1550,7 +1516,6 @@ usage:
             }
         }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -1562,7 +1527,6 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1786,7 +1750,6 @@ usage:
         goto exit;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t usage = 0;
@@ -1805,7 +1768,6 @@ usage:
             }
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key type: %s)\n",
                    strlen(opt.key_file) || strlen(opt.key_opaque_alg1) ?
@@ -2006,7 +1968,6 @@ usage:
 #endif
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         key_attributes = psa_key_attributes_init();
         psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
@@ -2027,7 +1988,6 @@ usage:
             goto exit;
         }
     } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     if (psk_len > 0) {
         ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                    (const unsigned char *) opt.psk_identity,
@@ -2098,7 +2058,6 @@ usage:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -2124,7 +2083,6 @@ usage:
             }
             mbedtls_printf("using opaque password\n");
         } else
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -3206,13 +3164,10 @@ exit:
     mbedtls_x509_crt_free(&clicert);
     mbedtls_x509_crt_free(&cacert);
     mbedtls_pk_free(&pkey);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
-#endif
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -3229,11 +3184,9 @@ exit:
             }
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
-          MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -3252,9 +3205,8 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -3262,12 +3214,10 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) && \
-    !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
 #endif
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 639fe5616e..e463c63046 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -53,9 +53,7 @@ int main(void)
 #include <windows.h>
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #include "test/psa_crypto_helpers.h"
-#endif
 
 #include "mbedtls/pk.h"
 #if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
@@ -205,7 +203,7 @@ int main(void)
 #else
 #define USAGE_IO ""
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #define USAGE_KEY_OPAQUE \
     "    key_opaque=%%d       Handle your private keys as if they were opaque\n" \
     "                        default: 0 (disabled)\n"
@@ -248,7 +246,6 @@ int main(void)
     "                          The PSK values are in hex, without 0x.\n" \
     "                          id1,psk1[,id2,psk2[,...]]\n"             \
     "    psk_identity=%%s     default: \"Client_identity\"\n"
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_PSK_SLOT                          \
     "    psk_opaque=%%d       default: 0 (don't use opaque static PSK)\n"     \
     "                          Enable this to store the PSK configured through command line\n" \
@@ -268,9 +265,6 @@ int main(void)
     "                          Note: This is to test integration of PSA-based opaque PSKs with\n" \
     "                          Mbed TLS only. Production systems are likely to configure Mbed TLS\n" \
     "                          with prepopulated key slots instead of importing raw key material.\n"
-#else
-#define USAGE_PSK_SLOT ""
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #define USAGE_PSK USAGE_PSK_RAW USAGE_PSK_SLOT
 #else
 #define USAGE_PSK ""
@@ -419,14 +413,9 @@ int main(void)
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #define USAGE_ECJPAKE \
     "    ecjpake_pw=%%s           default: none (disabled)\n"   \
     "    ecjpake_pw_opaque=%%d    default: 0 (disabled)\n"
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-#define USAGE_ECJPAKE \
-    "    ecjpake_pw=%%s           default: none (disabled)\n"
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 #else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 #define USAGE_ECJPAKE ""
 #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
@@ -641,10 +630,8 @@ struct options {
     int async_private_delay1;   /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
     int async_private_delay2;   /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
     int async_private_error;    /* inject error in async private callback */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int psk_opaque;
     int psk_list_opaque;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     int ca_callback;            /* Use callback for trusted certificate list */
 #endif
@@ -652,9 +639,7 @@ struct options {
     const char *psk_identity;   /* the pre-shared key identity              */
     char *psk_list;             /* list of PSK id/key pairs for callback    */
     const char *ecjpake_pw;     /* the EC J-PAKE password                   */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     int ecjpake_pw_opaque;      /* set to 1 to use the opaque method for setting the password */
-#endif
     int force_ciphersuite[2];   /* protocol/ciphersuite to use, or all      */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     int tls13_kex_modes;        /* supported TLS 1.3 key exchange modes     */
@@ -962,9 +947,7 @@ struct _psk_entry {
     const char *name;
     size_t key_len;
     unsigned char key[MBEDTLS_PSK_MAX_LEN];
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t slot;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     psk_entry *next;
 };
 
@@ -976,7 +959,6 @@ static int psk_free(psk_entry *head)
     psk_entry *next;
 
     while (head != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         psa_status_t status;
         mbedtls_svc_key_id_t const slot = head->slot;
 
@@ -986,7 +968,6 @@ static int psk_free(psk_entry *head)
                 return status;
             }
         }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         next = head->next;
         mbedtls_free(head);
@@ -1052,11 +1033,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
     while (cur != NULL) {
         if (name_len == strlen(cur->name) &&
             memcmp(name, cur->name, name_len) == 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
             if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
                 return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
             } else
-#endif
             return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
         }
 
@@ -1302,7 +1281,6 @@ static void ssl_async_cancel(mbedtls_ssl_context *ssl)
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
                                            psa_algorithm_t alg,
@@ -1326,7 +1304,6 @@ static psa_status_t psa_setup_psk_key_slot(mbedtls_svc_key_id_t *slot,
     return PSA_SUCCESS;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 static int report_cid_usage(mbedtls_ssl_context *ssl,
@@ -1543,10 +1520,8 @@ int main(int argc, char *argv[])
     io_ctx_t io_ctx;
     unsigned char *buf = 0;
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_algorithm_t alg = 0;
     mbedtls_svc_key_id_t psk_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char psk[MBEDTLS_PSK_MAX_LEN];
     size_t psk_len = 0;
     psk_entry *psk_info = NULL;
@@ -1574,10 +1549,8 @@ int main(int argc, char *argv[])
     mbedtls_x509_crt srvcert2;
     mbedtls_pk_context pkey2;
     mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
     mbedtls_svc_key_id_t key_slot2 = MBEDTLS_SVC_KEY_ID_INIT; /* invalid key slot */
-#endif
     int key_cert_init = 0, key_cert_init2 = 0;
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -1609,10 +1582,9 @@ int main(int argc, char *argv[])
     unsigned char *context_buf = NULL;
     size_t context_buf_len = 0;
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     mbedtls_svc_key_id_t ecjpake_pw_slot = MBEDTLS_SVC_KEY_ID_INIT; /* ecjpake password key slot */
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
     uint16_t sig_alg_list[SIG_ALG_LIST_SIZE];
@@ -1621,9 +1593,7 @@ int main(int argc, char *argv[])
     int i;
     char *p, *q;
     const int *list;
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     psa_status_t status;
-#endif
     unsigned char eap_tls_keymaterial[16];
     unsigned char eap_tls_iv[8];
     const char *eap_tls_label = "client EAP encryption";
@@ -1684,7 +1654,6 @@ int main(int argc, char *argv[])
     mbedtls_ssl_cookie_init(&cookie_ctx);
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     status = psa_crypto_init();
     if (status != PSA_SUCCESS) {
         mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
@@ -1692,7 +1661,6 @@ int main(int argc, char *argv[])
         ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
         goto exit;
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
 #if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
     mbedtls_test_enable_insecure_external_rng();
 #endif  /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
@@ -1731,19 +1699,15 @@ int main(int argc, char *argv[])
     opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
     opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
     opt.psk                 = DFL_PSK;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.psk_opaque          = DFL_PSK_OPAQUE;
     opt.psk_list_opaque     = DFL_PSK_LIST_OPAQUE;
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     opt.ca_callback         = DFL_CA_CALLBACK;
 #endif
     opt.psk_identity        = DFL_PSK_IDENTITY;
     opt.psk_list            = DFL_PSK_LIST;
     opt.ecjpake_pw          = DFL_ECJPAKE_PW;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     opt.ecjpake_pw_opaque   = DFL_ECJPAKE_PW_OPAQUE;
-#endif
     opt.force_ciphersuite[0] = DFL_FORCE_CIPHER;
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
     opt.tls13_kex_modes     = DFL_TLS1_3_KEX_MODES;
@@ -1924,7 +1888,7 @@ usage:
         } else if (strcmp(p, "key_pwd") == 0) {
             opt.key_pwd = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
         else if (strcmp(p, "key_opaque") == 0) {
             opt.key_opaque = atoi(q);
         }
@@ -1973,13 +1937,11 @@ usage:
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         } else if (strcmp(p, "psk_list_opaque") == 0) {
             opt.psk_list_opaque = atoi(q);
         }
-#endif
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
         else if (strcmp(p, "ca_callback") == 0) {
             opt.ca_callback = atoi(q);
@@ -1992,11 +1954,9 @@ usage:
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
         }
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
-#endif
         else if (strcmp(p, "force_ciphersuite") == 0) {
             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
 
@@ -2367,7 +2327,6 @@ usage:
         goto exit;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.psk_opaque != 0) {
         if (strlen(opt.psk) == 0) {
             mbedtls_printf("psk_opaque set but no psk to be imported specified.\n");
@@ -2397,7 +2356,6 @@ usage:
             goto usage;
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (opt.force_ciphersuite[0] > 0) {
         const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
@@ -2427,7 +2385,6 @@ usage:
             opt.min_version = ciphersuite_info->min_tls_version;
         }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
         if (opt.psk_opaque != 0 || opt.psk_list_opaque != 0) {
             /* Determine KDF algorithm the opaque PSK will be used in. */
@@ -2439,7 +2396,6 @@ usage:
             alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
         }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     }
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -2732,7 +2688,6 @@ usage:
 #endif /* PSA_HAVE_ALG_SOME_ECDSA && PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (opt.key_opaque != 0) {
         psa_algorithm_t psa_alg, psa_alg2 = PSA_ALG_NONE;
         psa_key_usage_t psa_usage = 0;
@@ -2768,7 +2723,6 @@ usage:
             }
         }
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_printf(" ok (key types: %s, %s)\n",
                    key_cert_init ? mbedtls_pk_get_name(&pkey) : "none",
@@ -3182,7 +3136,6 @@ usage:
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
 
     if (strlen(opt.psk) != 0 && strlen(opt.psk_identity) != 0) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_opaque != 0) {
             /* The algorithm has already been determined earlier. */
             status = psa_setup_psk_key_slot(&psk_slot, alg, psk, psk_len);
@@ -3199,7 +3152,6 @@ usage:
                 goto exit;
             }
         } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         if (psk_len > 0) {
             ret = mbedtls_ssl_conf_psk(&conf, psk, psk_len,
                                        (const unsigned char *) opt.psk_identity,
@@ -3213,7 +3165,6 @@ usage:
     }
 
     if (opt.psk_list != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.psk_list_opaque != 0) {
             psk_entry *cur_psk;
             for (cur_psk = psk_info; cur_psk != NULL; cur_psk = cur_psk->next) {
@@ -3227,7 +3178,6 @@ usage:
                 }
             }
         }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
         mbedtls_ssl_conf_psk_cb(&conf, psk_callback, psk_info);
     }
@@ -3384,7 +3334,6 @@ reset:
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     if (opt.ecjpake_pw != DFL_ECJPAKE_PW) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
         if (opt.ecjpake_pw_opaque != DFL_ECJPAKE_PW_OPAQUE) {
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
@@ -3410,7 +3359,6 @@ reset:
             }
             mbedtls_printf("using opaque password\n");
         } else
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
         {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
@@ -4253,11 +4201,9 @@ exit:
     mbedtls_pk_free(&pkey);
     mbedtls_x509_crt_free(&srvcert2);
     mbedtls_pk_free(&pkey2);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_slot);
     psa_destroy_key(key_slot2);
 #endif
-#endif
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
     for (i = 0; (size_t) i < ssl_async_keys.slots_used; i++) {
@@ -4269,8 +4215,7 @@ exit:
     }
 #endif
 
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED)
     if (opt.psk_opaque != 0) {
         /* This is ok even if the slot hasn't been
          * initialized (we might have jumed here
@@ -4284,11 +4229,9 @@ exit:
                            (int) status);
         }
     }
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED &&
-          MBEDTLS_USE_PSA_CRYPTO */
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) && \
-    defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
     /*
      * In case opaque keys it's the user responsibility to keep the key valid
      * for the duration of the handshake and destroy it at the end
@@ -4307,9 +4250,8 @@ exit:
             psa_destroy_key(ecjpake_pw_slot);
         }
     }
-#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED && MBEDTLS_USE_PSA_CRYPTO */
+#endif  /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
     const char *message = mbedtls_test_helper_is_psa_leaking();
     if (message) {
         if (ret == 0) {
@@ -4317,12 +4259,10 @@ exit:
         }
         mbedtls_printf("PSA memory leak detected: %s\n",  message);
     }
-#endif
 
     /* For builds with MBEDTLS_TEST_USE_PSA_CRYPTO_RNG psa crypto
      * resources are freed by rng_free(). */
-#if (defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)) \
-    && !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
     mbedtls_psa_crypto_free();
 #endif
 

From 0f21429af5422e764f5bba3e4e49e3cf5fcf0670 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 6 Jun 2025 08:31:48 +0100
Subject: [PATCH 031/216] Correct ifdef logic

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_test_lib.h | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index ea5dbecb89..fbb0efff84 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -14,8 +14,7 @@
 #include "mbedtls/md.h"
 
 #undef HAVE_RNG
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) || \
-    defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
+#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 #define HAVE_RNG
 #elif defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
 #define HAVE_RNG

From 9020426b14ab2a84d5f186d97cdf9ef524bf39e8 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 9 Jun 2025 11:51:28 +0100
Subject: [PATCH 032/216] remove MBEDTLS_USE_PSA_CRYPTO from tests

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-sanitizers.sh        |  8 +--
 tests/ssl-opt.sh                              |  9 ----
 .../test_suite_constant_time_hmac.function    | 51 -------------------
 tests/suites/test_suite_ssl.data              | 34 ++++++-------
 tests/suites/test_suite_ssl.function          | 12 +----
 tests/suites/test_suite_x509parse.data        |  2 +-
 tests/suites/test_suite_x509write.data        | 12 ++---
 tests/suites/test_suite_x509write.function    | 34 ++-----------
 8 files changed, 33 insertions(+), 129 deletions(-)

diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index 45d0960a1d..26b149f69e 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -66,7 +66,7 @@ component_release_test_valgrind_constant_flow_no_asm () {
     # - or alternatively, build with debug info and manually run the offending
     # test suite with valgrind --track-origins=yes, then check if the origin
     # was TEST_CF_SECRET() or something else.
-    msg "build: cmake release GCC, full config minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM with constant flow testing"
+    msg "build: cmake release GCC, full config minus MBEDTLS_HAVE_ASM with constant flow testing"
     scripts/config.py full
     scripts/config.py set MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
     scripts/config.py unset MBEDTLS_AESNI_C
@@ -77,7 +77,7 @@ component_release_test_valgrind_constant_flow_no_asm () {
 
     # this only shows a summary of the results (how many of each type)
     # details are left in Testing/<date>/DynamicAnalysis.xml
-    msg "test: some suites (full minus MBEDTLS_USE_PSA_CRYPTO, minus MBEDTLS_HAVE_ASM, valgrind + constant flow)"
+    msg "test: some suites (full minus MBEDTLS_HAVE_ASM, valgrind + constant flow)"
     make memcheck
 }
 
@@ -150,7 +150,7 @@ component_test_memsan () {
 
 component_release_test_valgrind () {
     msg "build: Release (clang)"
-    # default config, in particular without MBEDTLS_USE_PSA_CRYPTO
+    # default config
     CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
     make
 
@@ -178,7 +178,7 @@ component_release_test_valgrind () {
 
 component_release_test_valgrind_psa () {
     msg "build: Release, full (clang)"
-    # full config, in particular with MBEDTLS_USE_PSA_CRYPTO
+    # full config
     scripts/config.py full
     CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release .
     make
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index c667cd14bd..36bde20bfc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9443,15 +9443,6 @@ run_test    "EC restart: TLS, max_ops=65535" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# The following test cases for restartable ECDH come in two variants:
-# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
-#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests
-#   the partial implementation where ECDH in TLS is not actually restartable.
-# * The "(no USE_PSA)" variant expects the desired behavior. These test
-#   cases cannot currently pass because the implementation of restartable ECC
-#   in TLS is partial: ECDH is not actually restartable. This is the behavior
-#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled.
-#
 # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
 # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
 # cases.
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 0e870d80fd..057d104d0e 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -16,15 +16,10 @@ void ssl_cf_hmac(int hash)
      * Test the function mbedtls_ct_hmac() against a reference
      * implementation.
      */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     psa_algorithm_t alg;
     psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
-#else
-    mbedtls_md_context_t ctx, ref_ctx;
-    const mbedtls_md_info_t *md_info;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
     size_t out_len, block_size;
     size_t min_in_len, in_len, max_in_len, i;
     /* TLS additional data is 13 bytes (hence the "lucky 13" name) */
@@ -36,7 +31,6 @@ void ssl_cf_hmac(int hash)
 
     USE_PSA_INIT();
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     alg = PSA_ALG_HMAC(mbedtls_md_psa_alg_from_type(hash));
 
     out_len = PSA_HASH_LENGTH(alg);
@@ -47,36 +41,15 @@ void ssl_cf_hmac(int hash)
                             PSA_KEY_USAGE_VERIFY_HASH);
     psa_set_key_algorithm(&attributes, PSA_ALG_HMAC(alg));
     psa_set_key_type(&attributes, PSA_KEY_TYPE_HMAC);
-#else
-    mbedtls_md_init(&ctx);
-    mbedtls_md_init(&ref_ctx);
-
-    md_info = mbedtls_md_info_from_type(hash);
-    TEST_ASSERT(md_info != NULL);
-    out_len = mbedtls_md_get_size(md_info);
-    TEST_ASSERT(out_len != 0);
-    block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* Use allocated out buffer to catch overwrites */
     TEST_CALLOC(out, out_len);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     /* Set up dummy key */
     memset(ref_out, 42, sizeof(ref_out));
     TEST_EQUAL(PSA_SUCCESS, psa_import_key(&attributes,
                                            ref_out, out_len,
                                            &key));
-#else
-    /* Set up contexts with the given hash and a dummy key */
-    TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
-    TEST_EQUAL(0, mbedtls_md_setup(&ref_ctx, md_info, 1));
-    memset(ref_out, 42, sizeof(ref_out));
-    TEST_EQUAL(0, mbedtls_md_hmac_starts(&ctx, ref_out, out_len));
-    TEST_EQUAL(0, mbedtls_md_hmac_starts(&ref_ctx, ref_out, out_len));
-    memset(ref_out, 0, sizeof(ref_out));
-#endif
-
     /*
      * Test all possible lengths up to a point. The difference between
      * max_in_len and min_in_len is at most 255, and make sure they both vary
@@ -101,22 +74,14 @@ void ssl_cf_hmac(int hash)
 
             /* Get the function's result */
             TEST_CF_SECRET(&in_len, sizeof(in_len));
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
             TEST_EQUAL(0, mbedtls_ct_hmac(key, PSA_ALG_HMAC(alg),
                                           add_data, sizeof(add_data),
                                           data, in_len,
                                           min_in_len, max_in_len,
                                           out));
-#else
-            TEST_EQUAL(0, mbedtls_ct_hmac(&ctx, add_data, sizeof(add_data),
-                                          data, in_len,
-                                          min_in_len, max_in_len,
-                                          out));
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
             TEST_CF_PUBLIC(&in_len, sizeof(in_len));
             TEST_CF_PUBLIC(out, out_len);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
             TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_setup(&operation,
                                                          key, alg));
             TEST_EQUAL(PSA_SUCCESS, psa_mac_update(&operation, add_data,
@@ -125,17 +90,6 @@ void ssl_cf_hmac(int hash)
                                                    data, in_len));
             TEST_EQUAL(PSA_SUCCESS, psa_mac_verify_finish(&operation,
                                                           out, out_len));
-#else
-            /* Compute the reference result */
-            TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, add_data,
-                                                 sizeof(add_data)));
-            TEST_EQUAL(0, mbedtls_md_hmac_update(&ref_ctx, data, in_len));
-            TEST_EQUAL(0, mbedtls_md_hmac_finish(&ref_ctx, ref_out));
-            TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx));
-
-            /* Compare */
-            TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
         }
 
         mbedtls_free(data);
@@ -143,13 +97,8 @@ void ssl_cf_hmac(int hash)
     }
 
 exit:
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_mac_abort(&operation);
     psa_destroy_key(key);
-#else
-    mbedtls_md_free(&ref_ctx);
-    mbedtls_md_free(&ctx);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     mbedtls_free(data);
     mbedtls_free(out);
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 378c5339fe..ec62c2cb2e 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -440,23 +440,23 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_R
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 
 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 
 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 
 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
@@ -464,19 +464,19 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
 
 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
 
 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
 
 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
@@ -484,15 +484,15 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDIN
 handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
 
 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
 
 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
@@ -500,19 +500,19 @@ depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_P
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
 Sending app data via TLS, MFL=512 without fragmentation
@@ -3236,7 +3236,7 @@ depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 ssl_ecjpake_set_password:0
 
 EC-JPAKE set opaque password
-depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 ssl_ecjpake_set_password:1
 
 Test Elliptic curves' info parsing
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 918edd5aca..c70080317c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3422,7 +3422,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 void test_multiple_psks_opaque(int mode)
 {
     /*
@@ -3768,7 +3768,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
 void raw_key_agreement_fail(int bad_server_ecdhe_key)
 {
     enum { BUFFSIZE = 17000 };
@@ -3941,11 +3941,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
 {
     mbedtls_ssl_context ssl;
     mbedtls_ssl_config conf;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t pwd_slot = MBEDTLS_SVC_KEY_ID_INIT;
-#else   /* MBEDTLS_USE_PSA_CRYPTO */
-    (void) use_opaque_arg;
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
     unsigned char pwd_string[sizeof(ECJPAKE_TEST_PWD)] = "";
     size_t pwd_len = 0;
     int ret;
@@ -3971,7 +3967,6 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
     pwd_len = strlen(ECJPAKE_TEST_PWD);
     memcpy(pwd_string, ECJPAKE_TEST_PWD, pwd_len);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (use_opaque_arg) {
         psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
         psa_key_attributes_t check_attributes = PSA_KEY_ATTRIBUTES_INIT;
@@ -3998,16 +3993,13 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
         PSA_ASSERT(psa_import_key(&attributes, pwd_string,
                                   pwd_len, &pwd_slot));
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
 
     /* final check which should work without errors */
     ECJPAKE_TEST_SET_PASSWORD(0);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (use_opaque_arg) {
         psa_destroy_key(pwd_slot);
     }
-#endif  /* MBEDTLS_USE_PSA_CRYPTO */
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
 
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index c2a7f30fd9..14e7afa740 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -900,7 +900,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_
 x509_verify:"../framework/data_files/server9-defaults.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #68 (RSASSA-PSS, wrong salt_len, USE_PSA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_SHA_1
 x509_verify:"../framework/data_files/server9-bad-saltlen.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #70 (v1 trusted CA)
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 3860076d2c..4d57a8fb69 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -123,23 +123,23 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:0:-1:"../framework/data_files/server1.ca_noauthid.crt":1:1:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Opaque
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.crt":2:0:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Opaque, key_usage
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:"NULL":0:0:1:-1:"../framework/data_files/server1.key_usage.crt":2:0:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Opaque, ns_cert_type
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"../framework/data_files/server1.cert_type.crt":2:0:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Opaque, version 1
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:MBEDTLS_X509_CRT_VERSION_1:"../framework/data_files/server1.v1.crt":2:0:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Opaque, CA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_MD5
 x509_crt_check:"../framework/data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca_unenc.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:"NULL":0:0:1:-1:"../framework/data_files/server1.ca.crt":2:1:"../framework/data_files/test-ca.crt":0
 
 Certificate write check Server1 SHA1, Full length serial
@@ -159,7 +159,7 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINIST
 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"../framework/data_files/server5.crt":0:0:"../framework/data_files/test-ca2.crt":0
 
 Certificate write check Server5 ECDSA, Opaque
-depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_USE_PSA_CRYPTO
+depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ALG_DETERMINISTIC_ECDSA:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ECC_SECP_R1_256
 x509_crt_check:"../framework/data_files/server5.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"../framework/data_files/test-ca2.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=Polarssl Test EC CA":"01":"20190210144406":"20290210144406":MBEDTLS_MD_SHA256:0:0:"NULL":0:0:1:-1:"":2:0:"../framework/data_files/test-ca2.crt":0
 
 Certificate write check Server1 SHA1, SubjectAltNames
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index e0aad90a04..f42349cb5b 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -15,8 +15,7 @@
 #endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
 #include "mbedtls/psa_util.h"
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO) && \
-    defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
+#if defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
 static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
 {
     unsigned char hash[PSA_HASH_MAX_SIZE];
@@ -53,7 +52,7 @@ cleanup:
     mbedtls_x509_csr_free(&csr);
     return ret;
 }
-#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
+#endif /* MBEDTLS_PEM_WRITE_C && MBEDTLS_X509_CSR_WRITE_C */
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 
@@ -131,11 +130,6 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
     mbedtls_x509write_csr req;
     unsigned char buf[4096];
     int ret;
-#if !defined(MBEDTLS_USE_PSA_CRYPTO)
-    unsigned char check_buf[4000];
-    FILE *f;
-    size_t olen = 0;
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
     size_t pem_len = 0, buf_index;
     int der_len = -1;
     const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
@@ -215,20 +209,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
         TEST_ASSERT(buf[buf_index] == 0);
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
     (void) cert_req_check_file;
     buf[pem_len] = '\0';
     TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
-#else
-    f = fopen(cert_req_check_file, "r");
-    TEST_ASSERT(f != NULL);
-    olen = fread(check_buf, 1, sizeof(check_buf), f);
-    fclose(f);
-
-    TEST_ASSERT(olen >= pem_len - 1);
-    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
     TEST_ASSERT(der_len >= 0);
@@ -237,14 +221,10 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
         goto exit;
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     // When using PSA crypto, RNG isn't controllable, result length isn't
     // deterministic over multiple runs, removing a single byte isn't enough to
     // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
     der_len /= 2;
-#else
-    der_len -= 1;
-#endif
     ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
     TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
 
@@ -256,7 +236,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C:MBEDTLS_USE_PSA_CRYPTO */
+/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
 void x509_csr_check_opaque(char *key_file, int md_type, int key_usage,
                            int cert_type)
 {
@@ -342,10 +322,8 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
     int der_len = -1;
     FILE *f;
     mbedtls_test_rnd_pseudo_info rnd_info;
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
-#endif
     mbedtls_pk_type_t issuer_key_type;
     mbedtls_x509_san_list san_ip;
     mbedtls_x509_san_list san_dns;
@@ -409,7 +387,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
 
     issuer_key_type = mbedtls_pk_get_type(&issuer_key);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     /* Turn the issuer PK context into an opaque one. */
     if (pk_wrap == 2) {
         TEST_EQUAL(mbedtls_pk_get_psa_attributes(&issuer_key, PSA_KEY_USAGE_SIGN_HASH,
@@ -419,7 +396,6 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
         mbedtls_pk_init(&issuer_key);
         TEST_EQUAL(mbedtls_pk_wrap_psa(&issuer_key, key_id), 0);
     }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
 
     if (pk_wrap == 2) {
         TEST_ASSERT(mbedtls_pk_get_type(&issuer_key) == MBEDTLS_PK_OPAQUE);
@@ -570,14 +546,12 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
         TEST_ASSERT(p < end);
     }
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     // When using PSA crypto, RNG isn't controllable, result length isn't
     // deterministic over multiple runs, removing a single byte isn't enough to
     // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
     if (issuer_key_type != MBEDTLS_PK_RSA) {
         der_len /= 2;
     } else
-#endif
     der_len -= 1;
 
     ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
@@ -592,9 +566,7 @@ exit:
 #if defined(MBEDTLS_TEST_DEPRECATED) && defined(MBEDTLS_BIGNUM_C)
     mbedtls_mpi_free(&serial_mpi);
 #endif
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_destroy_key(key_id);
-#endif
     MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */

From a4915abc5628bd498dbe64272c9895141b9ef817 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 9 Jun 2025 13:30:39 +0100
Subject: [PATCH 033/216] fix code style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_client2.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 8c0453d6e3..1ce4e46b1c 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -1123,8 +1123,7 @@ usage:
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
-        }
-        else if (strcmp(p, "psk_opaque") == 0) {
+        } else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         }
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -1136,11 +1135,9 @@ usage:
             opt.psk_identity = q;
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
-        }
-        else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
+        } else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
-        }
-        else if (strcmp(p, "ec_max_ops") == 0) {
+        } else if (strcmp(p, "ec_max_ops") == 0) {
             opt.ec_max_ops = atoi(q);
         } else if (strcmp(p, "force_ciphersuite") == 0) {
             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
@@ -2082,8 +2079,7 @@ usage:
                 goto exit;
             }
             mbedtls_printf("using opaque password\n");
-        } else
-        {
+        } else {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
                                                            strlen(opt.ecjpake_pw))) != 0) {

From 98ecfdb440aeccb714014a89286401bb08c88ea5 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 10 Jun 2025 07:47:13 +0100
Subject: [PATCH 034/216] corrected code style

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_server2.c                 | 14 ++++++--------
 tests/suites/test_suite_x509write.function |  5 +++--
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index e463c63046..28623bfc84 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1035,8 +1035,9 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
             memcmp(name, cur->name, name_len) == 0) {
             if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(cur->slot) != 0) {
                 return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
-            } else
-            return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
+            } else {
+                return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
+	    }
         }
 
         cur = cur->next;
@@ -1936,8 +1937,7 @@ usage:
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
         else if (strcmp(p, "psk") == 0) {
             opt.psk = q;
-        }
-        else if (strcmp(p, "psk_opaque") == 0) {
+        } else if (strcmp(p, "psk_opaque") == 0) {
             opt.psk_opaque = atoi(q);
         } else if (strcmp(p, "psk_list_opaque") == 0) {
             opt.psk_list_opaque = atoi(q);
@@ -1953,8 +1953,7 @@ usage:
             opt.psk_list = q;
         } else if (strcmp(p, "ecjpake_pw") == 0) {
             opt.ecjpake_pw = q;
-        }
-        else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
+        } else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
         }
         else if (strcmp(p, "force_ciphersuite") == 0) {
@@ -3358,8 +3357,7 @@ reset:
                 goto exit;
             }
             mbedtls_printf("using opaque password\n");
-        } else
-        {
+        } else {
             if ((ret = mbedtls_ssl_set_hs_ecjpake_password(&ssl,
                                                            (const unsigned char *) opt.ecjpake_pw,
                                                            strlen(opt.ecjpake_pw))) != 0) {
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index f42349cb5b..03746b4047 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -551,8 +551,9 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
     // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
     if (issuer_key_type != MBEDTLS_PK_RSA) {
         der_len /= 2;
-    } else
-    der_len -= 1;
+    } else {
+        der_len -= 1;
+    }
 
     ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
     TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);

From cdc191b50052db6d0aaa98e8c823240a7dafe53c Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 10 Jun 2025 14:52:38 +0100
Subject: [PATCH 035/216] Correct code style

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_server2.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 28623bfc84..c5f22c4116 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1037,7 +1037,7 @@ static int psk_callback(void *p_info, mbedtls_ssl_context *ssl,
                 return mbedtls_ssl_set_hs_psk_opaque(ssl, cur->slot);
             } else {
                 return mbedtls_ssl_set_hs_psk(ssl, cur->key, cur->key_len);
-	    }
+            }
         }
 
         cur = cur->next;
@@ -1955,8 +1955,7 @@ usage:
             opt.ecjpake_pw = q;
         } else if (strcmp(p, "ecjpake_pw_opaque") == 0) {
             opt.ecjpake_pw_opaque = atoi(q);
-        }
-        else if (strcmp(p, "force_ciphersuite") == 0) {
+        } else if (strcmp(p, "force_ciphersuite") == 0) {
             opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(q);
 
             if (opt.force_ciphersuite[0] == 0) {

From 39a68bf3472dce1c101bdd6ec5c9b424ea27a609 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 15 Jul 2025 13:34:55 +0100
Subject: [PATCH 036/216] removed additional references to USE_PSA in tests and
 comments

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 .../components-configuration-crypto.sh        | 21 ++++----
 tests/ssl-opt.sh                              | 52 +++++++------------
 2 files changed, 30 insertions(+), 43 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index da776e70b8..c78e53244d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () {
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+    msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
     make test
 }
 
@@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () {
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
+    msg "test: Full minus CTR_DRBG- main suites"
     make test
 
     # In this configuration, the TLS test programs use HMAC_DRBG.
     # The SSL tests are slow, so run a small subset, just enough to get
     # confidence that the SSL code copes with HMAC_DRBG.
-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
+    msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)"
     tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
 
-    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
+    msg "test: Full minus CTR_DRBG - compat.sh (subset)"
     tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
 }
 
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
+    msg "test: Full minus HMAC_DRBG - main suites"
     make test
 
     # Normally our ECDSA implementation uses deterministic ECDSA. But since
@@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () {
     # instead.
     # Test SSL with non-deterministic ECDSA. Only test features that
     # might be affected by how ECDSA signature is performed.
-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
+    msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)"
     tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
 
     # To save time, only test one protocol version, since this part of
     # the protocol is identical in (D)TLS up to 1.2.
-    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
+    msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)"
     tests/compat.sh -m tls12 -t 'ECDSA'
 }
 
@@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () {
 }
 
 component_test_psa_external_rng_use_psa_crypto () {
-    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
     make test
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG"
     tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
@@ -342,7 +342,6 @@ component_test_full_no_ccm () {
     msg "build: full no PSA_WANT_ALG_CCM"
 
     # Full config enables:
-    # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
     # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
     scripts/config.py full
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 36bde20bfc..201a788385 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9443,15 +9443,10 @@ run_test    "EC restart: TLS, max_ops=65535" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
-# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
-# cases.
-
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000" \
             "$P_SRV groups=secp256r1 auth_mode=required" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9462,11 +9457,9 @@ run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
             -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# With USE_PSA enabled we expect only partial restartable behaviour:
-# everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000" \
             "$P_SRV groups=secp256r1 auth_mode=required" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9477,8 +9470,7 @@ run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# This works the same with & without USE_PSA as we never get to ECDH:
-# we abort as soon as we determined the cert is bad.
+# We abort as soon as we determined the cert is bad.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000, badsign" \
@@ -9497,11 +9489,10 @@ run_test    "EC restart: TLS, max_ops=1000, badsign" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "X509 - Certificate verification failed"
 
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9517,11 +9508,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9537,11 +9528,10 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9557,11 +9547,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)"
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9577,11 +9567,10 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
+run_test    "EC restart: DTLS, max_ops=1000" \
             "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9592,11 +9581,11 @@ run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
             -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: DTLS, max_ops=1000" \
             "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9607,11 +9596,10 @@ run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
+run_test    "EC restart: TLS, max_ops=1000 no client auth" \
             "$P_SRV groups=secp256r1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              debug_level=1 ec_max_ops=1000" \
@@ -9622,11 +9610,11 @@ run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
 
-# With USE_PSA enabled we expect only partial restartable behaviour:
+# We expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-run_test    "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
+requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+run_test    "EC restart: TLS, max_ops=1000 no client auth" \
             "$P_SRV groups=secp256r1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              debug_level=1 ec_max_ops=1000" \

From 07687266b9f33d66b36885784cb9130e0ddb59ab Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 08:03:43 +0100
Subject: [PATCH 037/216] restoring test comment that refer to USE_PSA

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 .../components-configuration-crypto.sh        | 21 +++++-----
 tests/ssl-opt.sh                              | 42 ++++++++++++-------
 2 files changed, 38 insertions(+), 25 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index c78e53244d..da776e70b8 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -16,7 +16,7 @@ component_test_psa_crypto_key_id_encodes_owner () {
     CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full config - PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
+    msg "test: full config - USE_PSA_CRYPTO + PSA_CRYPTO_KEY_ID_ENCODES_OWNER, cmake, gcc, ASan"
     make test
 }
 
@@ -188,16 +188,16 @@ component_test_no_ctr_drbg_use_psa () {
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: Full minus CTR_DRBG- main suites"
+    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - main suites"
     make test
 
     # In this configuration, the TLS test programs use HMAC_DRBG.
     # The SSL tests are slow, so run a small subset, just enough to get
     # confidence that the SSL code copes with HMAC_DRBG.
-    msg "test: Full minus CTR_DRBG - ssl-opt.sh (subset)"
+    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
     tests/ssl-opt.sh -f 'Default\|SSL async private.*delay=\|tickets enabled on server'
 
-    msg "test: Full minus CTR_DRBG - compat.sh (subset)"
+    msg "test: Full minus CTR_DRBG, USE_PSA_CRYPTO - compat.sh (subset)"
     tests/compat.sh -m tls12 -t 'ECDSA PSK' -V NO -p OpenSSL
 }
 
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: Full minus HMAC_DRBG - main suites"
+    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - main suites"
     make test
 
     # Normally our ECDSA implementation uses deterministic ECDSA. But since
@@ -218,12 +218,12 @@ component_test_no_hmac_drbg_use_psa () {
     # instead.
     # Test SSL with non-deterministic ECDSA. Only test features that
     # might be affected by how ECDSA signature is performed.
-    msg "test: Full minus HMAC_DRBG - ssl-opt.sh (subset)"
+    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - ssl-opt.sh (subset)"
     tests/ssl-opt.sh -f 'Default\|SSL async private: sign'
 
     # To save time, only test one protocol version, since this part of
     # the protocol is identical in (D)TLS up to 1.2.
-    msg "test: Full minus HMAC_DRBG - compat.sh (ECDSA)"
+    msg "test: Full minus HMAC_DRBG, USE_PSA_CRYPTO - compat.sh (ECDSA)"
     tests/compat.sh -m tls12 -t 'ECDSA'
 }
 
@@ -247,16 +247,16 @@ component_test_psa_external_rng_no_drbg_use_psa () {
 }
 
 component_test_psa_external_rng_use_psa_crypto () {
-    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
+    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG  minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
     make test
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
     tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
@@ -342,6 +342,7 @@ component_test_full_no_ccm () {
     msg "build: full no PSA_WANT_ALG_CCM"
 
     # Full config enables:
+    # - USE_PSA_CRYPTO so that TLS code dispatches cipher/AEAD to PSA
     # - CRYPTO_CONFIG so that PSA_WANT config symbols are evaluated
     scripts/config.py full
 
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 201a788385..0cf9e23cc4 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9443,10 +9443,15 @@ run_test    "EC restart: TLS, max_ops=65535" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
+# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
+# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
+# cases.
+
+# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000" \
+run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9457,9 +9462,11 @@ run_test    "EC restart: TLS, max_ops=1000" \
             -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
+# With USE_PSA enabled we expect only partial restartable behaviour:
+# everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test    "EC restart: TLS, max_ops=1000" \
+run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9470,7 +9477,8 @@ run_test    "EC restart: TLS, max_ops=1000" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# We abort as soon as we determined the cert is bad.
+# This works the same with & without USE_PSA as we never get to ECDH:
+# we abort as soon as we determined the cert is bad.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000, badsign" \
@@ -9489,10 +9497,11 @@ run_test    "EC restart: TLS, max_ops=1000, badsign" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "X509 - Certificate verification failed"
 
+# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9508,11 +9517,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# We expect only partial restartable behaviour:
+# With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9528,10 +9537,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
+# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9547,11 +9557,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# We expect only partial restartable behaviour:
+# With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
+run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -9567,10 +9577,11 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
+# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: DTLS, max_ops=1000" \
+run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9581,11 +9592,11 @@ run_test    "EC restart: DTLS, max_ops=1000" \
             -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
-# We expect only partial restartable behaviour:
+# With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test    "EC restart: DTLS, max_ops=1000" \
+run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt  \
@@ -9596,10 +9607,11 @@ run_test    "EC restart: DTLS, max_ops=1000" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)"
 
+# With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 skip_next_test
-run_test    "EC restart: TLS, max_ops=1000 no client auth" \
+run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
             "$P_SRV groups=secp256r1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              debug_level=1 ec_max_ops=1000" \
@@ -9610,11 +9622,11 @@ run_test    "EC restart: TLS, max_ops=1000 no client auth" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
 
-# We expect only partial restartable behaviour:
+# With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
-run_test    "EC restart: TLS, max_ops=1000 no client auth" \
+run_test    "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
             "$P_SRV groups=secp256r1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
              debug_level=1 ec_max_ops=1000" \

From 6164e92d3b93b3544dd42ecf0dc447c0c268e4af Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 08:06:28 +0100
Subject: [PATCH 038/216] Restore comment in ssl-opt.sh as it is still relevent

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0cf9e23cc4..ef78ef0cdc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9443,6 +9443,15 @@ run_test    "EC restart: TLS, max_ops=65535" \
             -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)"
 
+# The following test cases for restartable ECDH come in two variants:
+# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
+#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests
+#   the partial implementation where ECDH in TLS is not actually restartable.
+# * The "(no USE_PSA)" variant expects the desired behavior. These test
+#   cases cannot currently pass because the implementation of restartable ECC
+#   in TLS is partial: ECDH is not actually restartable. This is the behavior
+#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled.
+#
 # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
 # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
 # cases.

From 8519c3e0bae71a7563f963203b5a7bda7aee64aa Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 08:11:37 +0100
Subject: [PATCH 039/216] corrected copy paste error for MBEDTLS_USE_PSA_CRYPTO
 enabled/disabled

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index ef78ef0cdc..d38e578de1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9445,12 +9445,12 @@ run_test    "EC restart: TLS, max_ops=65535" \
 
 # The following test cases for restartable ECDH come in two variants:
 # * The "(USE_PSA)" variant expects the current behavior, which is the behavior
-#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled. This tests
+#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests
 #   the partial implementation where ECDH in TLS is not actually restartable.
 # * The "(no USE_PSA)" variant expects the desired behavior. These test
 #   cases cannot currently pass because the implementation of restartable ECC
 #   in TLS is partial: ECDH is not actually restartable. This is the behavior
-#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled.
+#   from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled.
 #
 # As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
 # we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test

From a750e1be5fde58ab6ec0b2ad7b4b1f0933ac8f65 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 22 Jul 2025 14:27:47 +0100
Subject: [PATCH 040/216] Minor comment updates

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/fuzz/fuzz_server.c  |  2 +-
 programs/fuzz/fuzz_x509crl.c |  2 +-
 programs/ssl/ssl_test_lib.h  | 15 ---------------
 3 files changed, 2 insertions(+), 17 deletions(-)

diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 40fd9caa0f..03e33b7080 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -199,7 +199,7 @@ exit:
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_free(&srvcert);
     mbedtls_pk_free(&pkey);
-#endif /* (MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) */
+#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();
 #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index ae0f85282b..af50e25f13 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     if (ret == 0) {
         ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
     }
-#else /* MBEDTLS_X509_REMOVE_INFO */
+#else /* !MBEDTLS_X509_REMOVE_INFO */
     ((void) ret);
     ((void) buf);
 #endif /* !MBEDTLS_X509_REMOVE_INFO */
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index fbb0efff84..20dbe61dfe 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -104,22 +104,7 @@ void my_debug(void *ctx, int level,
 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
 #endif
 
-#if !defined(MBEDTLS_TEST_USE_PSA_CRYPTO_RNG)
-/* If MBEDTLS_TEST_USE_PSA_CRYPTO_RNG is defined, the SSL test programs will use
- * mbedtls_psa_get_random() rather than entropy+DRBG as a random generator.
- *
- * The constraints are:
- * - Without the entropy module, the PSA RNG is the only option.
- * - Without at least one of the DRBG modules, the PSA RNG is the only option.
- * - The PSA RNG does not support explicit seeding, so it is incompatible with
- *   the reproducible mode used by test programs.
- * - For good overall test coverage, there should be at least one configuration
- *   where the test programs use the PSA RNG while the PSA RNG is itself based
- *   on entropy+DRBG, and at least one configuration where the test programs
- *   do not use the PSA RNG even though it's there.
- */
 #define MBEDTLS_TEST_USE_PSA_CRYPTO_RNG
-#endif
 
 /** A context for random number generation (RNG).
  */

From d5b655ab2141e49dfa7bbe9a1d9bffad91420674 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 22 Jul 2025 14:47:28 +0100
Subject: [PATCH 041/216] Re-add missing and

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/fuzz/fuzz_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 03e33b7080..9a5b80db77 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -199,7 +199,7 @@ exit:
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_x509_crt_free(&srvcert);
     mbedtls_pk_free(&pkey);
-#endif /* MBEDTLS_X509_CRT_PARSE_C MBEDTLS_PEM_PARSE_C */
+#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_PEM_PARSE_C */
     mbedtls_ssl_free(&ssl);
     mbedtls_psa_crypto_free();
 #else /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

From 44703e4cc206fae78b92d95742a3ab3e43e1c576 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 09:15:14 +0100
Subject: [PATCH 042/216] Update comment format

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/fuzz/fuzz_server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 9a5b80db77..3a5e502fe5 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -192,7 +192,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
 exit:
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
     mbedtls_ssl_ticket_free(&ticket_ctx);
-#endif /* (MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) */
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_TICKET_C */
     mbedtls_entropy_free(&entropy);
     mbedtls_ctr_drbg_free(&ctr_drbg);
     mbedtls_ssl_config_free(&conf);

From 1e2e2ea36df143b324d06dd340f7d7c067d327e4 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 29 Jul 2025 13:19:27 +0100
Subject: [PATCH 043/216] Added back crypto treatment of certs as the keyfile
 is now passed in and the previous rng issue should no longer be relevent

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/suites/test_suite_x509write.function | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 03746b4047..edcc14d3f1 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -130,6 +130,9 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
     mbedtls_x509write_csr req;
     unsigned char buf[4096];
     int ret;
+    unsigned char check_buf[4000];
+    FILE *f;
+    size_t olen = 0;
     size_t pem_len = 0, buf_index;
     int der_len = -1;
     const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
@@ -209,10 +212,14 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
         TEST_ASSERT(buf[buf_index] == 0);
     }
 
-    // When using PSA crypto, RNG isn't controllable, so cert_req_check_file can't be used
-    (void) cert_req_check_file;
-    buf[pem_len] = '\0';
-    TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
+    f = fopen(cert_req_check_file, "r"); //open the file
+    TEST_ASSERT(f != NULL); //check the file has been opened.
+    olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file
+    fclose(f); // close the file
+
+    TEST_ASSERT(olen >= pem_len - 1); 
+    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); 
+
 
     der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));
     TEST_ASSERT(der_len >= 0);
@@ -221,10 +228,7 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
         goto exit;
     }
 
-    // When using PSA crypto, RNG isn't controllable, result length isn't
-    // deterministic over multiple runs, removing a single byte isn't enough to
-    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
-    der_len /= 2;
+    der_len -= 1;
     ret = mbedtls_x509write_csr_der(&req, buf, (size_t) (der_len));
     TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);
 

From dbea0a9cc541199bfd6f21cd6ad2d97c1142d959 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 29 Jul 2025 13:27:39 +0100
Subject: [PATCH 044/216] Remove  additional unused no rng case

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/suites/test_suite_x509write.function | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index edcc14d3f1..89de9599ab 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -550,14 +550,7 @@ void x509_crt_check(char *subject_key_file, char *subject_pwd,
         TEST_ASSERT(p < end);
     }
 
-    // When using PSA crypto, RNG isn't controllable, result length isn't
-    // deterministic over multiple runs, removing a single byte isn't enough to
-    // go into the MBEDTLS_ERR_ASN1_BUF_TOO_SMALL error case
-    if (issuer_key_type != MBEDTLS_PK_RSA) {
-        der_len /= 2;
-    } else {
-        der_len -= 1;
-    }
+    der_len -= 1;
 
     ret = mbedtls_x509write_crt_der(&crt, buf, (size_t) (der_len));
     TEST_ASSERT(ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL);

From 4df61d408d9bc6288e0430f8556e25f27deeefb0 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 29 Jul 2025 15:03:55 +0100
Subject: [PATCH 045/216] fix style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/suites/test_suite_x509write.function | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 89de9599ab..c2ab27b01d 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -217,8 +217,8 @@ void x509_csr_check(char *key_file, char *cert_req_check_file, int md_type,
     olen = fread(check_buf, 1, sizeof(check_buf), f); // read the file
     fclose(f); // close the file
 
-    TEST_ASSERT(olen >= pem_len - 1); 
-    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0); 
+    TEST_ASSERT(olen >= pem_len - 1);
+    TEST_ASSERT(memcmp(buf, check_buf, pem_len - 1) == 0);
 
 
     der_len = mbedtls_x509write_csr_der(&req, buf, sizeof(buf));

From c454b5b658092327cb97debd37023f7ea182d300 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 30 Jul 2025 07:54:31 +0100
Subject: [PATCH 046/216] Fix rebase failure

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d38e578de1..60b970aefb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -9474,7 +9474,7 @@ run_test    "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000 (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9529,7 +9529,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9569,7 +9569,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)"
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required \
              crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -9604,7 +9604,7 @@ run_test    "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
             "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@@ -9634,7 +9634,7 @@ run_test    "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
-requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
 run_test    "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
             "$P_SRV groups=secp256r1" \
             "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \

From 72d6030f89a25a66e40313b0a20d2cb3012f59e0 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 19 Mar 2025 14:56:57 +0100
Subject: [PATCH 047/216] Combine psa_pake_set_password_key and psa_pake_setup
 into a single function

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 051fce36e3..dee80292e2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1827,7 +1827,7 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
                                                  256));
     psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
 
-    status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, &cipher_suite);
+    status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite);
     if (status != PSA_SUCCESS) {
         return status;
     }
@@ -1854,11 +1854,6 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
         return status;
     }
 
-    status = psa_pake_set_password_key(&ssl->handshake->psa_pake_ctx, pwd);
-    if (status != PSA_SUCCESS) {
-        return status;
-    }
-
     ssl->handshake->psa_pake_ctx_is_ok = 1;
 
     return PSA_SUCCESS;

From 23189f41cb79f21feb86f3d5a8b5cca5ddbc2cf8 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 19 Mar 2025 14:57:27 +0100
Subject: [PATCH 048/216] Updated the tf-psa-crypto git link

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 5df033ee3c..fc1dca6195 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54
+Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2

From 4a43804d690979cf34f1289f53ff1098b5c4e6c4 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 11 Jul 2025 09:47:39 +0100
Subject: [PATCH 049/216] Remove deprecated items

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/config_adjust_ssl.h |  1 -
 include/mbedtls/mbedtls_config.h    | 22 ----------------------
 include/mbedtls/ssl.h               | 12 ------------
 library/mbedtls_check_config.h      | 13 -------------
 library/ssl_msg.c                   | 12 ++++--------
 library/ssl_tls.c                   | 12 ------------
 tests/configs/tls13-only.h          |  1 -
 7 files changed, 4 insertions(+), 69 deletions(-)

diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/config_adjust_ssl.h
index 2221e5b2e7..36641e18b6 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/config_adjust_ssl.h
@@ -51,7 +51,6 @@
 #if !defined(MBEDTLS_SSL_PROTO_DTLS)
 #undef MBEDTLS_SSL_DTLS_ANTI_REPLAY
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
 #undef MBEDTLS_SSL_DTLS_HELLO_VERIFY
 #undef MBEDTLS_SSL_DTLS_SRTP
 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index d18d0fadb8..827b96165f 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -533,28 +533,6 @@
  */
 #define MBEDTLS_SSL_DTLS_CONNECTION_ID
 
-/**
- * \def MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
- *
- * Defines whether RFC 9146 (default) or the legacy version
- * (version draft-ietf-tls-dtls-connection-id-05,
- * https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05)
- * is used.
- *
- * Set the value to 0 for the standard version, and
- * 1 for the legacy draft version.
- *
- * \deprecated Support for the legacy version of the DTLS
- *             Connection ID feature is deprecated. Please
- *             switch to the standardized version defined
- *             in RFC 9146 enabled by utilizing
- *             MBEDTLS_SSL_DTLS_CONNECTION_ID without use
- *             of MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT.
- *
- * Requires: MBEDTLS_SSL_DTLS_CONNECTION_ID
- */
-#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
-
 /**
  * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
  *
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7ea0174612..4bfe4af02c 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -470,14 +470,6 @@
 
 /** \} name SECTION: Module settings */
 
-/*
- * Default to standard CID mode
- */
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)
-#define MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 0
-#endif
-
 /*
  * Length of the verify data for secure renegotiation
  */
@@ -649,11 +641,7 @@
 #define MBEDTLS_TLS_EXT_SIG_ALG_CERT                50 /* RFC 8446 TLS 1.3 */
 #define MBEDTLS_TLS_EXT_KEY_SHARE                   51 /* RFC 8446 TLS 1.3 */
 
-#if MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
 #define MBEDTLS_TLS_EXT_CID                         54 /* RFC 9146 DTLS 1.2 CID */
-#else
-#define MBEDTLS_TLS_EXT_CID                        254 /* Pre-RFC 9146 DTLS 1.2 CID */
-#endif
 
 #define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
 
diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h
index 5e5a5b31db..43c2308800 100644
--- a/library/mbedtls_check_config.h
+++ b/library/mbedtls_check_config.h
@@ -238,19 +238,6 @@
 #error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT)     &&                 \
-    !defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT) && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0
-#if defined(MBEDTLS_DEPRECATED_REMOVED)
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
-#elif defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is deprecated and will be removed in a future version of Mbed TLS"
-#endif
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT && MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT != 0 */
-
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
 #error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequisites"
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5774bfc865..5eeb154047 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -663,8 +663,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
     unsigned char *cur = add_data;
     size_t ad_len_field = rec->data_len;
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-    MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
     const unsigned char seq_num_placeholder[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 #endif
 
@@ -680,8 +679,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
         ((void) tls_version);
         ((void) taglen);
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-        MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
         if (rec->cid_len != 0) {
             // seq_num_placeholder
             memcpy(cur, seq_num_placeholder, sizeof(seq_num_placeholder));
@@ -711,8 +709,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
     memcpy(cur, rec->ver, sizeof(rec->ver));
     cur += sizeof(rec->ver);
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-    MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 1
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 
     if (rec->cid_len != 0) {
         // CID
@@ -727,8 +724,7 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
         MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
         cur += 2;
     } else
-#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
-    MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT == 0
+#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 
     if (rec->cid_len != 0) {
         // epoch + sequence number
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dee80292e2..ecc9187af2 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2633,18 +2633,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl
 }
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major, int minor)
-{
-    conf->max_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor);
-}
-
-void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major, int minor)
-{
-    conf->min_tls_version = (mbedtls_ssl_protocol_version) ((major << 8) | minor);
-}
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
 #if defined(MBEDTLS_SSL_SRV_C)
 void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
                                        char cert_req_ca_list)
diff --git a/tests/configs/tls13-only.h b/tests/configs/tls13-only.h
index 342bbed91e..8260ef5e12 100644
--- a/tests/configs/tls13-only.h
+++ b/tests/configs/tls13-only.h
@@ -25,4 +25,3 @@
 #undef MBEDTLS_SSL_DTLS_SRTP
 #undef MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE
 #undef MBEDTLS_SSL_DTLS_CONNECTION_ID
-#undef MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

From 889ac064f460a9f1c8c058caeaf9f63549d5a0ba Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 15:03:31 +0100
Subject: [PATCH 050/216] Add ChangeLog for deprecated items

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 ChangeLog.d/remove-deprecated-items.txt

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
new file mode 100644
index 0000000000..b16e7babc5
--- /dev/null
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -0,0 +1,8 @@
+Removals
+   * Remove mbedtls_asn1_free_named_data, it has now been replaced with 
+     mbedtls_asn1_free_named_data_list or 
+     mbedtls_asn1_free_named_data_list_shallow
+   * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the 
+     standard version is supported.
+   * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with 
+     mbedtls_ssl_conf_max/min_tls_version() 

From d2da53fbe67dbd240ecb272d27ddbf6fba593e7d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 15:13:46 +0100
Subject: [PATCH 051/216] Remove further deprecated items

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h | 108 ------------------------------------------
 1 file changed, 108 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 4bfe4af02c..aa850aa123 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -284,15 +284,6 @@
  * Various constants
  */
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/* These are the high and low bytes of ProtocolVersion as defined by:
- * - RFC 5246: ProtocolVersion version = { 3, 3 };     // TLS v1.2
- * - RFC 8446: see section 4.2.1
- */
-#define MBEDTLS_SSL_MAJOR_VERSION_3             3
-#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4             4   /*!< TLS v1.3 */
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 #define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
@@ -1495,9 +1486,6 @@ struct mbedtls_ssl_config {
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    const int *MBEDTLS_PRIVATE(sig_hashes);         /*!< allowed signature hashes           */
-#endif
     const uint16_t *MBEDTLS_PRIVATE(sig_algs);      /*!< allowed signature algorithms       */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
@@ -3721,41 +3709,6 @@ void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
                              const uint16_t *groups);
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
-/**
- * \brief          Set the allowed hashes for signatures during the handshake.
- *
- * \note           This only affects which hashes are offered and can be used
- *                 for signatures during the handshake. Hashes for message
- *                 authentication and the TLS PRF are controlled by the
- *                 ciphersuite, see \c mbedtls_ssl_conf_ciphersuites(). Hashes
- *                 used for certificate signature are controlled by the
- *                 verification profile, see \c mbedtls_ssl_conf_cert_profile().
- *
- * \deprecated     Superseded by mbedtls_ssl_conf_sig_algs().
- *
- * \note           This list should be ordered by decreasing preference
- *                 (preferred hash first).
- *
- * \note           By default, all supported hashes whose length is at least
- *                 256 bits are allowed. This is the same set as the default
- *                 for certificate verification
- *                 (#mbedtls_x509_crt_profile_default).
- *                 The preference order is currently unspecified and may
- *                 change in future versions.
- *
- * \note           New minor versions of Mbed TLS may extend this list,
- *                 for example if new curves are added to the library.
- *                 New minor versions of Mbed TLS will not remove items
- *                 from this list unless serious security concerns require it.
- *
- * \param conf     SSL configuration
- * \param hashes   Ordered list of allowed signature hashes,
- *                 terminated by \c MBEDTLS_MD_NONE.
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
-                                                    const int *hashes);
-#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
 
 /**
  * \brief          Configure allowed signature algorithms for use in TLS
@@ -4102,28 +4055,6 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result(const mbedtls_ssl_context *ssl
                                                   mbedtls_dtls_srtp_info *dtls_srtp_info);
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief          Set the maximum supported version sent from the client side
- *                 and/or accepted at the server side.
- *
- *                 See also the documentation of mbedtls_ssl_conf_min_version().
- *
- * \note           This ignores ciphersuites from higher versions.
- *
- * \note           This function is deprecated and has been replaced by
- *                 \c mbedtls_ssl_conf_max_tls_version().
- *
- * \param conf     SSL configuration
- * \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
- * \param minor    Minor version number
- *                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
- *                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf, int major,
-                                                     int minor);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
 /**
  * \brief          Set the maximum supported version sent from the client side
  *                 and/or accepted at the server side.
@@ -4142,45 +4073,6 @@ static inline void mbedtls_ssl_conf_max_tls_version(mbedtls_ssl_config *conf,
     conf->MBEDTLS_PRIVATE(max_tls_version) = tls_version;
 }
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-/**
- * \brief          Set the minimum accepted SSL/TLS protocol version
- *
- * \note           By default, all supported versions are accepted.
- *                 Future versions of the library may disable older
- *                 protocol versions by default if they become deprecated.
- *
- * \note           The following versions are supported (if enabled at
- *                 compile time):
- *                 - (D)TLS 1.2: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
- *                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_3
- *                 - TLS 1.3: \p major = #MBEDTLS_SSL_MAJOR_VERSION_3,
- *                   \p minor = #MBEDTLS_SSL_MINOR_VERSION_4
- *
- *                 Note that the numbers in the constant names are the
- *                 TLS internal protocol numbers, and the minor versions
- *                 differ by one from the human-readable versions!
- *
- * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
- *                 SSL_MIN_XXXXX_VERSION range is ignored.
- *
- * \note           After the handshake, you can call
- *                 mbedtls_ssl_get_version_number() to see what version was
- *                 negotiated.
- *
- * \note           This function is deprecated and has been replaced by
- *                 \c mbedtls_ssl_conf_min_tls_version().
- *
- * \param conf     SSL configuration
- * \param major    Major version number (#MBEDTLS_SSL_MAJOR_VERSION_3)
- * \param minor    Minor version number
- *                 (#MBEDTLS_SSL_MINOR_VERSION_3 for (D)TLS 1.2,
- *                 #MBEDTLS_SSL_MINOR_VERSION_4 for TLS 1.3)
- */
-void MBEDTLS_DEPRECATED mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf, int major,
-                                                     int minor);
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-
 /**
  * \brief          Set the minimum supported version sent from the client side
  *                 and/or accepted at the server side.

From 7aa4c40b84cc629de2781f601ea3f15ab8bd8947 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 16 Jul 2025 15:14:11 +0100
Subject: [PATCH 052/216] Update ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index b16e7babc5..61400279f6 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -1,8 +1,11 @@
 Removals
-   * Remove mbedtls_asn1_free_named_data, it has now been replaced with 
-     mbedtls_asn1_free_named_data_list or 
-     mbedtls_asn1_free_named_data_list_shallow
    * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the 
      standard version is supported.
    * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with 
      mbedtls_ssl_conf_max/min_tls_version() 
+   * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, 
+     MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4
+   * Remove sig_hashes
+   * Remove mbedtls_ssl_conf_sig_hashes
+   * Remove mbedtls_ssl_conf_max_version
+   * Remove mbedtls_ssl_conf_min_version

From b98aa511285486e9ad4166a6211c99aee737228e Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 17 Jul 2025 13:26:48 +0100
Subject: [PATCH 053/216] correct logic in ssl_msg

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_msg.c | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5eeb154047..731cbc8ece 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -711,21 +711,6 @@ static void ssl_extract_add_data_from_record(unsigned char *add_data,
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 
-    if (rec->cid_len != 0) {
-        // CID
-        memcpy(cur, rec->cid, rec->cid_len);
-        cur += rec->cid_len;
-
-        // cid_length
-        *cur = rec->cid_len;
-        cur++;
-
-        // length of inner plaintext
-        MBEDTLS_PUT_UINT16_BE(ad_len_field, cur, 0);
-        cur += 2;
-    } else
-#elif defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
     if (rec->cid_len != 0) {
         // epoch + sequence number
         memcpy(cur, rec->ctr, sizeof(rec->ctr));

From 01bf8bafcd12592d609ae361cc76966933c61b92 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 17 Jul 2025 13:58:30 +0100
Subject: [PATCH 054/216] removed mbedtls_ssl_conf_sig_hashes and temporarily
 re-add sig_hashes

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h |  3 +++
 library/ssl_tls.c     | 10 ----------
 2 files changed, 3 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index aa850aa123..de8f13bb81 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1486,6 +1486,9 @@ struct mbedtls_ssl_config {
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+    const int *MBEDTLS_PRIVATE(sig_hashes);         /*!< allowed signature hashes           */
+#endif
     const uint16_t *MBEDTLS_PRIVATE(sig_algs);      /*!< allowed signature algorithms       */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index ecc9187af2..3794d388de 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -2420,16 +2420,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
 }
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED) && defined(MBEDTLS_SSL_PROTO_TLS1_2)
-/*
- * Set allowed/preferred hashes for handshake signatures
- */
-void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf,
-                                 const int *hashes)
-{
-    conf->sig_hashes = hashes;
-}
-#endif /* !MBEDTLS_DEPRECATED_REMOVED && MBEDTLS_SSL_PROTO_TLS1_2 */
 
 /* Configure allowed signature algorithms for handshake */
 void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,

From 73de8aa8c621fa3abf6dd14de7f30c2626aca3de Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 10:40:09 +0100
Subject: [PATCH 055/216] Removal of sig_hashes in ssl.h

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h |  4 ---
 library/ssl_tls.c     | 64 -------------------------------------------
 2 files changed, 68 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index de8f13bb81..9cba94e9b3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -1485,10 +1485,6 @@ struct mbedtls_ssl_config {
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    const int *MBEDTLS_PRIVATE(sig_hashes);         /*!< allowed signature hashes           */
-#endif
     const uint16_t *MBEDTLS_PRIVATE(sig_algs);      /*!< allowed signature algorithms       */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 3794d388de..8b5d6a19c9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1069,68 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
-    /* Heap allocate and translate sig_hashes from internal hash identifiers to
-       signature algorithms IANA identifiers.  */
-    if (mbedtls_ssl_conf_is_tls12_only(ssl->conf) &&
-        ssl->conf->sig_hashes != NULL) {
-        const int *md;
-        const int *sig_hashes = ssl->conf->sig_hashes;
-        size_t sig_algs_len = 0;
-        uint16_t *p;
-
-        MBEDTLS_STATIC_ASSERT(MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN
-                              <= (SIZE_MAX - (2 * sizeof(uint16_t))),
-                              "MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN too big");
-
-        for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
-            if (mbedtls_ssl_hash_from_md_alg(*md) == MBEDTLS_SSL_HASH_NONE) {
-                continue;
-            }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
-            sig_algs_len += sizeof(uint16_t);
-#endif
-
-#if defined(MBEDTLS_RSA_C)
-            sig_algs_len += sizeof(uint16_t);
-#endif
-            if (sig_algs_len > MBEDTLS_SSL_MAX_SIG_ALG_LIST_LEN) {
-                return MBEDTLS_ERR_SSL_BAD_CONFIG;
-            }
-        }
-
-        if (sig_algs_len < MBEDTLS_SSL_MIN_SIG_ALG_LIST_LEN) {
-            return MBEDTLS_ERR_SSL_BAD_CONFIG;
-        }
-
-        ssl->handshake->sig_algs = mbedtls_calloc(1, sig_algs_len +
-                                                  sizeof(uint16_t));
-        if (ssl->handshake->sig_algs == NULL) {
-            return MBEDTLS_ERR_SSL_ALLOC_FAILED;
-        }
-
-        p = (uint16_t *) ssl->handshake->sig_algs;
-        for (md = sig_hashes; *md != MBEDTLS_MD_NONE; md++) {
-            unsigned char hash = mbedtls_ssl_hash_from_md_alg(*md);
-            if (hash == MBEDTLS_SSL_HASH_NONE) {
-                continue;
-            }
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ALLOWED_ENABLED)
-            *p = ((hash << 8) | MBEDTLS_SSL_SIG_ECDSA);
-            p++;
-#endif
-#if defined(MBEDTLS_RSA_C)
-            *p = ((hash << 8) | MBEDTLS_SSL_SIG_RSA);
-            p++;
-#endif
-        }
-        *p = MBEDTLS_TLS_SIG_NONE;
-        ssl->handshake->sig_algs_heap_allocated = 1;
-    } else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
-    {
         ssl->handshake->sig_algs_heap_allocated = 0;
-    }
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     return 0;
@@ -2425,9 +2364,6 @@ psa_status_t mbedtls_ssl_cipher_to_psa(mbedtls_cipher_type_t mbedtls_cipher_type
 void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
                                const uint16_t *sig_algs)
 {
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    conf->sig_hashes = NULL;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
     conf->sig_algs = sig_algs;
 }
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */

From dbb15e6d2f0969f2f78e3e566aff431b10e6ff41 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 10:58:33 +0100
Subject: [PATCH 056/216] Reword ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 61400279f6..90df78a4c7 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -1,6 +1,6 @@
 Removals
-   * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT, now only the 
-     standard version is supported.
+   * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the 
+     standard version (defined in RFC 9146) of DTLS connection ID is supported.
    * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with 
      mbedtls_ssl_conf_max/min_tls_version() 
    * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, 

From 9db2e91cfed85f1dce5ad5b99aaeafcf7516e06a Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 1 Aug 2025 10:34:42 +0100
Subject: [PATCH 057/216] Fix style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8b5d6a19c9..39a97325ec 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1069,7 +1069,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-        ssl->handshake->sig_algs_heap_allocated = 0;
+    ssl->handshake->sig_algs_heap_allocated = 0;
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     return 0;

From 4265e91930770933e6338d097ba01a49ef055b45 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 1 Aug 2025 11:03:48 +0100
Subject: [PATCH 058/216] Remove test component_test_dtls_cid_legacy as it is
 no longer required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-tls.sh | 17 -----------------
 1 file changed, 17 deletions(-)

diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index 450bdebab1..c8b2287d71 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -342,23 +342,6 @@ component_test_variable_ssl_in_out_buffer_len () {
     tests/compat.sh
 }
 
-component_test_dtls_cid_legacy () {
-    msg "build: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled (ASan build)"
-    scripts/config.py set MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT 1
-
-    CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
-    make
-
-    msg "test: MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy)"
-    make test
-
-    msg "test: ssl-opt.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
-    tests/ssl-opt.sh
-
-    msg "test: compat.sh, MBEDTLS_SSL_DTLS_CONNECTION_ID (legacy) enabled"
-    tests/compat.sh
-}
-
 component_test_ssl_alloc_buffer_and_mfl () {
     msg "build: default config with memory buffer allocator and MFL extension"
     scripts/config.py set MBEDTLS_MEMORY_BUFFER_ALLOC_C

From 4e7b2543c7f9656494cf78e8f6457cb715144318 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 4 Aug 2025 08:19:45 +0100
Subject: [PATCH 059/216] Remove trailing whitespace

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 90df78a4c7..b0c1cda11d 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -1,9 +1,9 @@
 Removals
-   * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the 
+   * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the
      standard version (defined in RFC 9146) of DTLS connection ID is supported.
-   * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with 
-     mbedtls_ssl_conf_max/min_tls_version() 
-   * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3, 
+   * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with
+     mbedtls_ssl_conf_max/min_tls_version()
+   * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3,
      MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4
    * Remove sig_hashes
    * Remove mbedtls_ssl_conf_sig_hashes

From 27a4cc9de27642cb6cf0b49a6b42bf4edc0f05e7 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 4 Aug 2025 15:13:34 +0100
Subject: [PATCH 060/216] Remove mbedtls_ssl_conf_sig_hashes from comments

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h       | 4 ----
 library/ssl_misc.h          | 4 ----
 programs/fuzz/fuzz_client.c | 2 +-
 tf-psa-crypto               | 2 +-
 4 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9cba94e9b3..5305425e7b 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3364,10 +3364,6 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
 /**
  * \brief          Set the X.509 security profile used for verification
  *
- * \note           The restrictions are enforced for all certificates in the
- *                 chain. However, signatures in the handshake are not covered
- *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
- *
  * \param conf     SSL configuration
  * \param profile  Profile to use
  */
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 72dc9418f2..f045f8d5a3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2310,11 +2310,7 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
 /*
  * Return supported signature algorithms.
  *
- * In future, invocations can be changed to ssl->conf->sig_algs when
- * mbedtls_ssl_conf_sig_hashes() is deleted.
- *
  * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
- * signature algorithm identifiers when mbedtls_ssl_conf_sig_hashes() has been
  * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
  * been more recently invoked.
  *
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 1840570488..0878480ea7 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -137,7 +137,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
     }
 #endif
     //There may be other options to add :
-    // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
+    // mbedtls_ssl_conf_cert_profile
 
     if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
         goto exit;
diff --git a/tf-psa-crypto b/tf-psa-crypto
index fc1dca6195..5df033ee3c 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2
+Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54

From dc1d098de2f4d634a180a7ed064f65c7f58cb0cc Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 07:59:07 +0100
Subject: [PATCH 061/216] Remove reference to sig_hashes from the ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index b0c1cda11d..8818acafe6 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -5,7 +5,6 @@ Removals
      mbedtls_ssl_conf_max/min_tls_version()
    * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3,
      MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4
-   * Remove sig_hashes
    * Remove mbedtls_ssl_conf_sig_hashes
    * Remove mbedtls_ssl_conf_max_version
    * Remove mbedtls_ssl_conf_min_version

From 75b30e8347b49a9f3dc717bf7210147fd2effc1f Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:02:36 +0100
Subject: [PATCH 062/216] Combined references to removed constants in ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 8818acafe6..40584c6aeb 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -3,8 +3,7 @@ Removals
      standard version (defined in RFC 9146) of DTLS connection ID is supported.
    * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with
      mbedtls_ssl_conf_max/min_tls_version()
-   * Remove ssl versions MBEDTLS_SSL_MAJOR_VERSION_3,
-     MBEDTLS_SSL_MINOR_VERSION_3 and MBEDTLS_SSL_MINOR_VERSION_4
+   * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3,
+     MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, 
+     Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version.
    * Remove mbedtls_ssl_conf_sig_hashes
-   * Remove mbedtls_ssl_conf_max_version
-   * Remove mbedtls_ssl_conf_min_version

From 9822bb8d5e387ad98b0e43be304d31834fd1b1ab Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:05:14 +0100
Subject: [PATCH 063/216] Remove duplicate mbedtls_ssl_conf_*version from
 ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 40584c6aeb..0d3faa4816 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -2,8 +2,7 @@ Removals
    * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the
      standard version (defined in RFC 9146) of DTLS connection ID is supported.
    * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with
-     mbedtls_ssl_conf_max/min_tls_version()
-   * Removed the constants MBEDTLS_SSL_MAJOR_VERSION_3,
-     MBEDTLS_SSL_MINOR_VERSION_3 MBEDTLS_SSL_MINOR_VERSION_4, 
-     Remove mbedtls_ssl_conf_max_version and Remove mbedtls_ssl_conf_min_version.
+     mbedtls_ssl_conf_max/min_tls_version() and removed the constants 
+     MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3
+     MBEDTLS_SSL_MINOR_VERSION_4.
    * Remove mbedtls_ssl_conf_sig_hashes

From 304839238a074bab7570b35505fbfebed7e83468 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:09:10 +0100
Subject: [PATCH 064/216] Updated description in the ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 0d3faa4816..63bc2c151c 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -1,8 +1,10 @@
 Removals
    * Remove MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT. Now only the
      standard version (defined in RFC 9146) of DTLS connection ID is supported.
-   * Remove mbedtls_ssl_conf_max/min_version(), this has been replaced with
-     mbedtls_ssl_conf_max/min_tls_version() and removed the constants 
-     MBEDTLS_SSL_MAJOR_VERSION_3, MBEDTLS_SSL_MINOR_VERSION_3
-     MBEDTLS_SSL_MINOR_VERSION_4.
+   * Remove mbedtls_ssl_conf_min_version(), mbedtls_ssl_conf_max_version(), and
+     the associated constants MBEDTLS_SSL_MAJOR_VERSION_x and
+     MBEDTLS_SSL_MINOR_VERSION_y. Use mbedtls_ssl_conf_min_tls_version() and
+     mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead.
+     Note that the new names of the new constants use the TLS protocol versions,
+     unlike the old constants whose names are based on internal encodings.
    * Remove mbedtls_ssl_conf_sig_hashes

From 71fcb1c64b55ac8d78bcf0bcc4c39fbd16a7e9a2 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:11:12 +0100
Subject: [PATCH 065/216] Added more detail to the ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index 63bc2c151c..f0d66eb454 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -7,4 +7,5 @@ Removals
      mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead.
      Note that the new names of the new constants use the TLS protocol versions,
      unlike the old constants whose names are based on internal encodings.
-   * Remove mbedtls_ssl_conf_sig_hashes
+   * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs()
+     instead.

From 543caa7ec4f765241ef85b5157fdfa2d6e2825ae Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:16:12 +0100
Subject: [PATCH 066/216] Re-add note

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 5305425e7b..9cba94e9b3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3364,6 +3364,10 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
 /**
  * \brief          Set the X.509 security profile used for verification
  *
+ * \note           The restrictions are enforced for all certificates in the
+ *                 chain. However, signatures in the handshake are not covered
+ *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+ *
  * \param conf     SSL configuration
  * \param profile  Profile to use
  */

From 9ff2b736365122407cec4953e400f3014b7b0bad Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:17:13 +0100
Subject: [PATCH 067/216] Change referenc funtion to include/mbedtls/ssl.h in
 note

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 9cba94e9b3..623ffd1dae 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -3366,7 +3366,7 @@ int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
  *
  * \note           The restrictions are enforced for all certificates in the
  *                 chain. However, signatures in the handshake are not covered
- *                 by this setting but by \b mbedtls_ssl_conf_sig_hashes().
+ *                 by this setting but by \b mbedtls_ssl_conf_sig_algs().
  *
  * \param conf     SSL configuration
  * \param profile  Profile to use

From 8b5c5b4daa84f0462dcd4faa30fd184267bb6ccb Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:20:32 +0100
Subject: [PATCH 068/216] Remove mbedtls_ssl_sig_hash_set_t as it is no longer
 required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 623ffd1dae..1a8a4ba8c2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -870,7 +870,6 @@ typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
 /* Defined in library/ssl_misc.h */
 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
-typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
 #endif

From 8b914369032185c92661f6a367e5d73b8282205a Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:22:10 +0100
Subject: [PATCH 069/216] Remove paragraph in comments as it is no longer
 required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_misc.h | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index f045f8d5a3..245b1f4af1 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2309,11 +2309,6 @@ static inline int mbedtls_ssl_named_group_is_supported(uint16_t named_group)
 
 /*
  * Return supported signature algorithms.
- *
- * ssl->handshake->sig_algs is either a translation of sig_hashes to IANA TLS
- * used, or a pointer to ssl->conf->sig_algs when mbedtls_ssl_conf_sig_algs() has
- * been more recently invoked.
- *
  */
 static inline const void *mbedtls_ssl_get_sig_algs(
     const mbedtls_ssl_context *ssl)

From 9f54408c318260d5ec580d49cfcddfa71ff1f431 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:28:33 +0100
Subject: [PATCH 070/216] Remove sig_algs_heap_allocated=0 as it is always 0

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 39a97325ec..5f4d31cabc 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1066,12 +1066,6 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
         mbedtls_ssl_set_timer(ssl, 0);
     }
 #endif
-
-#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    ssl->handshake->sig_algs_heap_allocated = 0;
-#endif /* !MBEDTLS_DEPRECATED_REMOVED */
-#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
     return 0;
 }
 

From 37e1ca9efa801356b2dbc981b3aad3c26e717724 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 08:32:12 +0100
Subject: [PATCH 071/216] Update tf-psa-crypto submodule pointer

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 5df033ee3c..fc1dca6195 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 5df033ee3cb9e0c05262bc57b821ca20b9483b54
+Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2

From db92768497b09d1216c161f6cb819914e9133f4d Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 5 Aug 2025 11:22:13 +0200
Subject: [PATCH 072/216] framework: update reference

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index 87dbfb290f..3f2ef1ecf6 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 87dbfb290fa42ca2ccfb403e8c2fa7334fa4f1dd
+Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a

From 70a4a31cb566407a7c308f473472c967c070064a Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 5 Aug 2025 11:22:29 +0200
Subject: [PATCH 073/216] remove secp224[k|r]1 curves

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/ssl.h                      | 2 --
 library/ssl_misc.h                         | 2 --
 library/ssl_tls.c                          | 5 -----
 programs/ssl/ssl_test_lib.c                | 5 -----
 tests/scripts/depends.py                   | 5 +----
 tests/scripts/set_psa_test_dependencies.py | 2 --
 tests/ssl-opt.sh                           | 2 --
 tests/suites/test_suite_ssl.function       | 6 ------
 8 files changed, 1 insertion(+), 28 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7ea0174612..aa1590f41d 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -231,8 +231,6 @@
 #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE               0
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1     0x0012
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1     0x0013
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1     0x0014
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1     0x0015
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1     0x0016
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1     0x0017
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1     0x0018
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 72dc9418f2..66e348c780 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2245,8 +2245,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
            /* Below deprecated curves should be removed with notice to users */
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1 ||
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index dee80292e2..5709ab7c3c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5893,9 +5893,6 @@ static const struct {
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
     { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-    { 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
-#endif
 #if defined(PSA_WANT_ECC_SECP_R1_192)
     { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
 #endif
@@ -5966,8 +5963,6 @@ static const struct {
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index ad3feb65b8..d14ff660bd 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -505,11 +505,6 @@ static const struct {
 #else
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
 #endif
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
-#else
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
-#endif
 #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
 #else
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 679f05af1b..940c661f12 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -263,7 +263,6 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
     'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
-    'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
                                  'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
@@ -482,9 +481,7 @@ class DomainData:
                         if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)}
 
         # Find elliptic curve enabling macros by name.
-        # MBEDTLS_ECP_DP_SECP224K1_ENABLED added to disable it for all curves
-        curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|'
-                                                     r'MBEDTLS_ECP_DP_SECP224K1_ENABLED')
+        curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|')
 
         # Find key exchange enabling macros by name.
         key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 2267311e44..411cf0c2a0 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -28,12 +28,10 @@ CLASSIC_DEPENDENCIES = frozenset([
     'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN',
     'MBEDTLS_CIPHER_PADDING_ZEROS',
     #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
-    #curve#'MBEDTLS_ECP_DP_SECP224R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
-    #curve#'MBEDTLS_ECP_DP_SECP224K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 60b970aefb..8d26cec242 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2659,8 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256
 run_test_psa_force_curve "secp256k1"
 requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
 run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled PSA_WANT_ECC_SECP_R1_224
-run_test_psa_force_curve "secp224r1"
 requires_config_enabled PSA_WANT_ECC_SECP_R1_192
 run_test_psa_force_curve "secp192r1"
 requires_config_enabled PSA_WANT_ECC_SECP_K1_192
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index c70080317c..ad274daec3 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3538,7 +3538,6 @@ exit:
 void conf_group()
 {
     uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
-                                       MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
 
@@ -4050,11 +4049,6 @@ void elliptic_curve_get_properties()
 #else
     TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-    TEST_AVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
-#else
-    TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
-#endif
 #if defined(PSA_WANT_ECC_SECP_R1_192)
     TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
 #else

From d0d0791aed6a1aac8ff685fd7916e4133408cda4 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 5 Aug 2025 11:29:04 +0200
Subject: [PATCH 074/216] remove usage of secp192[k|r]1 curves

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 include/mbedtls/ssl.h                      |  2 --
 library/ssl_misc.h                         |  2 --
 library/ssl_tls.c                          |  8 --------
 programs/ssl/ssl_test_lib.c                | 10 ----------
 tests/scripts/depends.py                   |  2 --
 tests/scripts/set_psa_test_dependencies.py |  2 --
 tests/ssl-opt.sh                           |  4 ----
 tests/suites/test_suite_ssl.function       | 13 +------------
 8 files changed, 1 insertion(+), 42 deletions(-)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index aa1590f41d..55d832c354 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -229,8 +229,6 @@
 
 /* Elliptic Curve Groups (ECDHE) */
 #define MBEDTLS_SSL_IANA_TLS_GROUP_NONE               0
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1     0x0012
-#define MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1     0x0013
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1     0x0016
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1     0x0017
 #define MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1     0x0018
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 66e348c780..b635fd9d0c 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2243,8 +2243,6 @@ static inline int mbedtls_ssl_tls12_named_group_is_ecdhe(uint16_t named_group)
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1   ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_X448      ||
            /* Below deprecated curves should be removed with notice to users */
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1 ||
-           named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1 ||
            named_group == MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1 ||
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5709ab7c3c..a997e41f32 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5893,12 +5893,6 @@ static const struct {
 #if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
     { 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-    { 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-    { 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
-#endif
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)
     { 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
 #endif
@@ -5963,8 +5957,6 @@ static const struct {
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
     { MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" },
     { 0, NULL },
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index d14ff660bd..79d3059306 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -505,16 +505,6 @@ static const struct {
 #else
     { MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
 #endif
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
-#else
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
-#endif
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
-#else
-    { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
-#endif
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
     { MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
 #else
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 940c661f12..b3fbea4b4f 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -262,12 +262,10 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
     'PSA_WANT_ECC_MONTGOMERY_255': ['MBEDTLS_ECP_DP_CURVE25519_ENABLED'],
     'PSA_WANT_ECC_MONTGOMERY_448': ['MBEDTLS_ECP_DP_CURVE448_ENABLED'],
-    'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_256': ['PSA_WANT_ALG_JPAKE',
                                  'MBEDTLS_ECP_DP_SECP256R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_384': ['MBEDTLS_ECP_DP_SECP384R1_ENABLED'],
     'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
-    'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
     'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
 
     'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
diff --git a/tests/scripts/set_psa_test_dependencies.py b/tests/scripts/set_psa_test_dependencies.py
index 411cf0c2a0..0be8ac5e4e 100755
--- a/tests/scripts/set_psa_test_dependencies.py
+++ b/tests/scripts/set_psa_test_dependencies.py
@@ -27,11 +27,9 @@ CLASSIC_DEPENDENCIES = frozenset([
     'MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS',
     'MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN',
     'MBEDTLS_CIPHER_PADDING_ZEROS',
-    #curve#'MBEDTLS_ECP_DP_SECP192R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP384R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP521R1_ENABLED',
-    #curve#'MBEDTLS_ECP_DP_SECP192K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_SECP256K1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP256R1_ENABLED',
     #curve#'MBEDTLS_ECP_DP_BP384R1_ENABLED',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8d26cec242..d0278b123c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2659,10 +2659,6 @@ requires_config_enabled PSA_WANT_ECC_SECP_K1_256
 run_test_psa_force_curve "secp256k1"
 requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
 run_test_psa_force_curve "brainpoolP256r1"
-requires_config_enabled PSA_WANT_ECC_SECP_R1_192
-run_test_psa_force_curve "secp192r1"
-requires_config_enabled PSA_WANT_ECC_SECP_K1_192
-run_test_psa_force_curve "secp192k1"
 
 # Test current time in ServerHello
 requires_config_enabled MBEDTLS_HAVE_TIME
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index ad274daec3..8b192ed97c 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3537,8 +3537,7 @@ exit:
 /* BEGIN_CASE */
 void conf_group()
 {
-    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1,
-                                       MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+    uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
 
     mbedtls_ssl_config conf;
@@ -4049,16 +4048,6 @@ void elliptic_curve_get_properties()
 #else
     TEST_UNAVAILABLE_ECC(26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256);
 #endif
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-    TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
-#else
-    TEST_UNAVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
-#endif
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-    TEST_AVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
-#else
-    TEST_UNAVAILABLE_ECC(18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192);
-#endif
 #if defined(PSA_WANT_ECC_MONTGOMERY_255)
     TEST_AVAILABLE_ECC(29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255);
 #else

From 60236527113a16cc1197de0f7a57929427043ac9 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 08:28:43 +0100
Subject: [PATCH 075/216] Remove additional references to
 sig_algs_heap_allocated

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 5f4d31cabc..f7d7d9d269 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4379,9 +4379,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    if (ssl->handshake->sig_algs_heap_allocated) {
-        mbedtls_free((void *) handshake->sig_algs);
-    }
     handshake->sig_algs = NULL;
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3)

From 8bd8e91485ea79c2b0354ce9c5f24325ad73a2ec Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 08:31:13 +0100
Subject: [PATCH 076/216] Improve ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove-deprecated-items.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/remove-deprecated-items.txt b/ChangeLog.d/remove-deprecated-items.txt
index f0d66eb454..855265788e 100644
--- a/ChangeLog.d/remove-deprecated-items.txt
+++ b/ChangeLog.d/remove-deprecated-items.txt
@@ -7,5 +7,5 @@ Removals
      mbedtls_ssl_conf_max_tls_version() with MBEDTLS_SSL_VERSION_TLS1_y instead.
      Note that the new names of the new constants use the TLS protocol versions,
      unlike the old constants whose names are based on internal encodings.
-   * Remove mbedtls_ssl_conf_sig_hashes. Use mbedtls_ssl_conf_sig_algs()
+   * Remove mbedtls_ssl_conf_sig_hashes(). Use mbedtls_ssl_conf_sig_algs()
      instead.

From fa648bacb2bd47471ac7988ad522e0d51ba97f16 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 6 Aug 2025 11:02:25 +0200
Subject: [PATCH 077/216] depends.py: keep reverse dependencies for p192 and
 p224 curves

These reverse dependencies will be removed once tf-psa-crypto will
remove the corresponding build symbols.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/depends.py | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index b3fbea4b4f..513c6413a5 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -257,6 +257,8 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ALG_CCM': ['PSA_WANT_ALG_CCM_STAR_NO_TAG'],
     'PSA_WANT_ALG_CMAC': ['PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128'],
 
+    # These reverse dependencies can be removed as part of issue
+    # tf-psa-crypto#364.
     'PSA_WANT_ECC_BRAINPOOL_P_R1_256': ['MBEDTLS_ECP_DP_BP256R1_ENABLED'],
     'PSA_WANT_ECC_BRAINPOOL_P_R1_384': ['MBEDTLS_ECP_DP_BP384R1_ENABLED'],
     'PSA_WANT_ECC_BRAINPOOL_P_R1_512': ['MBEDTLS_ECP_DP_BP512R1_ENABLED'],
@@ -268,6 +270,14 @@ REVERSE_DEPENDENCIES = {
     'PSA_WANT_ECC_SECP_R1_521': ['MBEDTLS_ECP_DP_SECP521R1_ENABLED'],
     'PSA_WANT_ECC_SECP_K1_256': ['MBEDTLS_ECP_DP_SECP256K1_ENABLED'],
 
+    # Support for secp224[k|r]1 was removed in tfpsacrypto#408 while
+    # secp192[k|r]1 were kept only for internal testing (hidden to the end
+    # user). We need to keep these reverse dependencies here until
+    # symbols are hidden/removed from crypto_config.h.
+    'PSA_WANT_ECC_SECP_R1_192': ['MBEDTLS_ECP_DP_SECP192R1_ENABLED'],
+    'PSA_WANT_ECC_SECP_R1_224': ['MBEDTLS_ECP_DP_SECP224R1_ENABLED'],
+    'PSA_WANT_ECC_SECP_K1_192': ['MBEDTLS_ECP_DP_SECP192K1_ENABLED'],
+
     'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
                            'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
                            'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
@@ -479,7 +489,7 @@ class DomainData:
                         if alg.can_do(crypto_knowledge.AlgorithmCategory.HASH)}
 
         # Find elliptic curve enabling macros by name.
-        curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z|')
+        curve_symbols = self.config_symbols_matching(r'PSA_WANT_ECC_\w+\Z')
 
         # Find key exchange enabling macros by name.
         key_exchange_symbols = self.config_symbols_matching(r'MBEDTLS_KEY_EXCHANGE_\w+_ENABLED\Z')

From 80a623089d8bbbda72e630c72de47495ffe89188 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 6 Aug 2025 11:38:45 +0200
Subject: [PATCH 078/216] tests: ssl: allow more groups in conf_group()

Previously 3 different groups were allowed, but since the removal of
secp192r1 and secp224r1 only secp256r1 was left. This commit adds
other 2 options.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/suites/test_suite_ssl.function | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 8b192ed97c..3335e5c84e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3538,6 +3538,8 @@ exit:
 void conf_group()
 {
     uint16_t iana_tls_group_list[] = { MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+                                       MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+                                       MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1,
                                        MBEDTLS_SSL_IANA_TLS_GROUP_NONE };
 
     mbedtls_ssl_config conf;

From 2fc59949b2bd40a0f50a9b11063a2a77cdf3c5ed Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Wed, 9 Jul 2025 18:20:48 +0300
Subject: [PATCH 079/216] Added MBEDTLS_PSA_CRYPTO_RNG_STRENGTH to tests.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index da776e70b8..af1b91440e 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2139,6 +2139,7 @@ component_build_aes_aesce_armcc () {
 component_test_aes_only_128_bit_keys () {
     msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH"
     scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
 
     make CFLAGS='-O2 -Werror -Wall -Wextra'
 
@@ -2149,6 +2150,7 @@ component_test_aes_only_128_bit_keys () {
 component_test_no_ctr_drbg_aes_only_128_bit_keys () {
     msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - CTR_DRBG_C"
     scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
 
     make CC=clang CFLAGS='-Werror -Wall -Wextra'
@@ -2160,6 +2162,7 @@ component_test_no_ctr_drbg_aes_only_128_bit_keys () {
 component_test_aes_only_128_bit_keys_have_builtins () {
     msg "build: default config + AES_ONLY_128_BIT_KEY_LENGTH - AESNI_C - AESCE_C"
     scripts/config.py set MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
     scripts/config.py unset MBEDTLS_AESNI_C
     scripts/config.py unset MBEDTLS_AESCE_C
 

From 8a43e7cfeadf43e1abb18bb1b66aeb913b30d409 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 31 Jul 2025 11:12:28 +0300
Subject: [PATCH 080/216] Updated tf-psa-crypto pointer

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index fc1dca6195..71adc72ae3 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit fc1dca61954ee58701a47ba24cc27004e05440b2
+Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb

From a2a1c084ef867a9d122b529d7c5d59f9fc0dad6f Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 6 Aug 2025 14:02:47 +0200
Subject: [PATCH 081/216] mbedtls_check_config: remove reference to
 MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 library/mbedtls_check_config.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h
index 5e5a5b31db..cf5e981da0 100644
--- a/library/mbedtls_check_config.h
+++ b/library/mbedtls_check_config.h
@@ -45,7 +45,6 @@
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
-    defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256) || \
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384) || \
     defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)

From d95ea27e8c41d2741b6c4d4b48fbfabdb37c87f0 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 3 Jul 2025 13:21:38 +0100
Subject: [PATCH 082/216] Create new enum mbedtls_pk_sigalg_t

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 2 +-
 library/x509_crt.c                         | 4 ++--
 tests/suites/test_suite_x509write.function | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 2129da122d..e2134c594b 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2082,7 +2082,7 @@ start_processing:
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-            ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
+            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 15731ca150..3ee157a8e8 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-    if ((ret = mbedtls_pk_verify_new(sig_alg,
+    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg,
                                      &ssl->session_negotiate->peer_cert->pk,
                                      md_alg, verify_hash, verify_hash_len,
                                      p, signature_len)) == 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 7b65b698a3..1b05e017ef 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
         }
 
-        if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk,
+        if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk,
                                   crl_list->sig_md, hash, hash_length,
                                   crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     (void) rs_ctx;
 #endif
 
-    return mbedtls_pk_verify_new(child->sig_pk, &parent->pk,
+    return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk,
                                  child->sig_md, hash, hash_len,
                                  child->sig.p, child->sig.len);
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index c2ab27b01d..74cca8c5ae 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
         goto cleanup;
     }
 
-    if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk,
+    if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk,
                               csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
                               csr.sig.p, csr.sig.len) != 0) {
         ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;

From adf5d537b29c5594467a6871108bbc4b73ba13dc Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 4 Jul 2025 08:50:40 +0100
Subject: [PATCH 083/216] Fix code style

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 5 +++--
 library/x509_crt.c                         | 4 ++--
 tests/suites/test_suite_x509write.function | 2 +-
 4 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index e2134c594b..5488eb04ce 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2082,7 +2082,7 @@ start_processing:
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)pk_alg, peer_pk,
+            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 3ee157a8e8..7e2daefa74 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)sig_alg,
+    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg,
                                      &ssl->session_negotiate->peer_cert->pk,
                                      md_alg, verify_hash, verify_hash_len,
                                      p, signature_len)) == 0) {
@@ -1144,7 +1144,8 @@ static int ssl_tls13_prepare_finished_message(mbedtls_ssl_context *ssl)
                                                   ssl->handshake->state_local.finished_out.digest,
                                                   sizeof(ssl->handshake->state_local.finished_out.
                                                          digest),
-                                                  &ssl->handshake->state_local.finished_out.digest_len,
+                                                  &ssl->handshake->state_local.finished_out.
+                                                  digest_len,
                                                   ssl->conf->endpoint);
 
     if (ret != 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 1b05e017ef..c2d86176ed 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
         }
 
-        if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)crl_list->sig_pk, &ca->pk,
+        if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk,
                                   crl_list->sig_md, hash, hash_length,
                                   crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     (void) rs_ctx;
 #endif
 
-    return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)child->sig_pk, &parent->pk,
+    return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk,
                                  child->sig_md, hash, hash_len,
                                  child->sig.p, child->sig.len);
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 74cca8c5ae..087088ead9 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
         goto cleanup;
     }
 
-    if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t)csr.sig_pk, &csr.pk,
+    if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk,
                               csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
                               csr.sig.p, csr.sig.len) != 0) {
         ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;

From 500e497c059f6949acb992b1788177f6881b326d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 7 Jul 2025 07:56:50 +0100
Subject: [PATCH 084/216] Fix code style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/x509_crt.c | 30 +++++++++++++++---------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index c2d86176ed..ac36a0f1e7 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1663,25 +1663,25 @@ cleanup:
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 #define PRINT_ITEM(i)                               \
-    do {                                            \
-        ret = mbedtls_snprintf(p, n, "%s" i, sep);  \
-        MBEDTLS_X509_SAFE_SNPRINTF;                 \
-        sep = ", ";                                 \
-    } while (0)
+        do {                                            \
+            ret = mbedtls_snprintf(p, n, "%s" i, sep);  \
+            MBEDTLS_X509_SAFE_SNPRINTF;                 \
+            sep = ", ";                                 \
+        } while (0)
 
 #define CERT_TYPE(type, name)          \
-    do {                               \
-        if (ns_cert_type & (type)) {   \
-            PRINT_ITEM(name);          \
-        }                              \
-    } while (0)
+        do {                               \
+            if (ns_cert_type & (type)) {   \
+                PRINT_ITEM(name);          \
+            }                              \
+        } while (0)
 
 #define KEY_USAGE(code, name)      \
-    do {                           \
-        if (key_usage & (code)) {  \
-            PRINT_ITEM(name);      \
-        }                          \
-    } while (0)
+        do {                           \
+            if (key_usage & (code)) {  \
+                PRINT_ITEM(name);      \
+            }                          \
+        } while (0)
 
 static int x509_info_ext_key_usage(char **buf, size_t *size,
                                    const mbedtls_x509_sequence *extended_key_usage)

From b2eecc621d31b066ac08e92dfaaa094483bfba3a Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 7 Jul 2025 14:18:37 +0100
Subject: [PATCH 085/216] switch to mbedtls_pk_sigalg_t

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/x509_crl.h |  2 +-
 include/mbedtls/x509_crt.h |  2 +-
 include/mbedtls/x509_csr.h |  2 +-
 library/x509.c             | 10 +++++-----
 library/x509_create.c      |  4 ++--
 library/x509_crt.c         |  8 ++++----
 library/x509_internal.h    |  6 +++---
 library/x509write_crt.c    |  2 +-
 library/x509write_csr.c    |  2 +-
 9 files changed, 19 insertions(+), 19 deletions(-)

diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index e59d16502d..095cb5d9a5 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -82,7 +82,7 @@ typedef struct mbedtls_x509_crl {
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
 
     /** Next element in the linked list of CRL.
      * \p NULL indicates the end of the list.
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index a3f07892f6..bf418a6851 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -81,7 +81,7 @@ typedef struct mbedtls_x509_crt {
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);               /**< Signature: hash of the tbs part signed with the private key. */
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
 
     /** Next certificate in the linked list that constitutes the CA chain.
      * \p NULL indicates the end of the list.
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index bed1c953e5..b11539440c 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -55,7 +55,7 @@ typedef struct mbedtls_x509_csr {
     mbedtls_x509_buf sig_oid;
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
     mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
+    mbedtls_pk_sigalg_t MBEDTLS_PRIVATE(sig_pk);       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
 }
 mbedtls_x509_csr;
 
diff --git a/library/x509.c b/library/x509.c
index 03ca1b72e6..14f9ba59b3 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -717,16 +717,16 @@ int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x5
  * Get signature algorithm from alg OID and optional parameters
  */
 int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg)
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) {
+    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) {
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
     }
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if (*pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+    if (*pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) {
         mbedtls_md_type_t mgf1_hash_id;
         int expected_salt_len;
 
@@ -1039,7 +1039,7 @@ int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *ser
  * Helper for writing signature algorithms
  */
 int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                              mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg)
+                              mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     char *p = buf;
@@ -1055,7 +1055,7 @@ int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *si
     MBEDTLS_X509_SAFE_SNPRINTF;
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-    if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
+    if (pk_alg == MBEDTLS_PK_SIGALG_RSA_PSS) {
         const char *name = md_type_to_string(md_alg);
         if (name != NULL) {
             ret = mbedtls_snprintf(p, n, " (%s)", name);
diff --git a/library/x509_create.c b/library/x509_create.c
index 09ac69d00b..370eb9b2e1 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -646,7 +646,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
                            const char *oid, size_t oid_len,
                            unsigned char *sig, size_t size,
-                           mbedtls_pk_type_t pk_alg)
+                           mbedtls_pk_sigalg_t pk_alg)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     int write_null_par;
@@ -672,7 +672,7 @@ int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
 
     // Write OID
     //
-    if (pk_alg == MBEDTLS_PK_ECDSA) {
+    if (pk_alg == MBEDTLS_PK_SIGALG_ECDSA) {
         /*
          * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
          * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
diff --git a/library/x509_crt.c b/library/x509_crt.c
index ac36a0f1e7..ded1317b0e 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -188,9 +188,9 @@ static int x509_profile_check_md_alg(const mbedtls_x509_crt_profile *profile,
  * Return 0 if pk_alg is acceptable for this profile, -1 otherwise
  */
 static int x509_profile_check_pk_alg(const mbedtls_x509_crt_profile *profile,
-                                     mbedtls_pk_type_t pk_alg)
+                                     mbedtls_pk_sigalg_t pk_alg)
 {
-    if (pk_alg == MBEDTLS_PK_NONE) {
+    if (pk_alg == MBEDTLS_PK_SIGALG_NONE) {
         return -1;
     }
 
@@ -2121,7 +2121,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     }
 
     /* Skip expensive computation on obvious mismatch */
-    if (!mbedtls_pk_can_do(&parent->pk, child->sig_pk)) {
+    if (!mbedtls_pk_can_do(&parent->pk, (mbedtls_pk_type_t) child->sig_pk)) {
         return -1;
     }
 
@@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
     /* Check the type and size of the key */
     pk_type = mbedtls_pk_get_type(&crt->pk);
 
-    if (x509_profile_check_pk_alg(profile, pk_type) != 0) {
+    if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) {
         ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
     }
 
diff --git a/library/x509_internal.h b/library/x509_internal.h
index 8160270be1..b44b957f9b 100644
--- a/library/x509_internal.h
+++ b/library/x509_internal.h
@@ -35,7 +35,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
 #endif
 int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
 int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg);
 int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
                           mbedtls_x509_time *t);
 int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
@@ -44,7 +44,7 @@ int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
                          mbedtls_x509_buf *ext, int tag);
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                              mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg);
+                              mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg);
 #endif
 int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
 int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
@@ -57,7 +57,7 @@ int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
 int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
                            const char *oid, size_t oid_len,
                            unsigned char *sig, size_t size,
-                           mbedtls_pk_type_t pk_alg);
+                           mbedtls_pk_sigalg_t pk_alg);
 int mbedtls_x509_get_ns_cert_type(unsigned char **p,
                                   const unsigned char *end,
                                   unsigned char *ns_cert_type);
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 09c2328b1a..93cdd2c151 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -587,7 +587,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
     c2 = buf + size;
     MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
                                                                  sig_oid, sig_oid_len,
-                                                                 sig, sig_len, pk_alg));
+                                                                 sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg));
 
     /*
      * Memory layout after this step:
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 88adf794f7..9040d63ed4 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
     c2 = buf + size;
     MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
                          mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
-                                                sig, sig_len, pk_alg));
+                                                sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg));
 
     /*
      * Compact the space between the CSR data and signature by moving the

From 1c118a564dce57e63e43feee688ecd1e5ea62120 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 10:40:08 +0100
Subject: [PATCH 086/216] reverted enum in pk_verify_new

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 2 +-
 library/x509_crt.c                         | 4 ++--
 tests/suites/test_suite_x509write.function | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 5488eb04ce..2129da122d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2082,7 +2082,7 @@ start_processing:
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
+            ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7e2daefa74..e88c00a564 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg,
+    if ((ret = mbedtls_pk_verify_new(sig_alg,
                                      &ssl->session_negotiate->peer_cert->pk,
                                      md_alg, verify_hash, verify_hash_len,
                                      p, signature_len)) == 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index ded1317b0e..ed85d06636 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
         }
 
-        if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) crl_list->sig_pk, &ca->pk,
+        if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk,
                                   crl_list->sig_md, hash, hash_length,
                                   crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     (void) rs_ctx;
 #endif
 
-    return mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) child->sig_pk, &parent->pk,
+    return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk,
                                  child->sig_md, hash, hash_len,
                                  child->sig.p, child->sig.len);
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 087088ead9..cb372014cd 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
         goto cleanup;
     }
 
-    if (mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) csr.sig_pk, &csr.pk,
+    if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk,
                               csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
                               csr.sig.p, csr.sig.len) != 0) {
         ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;

From 8e832b6594e9985a559cec9e2babe977f3bfaf89 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 13:30:05 +0100
Subject: [PATCH 087/216] Add sigalg types to x509_crt.c

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/x509_crt.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index ed85d06636..dca46792a0 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2126,7 +2126,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     }
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-    if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_ECDSA) {
+    if (rs_ctx != NULL && child->sig_pk == MBEDTLS_PK_SIGALG_ECDSA) {
         return mbedtls_pk_verify_restartable(&parent->pk,
                                              child->sig_md, hash, hash_len,
                                              child->sig.p, child->sig.len, &rs_ctx->pk);

From 7573321f61ff6e6b29f6b9907473406a19104919 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 5 Aug 2025 14:14:18 +0100
Subject: [PATCH 088/216] Fix style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/x509.c          |  2 +-
 library/x509_crt.c      | 32 ++++++++++++++++----------------
 library/x509write_crt.c |  3 ++-
 library/x509write_csr.c |  2 +-
 4 files changed, 20 insertions(+), 19 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index 14f9ba59b3..b8f2847437 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t*)pk_alg)) != 0) {
+    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) {
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
     }
 
diff --git a/library/x509_crt.c b/library/x509_crt.c
index dca46792a0..dde6513927 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1663,25 +1663,25 @@ cleanup:
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 #define PRINT_ITEM(i)                               \
-        do {                                            \
-            ret = mbedtls_snprintf(p, n, "%s" i, sep);  \
-            MBEDTLS_X509_SAFE_SNPRINTF;                 \
-            sep = ", ";                                 \
-        } while (0)
+    do {                                            \
+        ret = mbedtls_snprintf(p, n, "%s" i, sep);  \
+        MBEDTLS_X509_SAFE_SNPRINTF;                 \
+        sep = ", ";                                 \
+    } while (0)
 
 #define CERT_TYPE(type, name)          \
-        do {                               \
-            if (ns_cert_type & (type)) {   \
-                PRINT_ITEM(name);          \
-            }                              \
-        } while (0)
+    do {                               \
+        if (ns_cert_type & (type)) {   \
+            PRINT_ITEM(name);          \
+        }                              \
+    } while (0)
 
 #define KEY_USAGE(code, name)      \
-        do {                           \
-            if (key_usage & (code)) {  \
-                PRINT_ITEM(name);      \
-            }                          \
-        } while (0)
+    do {                           \
+        if (key_usage & (code)) {  \
+            PRINT_ITEM(name);      \
+        }                          \
+    } while (0)
 
 static int x509_info_ext_key_usage(char **buf, size_t *size,
                                    const mbedtls_x509_sequence *extended_key_usage)
@@ -3057,7 +3057,7 @@ static int x509_crt_verify_restartable_ca_cb(mbedtls_x509_crt *crt,
     /* Check the type and size of the key */
     pk_type = mbedtls_pk_get_type(&crt->pk);
 
-    if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t)pk_type) != 0) {
+    if (x509_profile_check_pk_alg(profile, (mbedtls_pk_sigalg_t) pk_type) != 0) {
         ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
     }
 
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 93cdd2c151..e1d5758f7c 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -587,7 +587,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
     c2 = buf + size;
     MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
                                                                  sig_oid, sig_oid_len,
-                                                                 sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg));
+                                                                 sig, sig_len,
+                                                                 (mbedtls_pk_sigalg_t) pk_alg));
 
     /*
      * Memory layout after this step:
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 9040d63ed4..5b2a17b0bc 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -249,7 +249,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
     c2 = buf + size;
     MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
                          mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
-                                                sig, sig_len, (mbedtls_pk_sigalg_t)pk_alg));
+                                                sig, sig_len, (mbedtls_pk_sigalg_t) pk_alg));
 
     /*
      * Compact the space between the CSR data and signature by moving the

From df6a6eacedcc9f6af094a4a1e5eeb22e379e97b2 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 08:08:10 +0100
Subject: [PATCH 089/216] Add ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove_mbedtls_pk_type.txt | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 ChangeLog.d/remove_mbedtls_pk_type.txt

diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt
new file mode 100644
index 0000000000..0ad38e0a50
--- /dev/null
+++ b/ChangeLog.d/remove_mbedtls_pk_type.txt
@@ -0,0 +1,4 @@
+
+Removals
+   * Remove mbedtls_pk_type_t from the public interface and replace it with
+     mbedtls_pk_sigalg_t.

From 563d360a9bcdac46d2e2f7b5fe4786ad87eaacd9 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 08:22:25 +0100
Subject: [PATCH 090/216] Fix ChangeLog format

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/remove_mbedtls_pk_type.txt | 1 -
 1 file changed, 1 deletion(-)

diff --git a/ChangeLog.d/remove_mbedtls_pk_type.txt b/ChangeLog.d/remove_mbedtls_pk_type.txt
index 0ad38e0a50..4b33d1e110 100644
--- a/ChangeLog.d/remove_mbedtls_pk_type.txt
+++ b/ChangeLog.d/remove_mbedtls_pk_type.txt
@@ -1,4 +1,3 @@
-
 Removals
    * Remove mbedtls_pk_type_t from the public interface and replace it with
      mbedtls_pk_sigalg_t.

From 6816fd781e89e3fa83a7d5ba363edb74d9fb4de8 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 13:50:24 +0100
Subject: [PATCH 091/216] Adjust for change in mbedtls_pk_verify_new function
 prototype

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 2 +-
 library/x509_crt.c                         | 4 ++--
 tests/suites/test_suite_x509write.function | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 2129da122d..5488eb04ce 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2082,7 +2082,7 @@ start_processing:
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-            ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
+            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index e88c00a564..7e2daefa74 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-    if ((ret = mbedtls_pk_verify_new(sig_alg,
+    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg,
                                      &ssl->session_negotiate->peer_cert->pk,
                                      md_alg, verify_hash, verify_hash_len,
                                      p, signature_len)) == 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index dde6513927..9ac9658009 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
         }
 
-        if (mbedtls_pk_verify_new((mbedtls_pk_type_t) crl_list->sig_pk, &ca->pk,
+        if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk,
                                   crl_list->sig_md, hash, hash_length,
                                   crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     (void) rs_ctx;
 #endif
 
-    return mbedtls_pk_verify_new((mbedtls_pk_type_t) child->sig_pk, &parent->pk,
+    return mbedtls_pk_verify_new(child->sig_pk, &parent->pk,
                                  child->sig_md, hash, hash_len,
                                  child->sig.p, child->sig.len);
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index cb372014cd..c2ab27b01d 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
         goto cleanup;
     }
 
-    if (mbedtls_pk_verify_new((mbedtls_pk_type_t) csr.sig_pk, &csr.pk,
+    if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk,
                               csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
                               csr.sig.p, csr.sig.len) != 0) {
         ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;

From 8b3b7e5cacdde75f9a650d2739d7183f6cd4526f Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 15:23:33 +0100
Subject: [PATCH 092/216] Update further type mismatches

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_client.c                 | 2 +-
 library/ssl_tls13_generic.c                | 2 +-
 library/x509_crt.c                         | 4 ++--
 tests/suites/test_suite_x509write.function | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 5488eb04ce..2129da122d 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -2082,7 +2082,7 @@ start_processing:
 
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
         if (pk_alg == MBEDTLS_PK_RSASSA_PSS) {
-            ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) pk_alg, peer_pk,
+            ret = mbedtls_pk_verify_new(pk_alg, peer_pk,
                                         md_alg, hash, hashlen,
                                         p, sig_len);
         } else
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 7e2daefa74..e88c00a564 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -300,7 +300,7 @@ static int ssl_tls13_parse_certificate_verify(mbedtls_ssl_context *ssl,
 
     MBEDTLS_SSL_DEBUG_BUF(3, "verify hash", verify_hash, verify_hash_len);
 
-    if ((ret = mbedtls_pk_verify_new((mbedtls_pk_sigalg_t) sig_alg,
+    if ((ret = mbedtls_pk_verify_new(sig_alg,
                                      &ssl->session_negotiate->peer_cert->pk,
                                      md_alg, verify_hash, verify_hash_len,
                                      p, signature_len)) == 0) {
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 9ac9658009..e6b9252859 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2061,7 +2061,7 @@ static int x509_crt_verifycrl(mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
             flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
         }
 
-        if (mbedtls_pk_verify_new(crl_list->sig_pk, &ca->pk,
+        if (mbedtls_pk_verify_ext(crl_list->sig_pk, &ca->pk,
                                   crl_list->sig_md, hash, hash_length,
                                   crl_list->sig.p, crl_list->sig.len) != 0) {
             flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
@@ -2135,7 +2135,7 @@ static int x509_crt_check_signature(const mbedtls_x509_crt *child,
     (void) rs_ctx;
 #endif
 
-    return mbedtls_pk_verify_new(child->sig_pk, &parent->pk,
+    return mbedtls_pk_verify_ext(child->sig_pk, &parent->pk,
                                  child->sig_md, hash, hash_len,
                                  child->sig.p, child->sig.len);
 }
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index c2ab27b01d..000c09a950 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -40,7 +40,7 @@ static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
         goto cleanup;
     }
 
-    if (mbedtls_pk_verify_new(csr.sig_pk, &csr.pk,
+    if (mbedtls_pk_verify_ext(csr.sig_pk, &csr.pk,
                               csr.sig_md, hash, mbedtls_md_get_size_from_type(csr.sig_md),
                               csr.sig.p, csr.sig.len) != 0) {
         ret = MBEDTLS_ERR_X509_CERT_VERIFY_FAILED;

From 8dfed9fc15527c44f4dc22988300565dcf626ada Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 6 Aug 2025 15:46:21 +0100
Subject: [PATCH 093/216] Remove pointer cast in mbedtls_x509_oid_get_sig_alg

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/x509.c          |  2 +-
 library/x509_oid.c      | 34 +++++++++++++++++-----------------
 library/x509_oid.h      |  4 ++--
 library/x509write_crt.c |  2 +-
 library/x509write_csr.c |  2 +-
 5 files changed, 22 insertions(+), 22 deletions(-)

diff --git a/library/x509.c b/library/x509.c
index b8f2847437..1adff8fafc 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -721,7 +721,7 @@ int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, (mbedtls_pk_type_t *) pk_alg)) != 0) {
+    if ((ret = mbedtls_x509_oid_get_sig_alg(sig_oid, md_alg, pk_alg)) != 0) {
         return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret);
     }
 
diff --git a/library/x509_oid.c b/library/x509_oid.c
index d69fd513ba..cc0063bcd3 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -381,7 +381,7 @@ FN_OID_GET_ATTR1(mbedtls_x509_oid_get_certificate_policies,
 typedef struct {
     mbedtls_x509_oid_descriptor_t    descriptor;
     mbedtls_md_type_t           md_alg;
-    mbedtls_pk_type_t           pk_alg;
+    mbedtls_pk_sigalg_t         pk_alg;
 } oid_sig_alg_t;
 
 static const oid_sig_alg_t oid_sig_alg[] =
@@ -390,47 +390,47 @@ static const oid_sig_alg_t oid_sig_alg[] =
 #if defined(PSA_WANT_ALG_MD5)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_MD5,        "md5WithRSAEncryption",     "RSA with MD5"),
-        MBEDTLS_MD_MD5,      MBEDTLS_PK_RSA,
+        MBEDTLS_MD_MD5,      MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_MD5 */
 #if defined(PSA_WANT_ALG_SHA_1)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA1,       "sha-1WithRSAEncryption",   "RSA with SHA1"),
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_1 */
 #if defined(PSA_WANT_ALG_SHA_224)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA224,     "sha224WithRSAEncryption",
                        "RSA with SHA-224"),
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA224,   MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_224 */
 #if defined(PSA_WANT_ALG_SHA_256)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA256,     "sha256WithRSAEncryption",
                        "RSA with SHA-256"),
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA256,   MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_256 */
 #if defined(PSA_WANT_ALG_SHA_384)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA384,     "sha384WithRSAEncryption",
                        "RSA with SHA-384"),
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA384,   MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_384 */
 #if defined(PSA_WANT_ALG_SHA_512)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_PKCS1_SHA512,     "sha512WithRSAEncryption",
                        "RSA with SHA-512"),
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA512,   MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_512 */
 #if defined(PSA_WANT_ALG_SHA_1)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_RSA_SHA_OBS,      "sha-1WithRSAEncryption",   "RSA with SHA1"),
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_RSA,
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_SIGALG_RSA_PKCS1V15,
     },
 #endif /* PSA_WANT_ALG_SHA_1 */
 #endif /* MBEDTLS_RSA_C */
@@ -438,43 +438,43 @@ static const oid_sig_alg_t oid_sig_alg[] =
 #if defined(PSA_WANT_ALG_SHA_1)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA1,       "ecdsa-with-SHA1",      "ECDSA with SHA1"),
-        MBEDTLS_MD_SHA1,     MBEDTLS_PK_ECDSA,
+        MBEDTLS_MD_SHA1,     MBEDTLS_PK_SIGALG_ECDSA,
     },
 #endif /* PSA_WANT_ALG_SHA_1 */
 #if defined(PSA_WANT_ALG_SHA_224)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA224,     "ecdsa-with-SHA224",    "ECDSA with SHA224"),
-        MBEDTLS_MD_SHA224,   MBEDTLS_PK_ECDSA,
+        MBEDTLS_MD_SHA224,   MBEDTLS_PK_SIGALG_ECDSA,
     },
 #endif
 #if defined(PSA_WANT_ALG_SHA_256)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA256,     "ecdsa-with-SHA256",    "ECDSA with SHA256"),
-        MBEDTLS_MD_SHA256,   MBEDTLS_PK_ECDSA,
+        MBEDTLS_MD_SHA256,   MBEDTLS_PK_SIGALG_ECDSA,
     },
 #endif /* PSA_WANT_ALG_SHA_256 */
 #if defined(PSA_WANT_ALG_SHA_384)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA384,     "ecdsa-with-SHA384",    "ECDSA with SHA384"),
-        MBEDTLS_MD_SHA384,   MBEDTLS_PK_ECDSA,
+        MBEDTLS_MD_SHA384,   MBEDTLS_PK_SIGALG_ECDSA,
     },
 #endif /* PSA_WANT_ALG_SHA_384 */
 #if defined(PSA_WANT_ALG_SHA_512)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_ECDSA_SHA512,     "ecdsa-with-SHA512",    "ECDSA with SHA512"),
-        MBEDTLS_MD_SHA512,   MBEDTLS_PK_ECDSA,
+        MBEDTLS_MD_SHA512,   MBEDTLS_PK_SIGALG_ECDSA,
     },
 #endif /* PSA_WANT_ALG_SHA_512 */
 #endif /* PSA_HAVE_ALG_SOME_ECDSA */
 #if defined(MBEDTLS_RSA_C)
     {
         OID_DESCRIPTOR(MBEDTLS_OID_RSASSA_PSS,        "RSASSA-PSS",           "RSASSA-PSS"),
-        MBEDTLS_MD_NONE,     MBEDTLS_PK_RSASSA_PSS,
+        MBEDTLS_MD_NONE,     MBEDTLS_PK_SIGALG_RSA_PSS,
     },
 #endif /* MBEDTLS_RSA_C */
     {
         NULL_OID_DESCRIPTOR,
-        MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
+        MBEDTLS_MD_NONE, MBEDTLS_PK_SIGALG_NONE,
     },
 };
 
@@ -494,14 +494,14 @@ FN_OID_GET_ATTR2(mbedtls_x509_oid_get_sig_alg,
                  sig_alg,
                  mbedtls_md_type_t,
                  md_alg,
-                 mbedtls_pk_type_t,
+                 mbedtls_pk_sigalg_t,
                  pk_alg)
 #endif /* MBEDTLS_X509_USE_C */
 #if defined(MBEDTLS_X509_CRT_WRITE_C) || defined(MBEDTLS_X509_CSR_WRITE_C)
 FN_OID_GET_OID_BY_ATTR2(mbedtls_x509_oid_get_oid_by_sig_alg,
                         oid_sig_alg_t,
                         oid_sig_alg,
-                        mbedtls_pk_type_t,
+                        mbedtls_pk_sigalg_t,
                         pk_alg,
                         mbedtls_md_type_t,
                         md_alg)
diff --git a/library/x509_oid.h b/library/x509_oid.h
index 8d5e1bbff1..0752953aac 100644
--- a/library/x509_oid.h
+++ b/library/x509_oid.h
@@ -80,7 +80,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char
  * \return         0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
  */
 int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
-                                 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
+                                 mbedtls_md_type_t *md_alg, mbedtls_pk_sigalg_t *pk_alg);
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
@@ -106,7 +106,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **
  *
  * \return         0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
  */
-int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_sigalg_t pk_alg, mbedtls_md_type_t md_alg,
                                         const char **oid, size_t *olen);
 #endif /* MBEDTLS_X509_CRT_WRITE_C || MBEDTLS_X509_CSR_WRITE_C */
 
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index e1d5758f7c..1f8a006de6 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -416,7 +416,7 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
         return MBEDTLS_ERR_X509_INVALID_ALG;
     }
 
-    if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+    if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg,
                                                    &sig_oid, &sig_oid_len)) != 0) {
         return ret;
     }
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 5b2a17b0bc..8e37278f95 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -230,7 +230,7 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
         return MBEDTLS_ERR_X509_INVALID_ALG;
     }
 
-    if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg(pk_alg, ctx->md_alg,
+    if ((ret = mbedtls_x509_oid_get_oid_by_sig_alg((mbedtls_pk_sigalg_t) pk_alg, ctx->md_alg,
                                                    &sig_oid, &sig_oid_len)) != 0) {
         return ret;
     }

From 602fa5dd99435a637b162fbe598eab958e7f02b0 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Thu, 7 Aug 2025 10:18:40 +0200
Subject: [PATCH 094/216] changelog: add note about EC curves support removal
 in TLS

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 ChangeLog.d/secp256k1-removal.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/secp256k1-removal.txt

diff --git a/ChangeLog.d/secp256k1-removal.txt b/ChangeLog.d/secp256k1-removal.txt
new file mode 100644
index 0000000000..9933b8e7a9
--- /dev/null
+++ b/ChangeLog.d/secp256k1-removal.txt
@@ -0,0 +1,3 @@
+Removals
+   * Support for secp192k1, secp192r1, secp224k1 and secp224r1 EC curves is
+     removed from TLS.

From ed0db45b635d30eb6c122e25213b093658567fbd Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 7 Aug 2025 09:40:42 +0100
Subject: [PATCH 095/216] Completely remove sig_algs_heap_allocated

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_misc.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 245b1f4af1..ed0f7ab2c5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -714,7 +714,6 @@ struct mbedtls_ssl_handshake_params {
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
     unsigned char group_list_heap_allocated;
-    unsigned char sig_algs_heap_allocated;
 #endif
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@@ -2317,7 +2316,6 @@ static inline const void *mbedtls_ssl_get_sig_algs(
 
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
     if (ssl->handshake != NULL &&
-        ssl->handshake->sig_algs_heap_allocated == 1 &&
         ssl->handshake->sig_algs != NULL) {
         return ssl->handshake->sig_algs;
     }

From 5a27010faba8c2c4f9d56a6c86444746314c2c87 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 8 Aug 2025 08:33:03 +0100
Subject: [PATCH 096/216] Remove group_list_heap_allocated

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_misc.h | 4 ----
 library/ssl_tls.c  | 9 ---------
 2 files changed, 13 deletions(-)

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index ed0f7ab2c5..e3ec3686e5 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -712,10 +712,6 @@ struct mbedtls_ssl_handshake_params {
     unsigned char retransmit_state;     /*!<  Retransmission state           */
 #endif
 
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    unsigned char group_list_heap_allocated;
-#endif
-
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
     uint8_t ecrs_enabled;               /*!< Handshake supports EC restart? */
     enum { /* this complements ssl->state with info on intra-state operations */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index f7d7d9d269..a957482ce5 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -4368,15 +4368,6 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
         return;
     }
 
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_DEPRECATED_REMOVED)
-    if (ssl->handshake->group_list_heap_allocated) {
-        mbedtls_free((void *) handshake->group_list);
-    }
-    handshake->group_list = NULL;
-#endif /* MBEDTLS_DEPRECATED_REMOVED */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
-
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
     handshake->sig_algs = NULL;

From 37a4281710919381289fa2b432c46c2e99937765 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Mon, 11 Aug 2025 12:52:49 +0200
Subject: [PATCH 097/216] tests: configuration_crypto: fix selection of EC/DH
 group to accelerate

Some EC/DH group might be disabled in default configuration in
"crypto_config.h" so before running "helper_get_psa_key_type_list" and/or
"helper_get_psa_curve_list" it's better to set/unset what's required
for that test component and only then parse the enabled groups.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 .../components-configuration-crypto.sh        | 138 +++++++++---------
 1 file changed, 71 insertions(+), 67 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index af1b91440e..8e9df371cf 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -553,17 +553,17 @@ component_test_psa_crypto_config_ffdh_2048_only () {
 component_test_psa_crypto_config_accel_ecdsa () {
     msg "build: accelerated ECDSA"
 
-    # Algorithms and key types to accelerate
-    loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
-                    $(helper_get_psa_key_type_list "ECC") \
-                    $(helper_get_psa_curve_list)"
-
     # Configure
     # ---------
 
     # Start from default config + TLS 1.3
     helper_libtestdriver1_adjust_config "default"
 
+    # Algorithms and key types to accelerate
+    loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+                    $(helper_get_psa_key_type_list "ECC") \
+                    $(helper_get_psa_curve_list)"
+
     # Disable the module that's accelerated
     scripts/config.py unset MBEDTLS_ECDSA_C
 
@@ -595,17 +595,17 @@ component_test_psa_crypto_config_accel_ecdsa () {
 component_test_psa_crypto_config_accel_ecdh () {
     msg "build: accelerated ECDH"
 
-    # Algorithms and key types to accelerate
-    loc_accel_list="ALG_ECDH \
-                    $(helper_get_psa_key_type_list "ECC") \
-                    $(helper_get_psa_curve_list)"
-
     # Configure
     # ---------
 
     # Start from default config (no USE_PSA)
     helper_libtestdriver1_adjust_config "default"
 
+    # Algorithms and key types to accelerate
+    loc_accel_list="ALG_ECDH \
+                    $(helper_get_psa_key_type_list "ECC") \
+                    $(helper_get_psa_curve_list)"
+
     # Disable the module that's accelerated
     scripts/config.py unset MBEDTLS_ECDH_C
 
@@ -636,17 +636,17 @@ component_test_psa_crypto_config_accel_ecdh () {
 component_test_psa_crypto_config_accel_ffdh () {
     msg "build: full with accelerated FFDH"
 
-    # Algorithms and key types to accelerate
-    loc_accel_list="ALG_FFDH \
-                    $(helper_get_psa_key_type_list "DH") \
-                    $(helper_get_psa_dh_group_list)"
-
     # Configure
     # ---------
 
     # start with full (USE_PSA and TLS 1.3)
     helper_libtestdriver1_adjust_config "full"
 
+    # Algorithms and key types to accelerate
+    loc_accel_list="ALG_FFDH \
+                    $(helper_get_psa_key_type_list "DH") \
+                    $(helper_get_psa_dh_group_list)"
+
     # Build
     # -----
 
@@ -685,15 +685,15 @@ component_test_psa_crypto_config_reference_ffdh () {
 component_test_psa_crypto_config_accel_pake () {
     msg "build: full with accelerated PAKE"
 
-    loc_accel_list="ALG_JPAKE \
-                    $(helper_get_psa_key_type_list "ECC") \
-                    $(helper_get_psa_curve_list)"
-
     # Configure
     # ---------
 
     helper_libtestdriver1_adjust_config "full"
 
+    loc_accel_list="ALG_JPAKE \
+                    $(helper_get_psa_key_type_list "ECC") \
+                    $(helper_get_psa_curve_list)"
+
     # Make built-in fallback not available
     scripts/config.py unset MBEDTLS_ECJPAKE_C
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
@@ -718,6 +718,12 @@ component_test_psa_crypto_config_accel_pake () {
 component_test_psa_crypto_config_accel_ecc_some_key_types () {
     msg "build: full with accelerated EC algs and some key types"
 
+    # Configure
+    # ---------
+
+    # start with config full for maximum coverage (also enables USE_PSA)
+    helper_libtestdriver1_adjust_config "full"
+
     # Algorithms and key types to accelerate
     # For key types, use an explicitly list to omit GENERATE (and DERIVE)
     loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
@@ -729,12 +735,6 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
                     KEY_TYPE_ECC_KEY_PAIR_EXPORT \
                     $(helper_get_psa_curve_list)"
 
-    # Configure
-    # ---------
-
-    # start with config full for maximum coverage (also enables USE_PSA)
-    helper_libtestdriver1_adjust_config "full"
-
     # Disable modules that are accelerated - some will be re-enabled
     scripts/config.py unset MBEDTLS_ECDSA_C
     scripts/config.py unset MBEDTLS_ECDH_C
@@ -789,7 +789,26 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
 
     msg "build: crypto_full minus PK with accelerated EC algs and $desc curves"
 
-    # Note: Curves are handled in a special way by the libtestdriver machinery,
+    # Configure
+    # ---------
+
+    # Start with config crypto_full and remove PK_C:
+    # that's what's supported now, see docs/driver-only-builds.md.
+    helper_libtestdriver1_adjust_config "crypto_full"
+    scripts/config.py unset MBEDTLS_PK_C
+    scripts/config.py unset MBEDTLS_PK_PARSE_C
+    scripts/config.py unset MBEDTLS_PK_WRITE_C
+
+    # Disable modules that are accelerated - some will be re-enabled
+    scripts/config.py unset MBEDTLS_ECDSA_C
+    scripts/config.py unset MBEDTLS_ECDH_C
+    scripts/config.py unset MBEDTLS_ECJPAKE_C
+    scripts/config.py unset MBEDTLS_ECP_C
+
+    # Disable all curves - those that aren't accelerated should be re-enabled
+    helper_disable_builtin_curves
+
+        # Note: Curves are handled in a special way by the libtestdriver machinery,
     # so we only want to include them in the accel list when building the main
     # libraries, hence the use of a separate variable.
     # Note: the following loop is a modified version of
@@ -819,25 +838,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
                     $(helper_get_psa_key_type_list "ECC") \
                     $loc_curve_list"
 
-    # Configure
-    # ---------
-
-    # Start with config crypto_full and remove PK_C:
-    # that's what's supported now, see docs/driver-only-builds.md.
-    helper_libtestdriver1_adjust_config "crypto_full"
-    scripts/config.py unset MBEDTLS_PK_C
-    scripts/config.py unset MBEDTLS_PK_PARSE_C
-    scripts/config.py unset MBEDTLS_PK_WRITE_C
-
-    # Disable modules that are accelerated - some will be re-enabled
-    scripts/config.py unset MBEDTLS_ECDSA_C
-    scripts/config.py unset MBEDTLS_ECDH_C
-    scripts/config.py unset MBEDTLS_ECJPAKE_C
-    scripts/config.py unset MBEDTLS_ECP_C
-
-    # Disable all curves - those that aren't accelerated should be re-enabled
-    helper_disable_builtin_curves
-
     # Restartable feature is not yet supported by PSA. Once it will in
     # the future, the following line could be removed (see issues
     # 6061, 6332 and following ones)
@@ -884,7 +884,11 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
     # -------------
 
     msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
-    make test
+    # make test
+    (
+        cd tf-psa-crypto/tests
+        ./test_suite_psa_crypto_driver_wrappers
+    )
 }
 
 component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {
@@ -928,6 +932,12 @@ config_psa_crypto_config_ecp_light_only () {
 component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
     msg "build: full with accelerated EC algs"
 
+    # Configure
+    # ---------
+
+    # Use the same config as reference, only without built-in EC algs
+    config_psa_crypto_config_ecp_light_only 1
+
     # Algorithms and key types to accelerate
     loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
                     ALG_ECDH \
@@ -935,12 +945,6 @@ component_test_psa_crypto_config_accel_ecc_ecp_light_only () {
                     $(helper_get_psa_key_type_list "ECC") \
                     $(helper_get_psa_curve_list)"
 
-    # Configure
-    # ---------
-
-    # Use the same config as reference, only without built-in EC algs
-    config_psa_crypto_config_ecp_light_only 1
-
     # Do not disable builtin curves because that support is required for:
     # - MBEDTLS_PK_PARSE_EC_EXTENDED
     # - MBEDTLS_PK_PARSE_EC_COMPRESSED
@@ -1032,13 +1036,6 @@ config_psa_crypto_no_ecp_at_all () {
 component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
     msg "build: full + accelerated EC algs - ECP"
 
-    # Algorithms and key types to accelerate
-    loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
-                    ALG_ECDH \
-                    ALG_JPAKE \
-                    $(helper_get_psa_key_type_list "ECC") \
-                    $(helper_get_psa_curve_list)"
-
     # Configure
     # ---------
 
@@ -1047,6 +1044,13 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
     # Disable all the builtin curves. All the required algs are accelerated.
     helper_disable_builtin_curves
 
+    # Algorithms and key types to accelerate
+    loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
+                    ALG_ECDH \
+                    ALG_JPAKE \
+                    $(helper_get_psa_key_type_list "ECC") \
+                    $(helper_get_psa_curve_list)"
+
     # Build
     # -----
 
@@ -1183,6 +1187,14 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
 
     msg "build: full + accelerated $accel_text algs + USE_PSA - $removed_text - BIGNUM"
 
+    # Configure
+    # ---------
+
+    # Set common configurations between library's and driver's builds
+    config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
+    # Disable all the builtin curves. All the required algs are accelerated.
+    helper_disable_builtin_curves
+
     # By default we accelerate all EC keys/algs
     loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
                     ALG_ECDH \
@@ -1197,14 +1209,6 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
                         $(helper_get_psa_dh_group_list)"
     fi
 
-    # Configure
-    # ---------
-
-    # Set common configurations between library's and driver's builds
-    config_psa_crypto_config_accel_ecc_ffdh_no_bignum 1 "$test_target"
-    # Disable all the builtin curves. All the required algs are accelerated.
-    helper_disable_builtin_curves
-
     # Build
     # -----
 

From 981a0c46b2cb2487f90d90b65269e519474b5f86 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Tue, 12 Aug 2025 11:31:11 +0200
Subject: [PATCH 098/216] tests: remove leftover from debug session and extra
 spaces

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/components-configuration-crypto.sh | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 8e9df371cf..cd8bd24563 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -808,7 +808,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
     # Disable all curves - those that aren't accelerated should be re-enabled
     helper_disable_builtin_curves
 
-        # Note: Curves are handled in a special way by the libtestdriver machinery,
+    # Note: Curves are handled in a special way by the libtestdriver machinery,
     # so we only want to include them in the accel list when building the main
     # libraries, hence the use of a separate variable.
     # Note: the following loop is a modified version of
@@ -884,11 +884,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
     # -------------
 
     msg "test suites: crypto_full minus PK with accelerated EC algs and $desc curves"
-    # make test
-    (
-        cd tf-psa-crypto/tests
-        ./test_suite_psa_crypto_driver_wrappers
-    )
+    make test
 }
 
 component_test_psa_crypto_config_accel_ecc_weierstrass_curves () {

From 1b70084bd9ef584a8facfb4d4eb061b20d38938e Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 10 Mar 2025 18:51:20 +0100
Subject: [PATCH 099/216] TF-PSA-Crypto submodule link fixup

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c                    | 5 ++---
 programs/ssl/ssl_client2.c           | 2 +-
 programs/ssl/ssl_server2.c           | 2 +-
 tests/suites/test_suite_ssl.function | 2 +-
 tf-psa-crypto                        | 2 +-
 5 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 8cf23f2d3b..76430b593b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1753,12 +1753,11 @@ static psa_status_t mbedtls_ssl_set_hs_ecjpake_password_common(
     size_t user_len = 0;
     const uint8_t *peer = NULL;
     size_t peer_len = 0;
-    psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE);
+    psa_pake_cs_set_algorithm(&cipher_suite, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
     psa_pake_cs_set_primitive(&cipher_suite,
                               PSA_PAKE_PRIMITIVE(PSA_PAKE_PRIMITIVE_TYPE_ECC,
                                                  PSA_ECC_FAMILY_SECP_R1,
                                                  256));
-    psa_pake_cs_set_hash(&cipher_suite, PSA_ALG_SHA_256);
 
     status = psa_pake_setup(&ssl->handshake->psa_pake_ctx, pwd, &cipher_suite);
     if (status != PSA_SUCCESS) {
@@ -1809,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
     }
 
     psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
     psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
     status = psa_import_key(&attributes, pw, pw_len,
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 1ce4e46b1c..ae77a173fb 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2059,7 +2059,7 @@ usage:
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
             psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
             psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
             status = psa_import_key(&attributes,
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index c5f22c4116..3b07c8d368 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3336,7 +3336,7 @@ reset:
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
             psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
             psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
             status = psa_import_key(&attributes,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3335e5c84e..3fbeac2479 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
 
         /* First try with an invalid usage */
         psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
-        psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE);
+        psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
         psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
         PSA_ASSERT(psa_import_key(&attributes, pwd_string,
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 71adc72ae3..bd17dc8bcc 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 71adc72ae31bd6096741955be12422d41355c5fb
+Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277

From e8073180ac995f4c4dc3efe8f70a955ea01f33f8 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 13 Mar 2025 15:10:52 +0100
Subject: [PATCH 100/216] Create a changelog entry

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9321.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/9321.txt

diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt
new file mode 100644
index 0000000000..b6c90e6a0e
--- /dev/null
+++ b/ChangeLog.d/9321.txt
@@ -0,0 +1,3 @@
+Changes
+   * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros,
+     which do not conform to the standard PAKE interface
\ No newline at end of file

From e2c5ca332ff66e655664774799186a46b9a8c74f Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 3 Apr 2025 13:38:43 +0200
Subject: [PATCH 101/216] Fixed the changelog entry, missing trailing newline

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9321.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt
index b6c90e6a0e..816817dce8 100644
--- a/ChangeLog.d/9321.txt
+++ b/ChangeLog.d/9321.txt
@@ -1,3 +1,3 @@
 Changes
    * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros,
-     which do not conform to the standard PAKE interface
\ No newline at end of file
+     which do not conform to the standard PAKE interface

From e8be4ee08ca729348cf031c0de3fdfa701e3ab11 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 7 Apr 2025 16:26:06 +0200
Subject: [PATCH 102/216] Fixed the changelog entry wording

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9321.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt
index 816817dce8..672d6e4304 100644
--- a/ChangeLog.d/9321.txt
+++ b/ChangeLog.d/9321.txt
@@ -1,3 +1,3 @@
 Changes
-   * Use the new `PSA_ALG_XXX` related macros for JPAKE instead of old macros,
-     which do not conform to the standard PAKE interface
+   * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to
+     the PSA API 1.2 PAKE extension
\ No newline at end of file

From 143d5d8a3a50642bef0af85ed89c50139e1d72e0 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 9 Apr 2025 12:24:40 +0200
Subject: [PATCH 103/216] Deleted the changelog entry as requested

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9321.txt | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 ChangeLog.d/9321.txt

diff --git a/ChangeLog.d/9321.txt b/ChangeLog.d/9321.txt
deleted file mode 100644
index 672d6e4304..0000000000
--- a/ChangeLog.d/9321.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
-   * Use the new `PSA_ALG_XXX` related macros for JPAKE to be conformant to
-     the PSA API 1.2 PAKE extension
\ No newline at end of file

From 6eb5335ef0caa8bb77d5ec1b94a1736677acac0a Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 28 May 2025 20:02:35 +0200
Subject: [PATCH 104/216] Fixed issues with policy verification, since wildcard
 JPAKE policy is now disallowed, changed to concrete jpake algorithm (with
 SHA256 hash)

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c                    | 2 +-
 programs/ssl/ssl_client2.c           | 2 +-
 programs/ssl/ssl_server2.c           | 2 +-
 tests/suites/test_suite_ssl.function | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 76430b593b..9144f9222b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1808,7 +1808,7 @@ int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
     }
 
     psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
+    psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
     psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
     status = psa_import_key(&attributes, pw, pw_len,
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index ae77a173fb..40304dd381 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2059,7 +2059,7 @@ usage:
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
             psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
+            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
             psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
             status = psa_import_key(&attributes,
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 3b07c8d368..64fd45952f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -3336,7 +3336,7 @@ reset:
             psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
 
             psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
-            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
+            psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
             psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
             status = psa_import_key(&attributes,
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3fbeac2479..5b6500898e 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3973,7 +3973,7 @@ void ssl_ecjpake_set_password(int use_opaque_arg)
 
         /* First try with an invalid usage */
         psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
-        psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE_BASE);
+        psa_set_key_algorithm(&attributes, PSA_ALG_JPAKE(PSA_ALG_SHA_256));
         psa_set_key_type(&attributes, PSA_KEY_TYPE_PASSWORD);
 
         PSA_ASSERT(psa_import_key(&attributes, pwd_string,

From eca92dcdeb1aee4f1a73f2cd5bf2ee462525475f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?=
 <manuel.pegourie-gonnard@arm.com>
Date: Wed, 13 Aug 2025 09:50:12 +0200
Subject: [PATCH 105/216] Update tf-psa-crypto to current development
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index bd17dc8bcc..f0b51e354b 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit bd17dc8bcc4cbb00c7bd3481a107a2b0e940d277
+Subproject commit f0b51e354bb69071d3fab28650894287fac2348e

From a785eea41f6c906db69796babd03b7f0064cf27a Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 13 Aug 2025 10:57:46 +0200
Subject: [PATCH 106/216] tests: configuration-crypto: enable p192 curves in
 test_psa_crypto_without_heap

Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
This is required to get the proper test coverage otherwise there are
tests in 'test_suite_psa_crypto_op_fail' that would never be executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tests/scripts/components-configuration-crypto.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index cd8bd24563..f7647415c5 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -95,6 +95,11 @@ component_test_psa_crypto_without_heap() {
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
     # EC-JPAKE use calloc/free in PSA core
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+    # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
+    # This is required to get the proper test coverage otherwise there are
+    # tests in 'test_suite_psa_crypto_op_fail' that would never be executed.
+    scripts/config.py set PSA_WANT_ECC_SECP_K1_192
+    scripts/config.py set PSA_WANT_ECC_SECP_R1_192
 
     # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
     PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)

From b2ba9fa68b64afeed108dd41f94060edb614f3f2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 18 Aug 2025 11:35:47 +0200
Subject: [PATCH 107/216] Simplify runtime version info string methods
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Return a const char* instead of taking a char* as an argument.

This aligns us with the interface used in TF PSA Crypto.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 ChangeLog.d/runtime-version-interface.txt |  9 +++++++++
 include/mbedtls/version.h                 | 17 ++++-------------
 library/version.c                         | 10 ++++------
 tests/suites/test_suite_version.function  | 10 ++++------
 4 files changed, 21 insertions(+), 25 deletions(-)
 create mode 100644 ChangeLog.d/runtime-version-interface.txt

diff --git a/ChangeLog.d/runtime-version-interface.txt b/ChangeLog.d/runtime-version-interface.txt
new file mode 100644
index 0000000000..1cf42665ca
--- /dev/null
+++ b/ChangeLog.d/runtime-version-interface.txt
@@ -0,0 +1,9 @@
+API changes
+   * Change the signature of the runtime version information methods that took
+     a char* as an argument to take zero arguments and return a const char*
+     instead. This aligns us with the interface used in TF PSA Crypto 1.0.
+     If you need to support linking against both Mbed TLS 3.x and 4.x, please
+     use the build-time version macros or mbedtls_version_get_number() to
+     determine the correct signature for mbedtls_version_get_string() and
+     mbedtls_version_get_string_full() before calling them.
+     Fixes issue #10308.
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 837787bc7f..4a0b216e3b 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -32,23 +32,14 @@ extern "C" {
 unsigned int mbedtls_version_get_number(void);
 
 /**
- * Get the version string ("x.y.z").
- *
- * \param string    The string that will receive the value.
- *                  (Should be at least 9 bytes in size)
+ * Get a pointer to the version string ("x.y.z").
  */
-void mbedtls_version_get_string(char *string);
+const char *mbedtls_version_get_string(void);
 
 /**
- * Get the full version string ("Mbed TLS x.y.z").
- *
- * \param string    The string that will receive the value. The Mbed TLS version
- *                  string will use 18 bytes AT MOST including a terminating
- *                  null byte.
- *                  (So the buffer should be at least 18 bytes to receive this
- *                  version string).
+ * Get a pointer to the full version string ("Mbed TLS x.y.z").
  */
-void mbedtls_version_get_string_full(char *string);
+const char *mbedtls_version_get_string_full(void);
 
 /**
  * \brief           Check if support for a feature was compiled into this
diff --git a/library/version.c b/library/version.c
index 2cd947da72..e828673c0d 100644
--- a/library/version.c
+++ b/library/version.c
@@ -17,16 +17,14 @@ unsigned int mbedtls_version_get_number(void)
     return MBEDTLS_VERSION_NUMBER;
 }
 
-void mbedtls_version_get_string(char *string)
+const char *mbedtls_version_get_string(void)
 {
-    memcpy(string, MBEDTLS_VERSION_STRING,
-           sizeof(MBEDTLS_VERSION_STRING));
+    return MBEDTLS_VERSION_STRING;
 }
 
-void mbedtls_version_get_string_full(char *string)
+const char *mbedtls_version_get_string_full(void)
 {
-    memcpy(string, MBEDTLS_VERSION_STRING_FULL,
-           sizeof(MBEDTLS_VERSION_STRING_FULL));
+    return MBEDTLS_VERSION_STRING_FULL;
 }
 
 #endif /* MBEDTLS_VERSION_C */
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index eeae512626..af0eb86d23 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -38,19 +38,17 @@ void check_compiletime_version(char *version_str)
 void check_runtime_version(char *version_str)
 {
     char build_str[100];
-    char get_str[100];
+    const char *get_str;
     char build_str_full[100];
-    char get_str_full[100];
+    const char *get_str_full;
     unsigned int get_int;
 
     memset(build_str, 0, 100);
-    memset(get_str, 0, 100);
     memset(build_str_full, 0, 100);
-    memset(get_str_full, 0, 100);
 
     get_int = mbedtls_version_get_number();
-    mbedtls_version_get_string(get_str);
-    mbedtls_version_get_string_full(get_str_full);
+    get_str = mbedtls_version_get_string();
+    get_str_full = mbedtls_version_get_string_full();
 
     mbedtls_snprintf(build_str, 100, "%u.%u.%u",
                      (get_int >> 24) & 0xFF,

From 8616ee762d77123b5dc30500d040920991242e94 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Mon, 18 Aug 2025 11:32:58 +0100
Subject: [PATCH 108/216] Change values for error tests

Previously these tests used values that will become PSA aliases,
and so the tests will fail once they're changed.

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 tests/suites/test_suite_error.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data
index dec5639ee0..e496841cf0 100644
--- a/tests/suites/test_suite_error.data
+++ b/tests/suites/test_suite_error.data
@@ -4,11 +4,11 @@ error_strerror:-0x0020:"AES - Invalid key length"
 
 Single high error
 depends_on:MBEDTLS_RSA_C
-error_strerror:-0x4080:"RSA - Bad input parameters to function"
+error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library"
 
 Low and high error
 depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C
-error_strerror:-0x40A0:"RSA - Bad input parameters to function \: AES - Invalid key length"
+error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length"
 
 Non existing high error
 error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)"

From 783d8adb15a8559c02ef99029775fa0096778b7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 18 Aug 2025 14:31:34 +0200
Subject: [PATCH 109/216] Update CMake linkage tests to new call signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 programs/test/cmake_package/cmake_package.c                 | 5 +----
 programs/test/cmake_package_install/cmake_package_install.c | 5 +----
 programs/test/cmake_subproject/cmake_subproject.c           | 5 +----
 3 files changed, 3 insertions(+), 12 deletions(-)

diff --git a/programs/test/cmake_package/cmake_package.c b/programs/test/cmake_package/cmake_package.c
index f7d5230f46..cd050e97bc 100644
--- a/programs/test/cmake_package/cmake_package.c
+++ b/programs/test/cmake_package/cmake_package.c
@@ -18,10 +18,7 @@
  * linkage works, but that is all. */
 int main()
 {
-    /* This version string is 18 bytes long, as advised by version.h. */
-    char version[18];
-
-    mbedtls_version_get_string_full(version);
+    const char *version = mbedtls_version_get_string_full();
 
     mbedtls_printf("Built against %s\n", version);
 
diff --git a/programs/test/cmake_package_install/cmake_package_install.c b/programs/test/cmake_package_install/cmake_package_install.c
index fb68883fee..a63f7dbb0f 100644
--- a/programs/test/cmake_package_install/cmake_package_install.c
+++ b/programs/test/cmake_package_install/cmake_package_install.c
@@ -19,10 +19,7 @@
  * linkage works, but that is all. */
 int main()
 {
-    /* This version string is 18 bytes long, as advised by version.h. */
-    char version[18];
-
-    mbedtls_version_get_string_full(version);
+    const char *version = mbedtls_version_get_string_full();
 
     mbedtls_printf("Built against %s\n", version);
 
diff --git a/programs/test/cmake_subproject/cmake_subproject.c b/programs/test/cmake_subproject/cmake_subproject.c
index efab789553..69b5d0b819 100644
--- a/programs/test/cmake_subproject/cmake_subproject.c
+++ b/programs/test/cmake_subproject/cmake_subproject.c
@@ -19,10 +19,7 @@
  * linkage works, but that is all. */
 int main()
 {
-    /* This version string is 18 bytes long, as advised by version.h. */
-    char version[18];
-
-    mbedtls_version_get_string_full(version);
+    const char *version = mbedtls_version_get_string_full();
 
     mbedtls_printf("Built against %s\n", version);
 

From 0e5fe877cc880e19a892c807170edd7af08d0913 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bence=20Sz=C3=A9pk=C3=BAti?= <bence.szepkuti@arm.com>
Date: Mon, 18 Aug 2025 14:38:01 +0200
Subject: [PATCH 110/216] Update PSASim tests to new call signature
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
---
 tests/psa-client-server/psasim/src/psa_sim_crypto_client.c | 4 ++--
 tests/psa-client-server/psasim/src/psa_sim_generate.pl     | 4 ++--
 tests/psa-client-server/psasim/src/server.c                | 3 +--
 3 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
index 635a70545a..9051f20535 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -73,12 +73,12 @@ int psa_crypto_call(int function,
 
 psa_status_t psa_crypto_init(void)
 {
-    char mbedtls_version[18];
+    const char *mbedtls_version;
     uint8_t *result = NULL;
     size_t result_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_version_get_string_full(mbedtls_version);
+    mbedtls_version = mbedtls_version_get_string_full();
     CLIENT_PRINT("%s", mbedtls_version);
 
     CLIENT_PRINT("My PID: %d", getpid());
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index 3eec226e16..0f4c86f817 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -390,12 +390,12 @@ int psa_crypto_call(int function,
 
 psa_status_t psa_crypto_init(void)
 {
-    char mbedtls_version[18];
+    const char *mbedtls_version;
     uint8_t *result = NULL;
     size_t result_length;
     psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
 
-    mbedtls_version_get_string_full(mbedtls_version);
+    mbedtls_version = mbedtls_version_get_string_full();
     CLIENT_PRINT("%s", mbedtls_version);
 
     CLIENT_PRINT("My PID: %d", getpid());
diff --git a/tests/psa-client-server/psasim/src/server.c b/tests/psa-client-server/psasim/src/server.c
index 44939f1c2a..aa0c75a488 100644
--- a/tests/psa-client-server/psasim/src/server.c
+++ b/tests/psa-client-server/psasim/src/server.c
@@ -56,8 +56,7 @@ int psa_server_main(int argc, char *argv[])
     extern psa_status_t psa_crypto_close(void);
 
 #if defined(MBEDTLS_VERSION_C)
-    char mbedtls_version[18];
-    mbedtls_version_get_string_full(mbedtls_version);
+    const char *mbedtls_version = mbedtls_version_get_string_full();
     SERVER_PRINT("%s", mbedtls_version);
 #endif
 

From 3f523748e097ff530b1886321be560e54473972b Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 18 Aug 2025 13:47:50 +0100
Subject: [PATCH 111/216] Add const to serial argument in
 mbedtls_x509write_crt_set_serial_raw

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/x509_crt.h | 2 +-
 library/x509write_crt.c    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index bf418a6851..bbe5fc45cf 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -956,7 +956,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
  *                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
  */
 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
-                                         unsigned char *serial, size_t serial_len);
+                                         const unsigned char *serial, size_t serial_len);
 
 /**
  * \brief           Set the validity period for a Certificate
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 1f8a006de6..663b308d62 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -94,7 +94,7 @@ int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
 }
 
 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
-                                         unsigned char *serial, size_t serial_len)
+                                         const unsigned char *serial, size_t serial_len)
 {
     if (serial_len > MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN) {
         return MBEDTLS_ERR_X509_BAD_INPUT_DATA;

From 37ede2c3b4b96987b525e22878564b0d489da84a Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Mon, 18 Aug 2025 14:46:39 +0100
Subject: [PATCH 112/216] Unify generic errors to PSA errors

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 include/mbedtls/net_sockets.h | 12 +++----
 include/mbedtls/pkcs7.h       |  8 ++---
 include/mbedtls/ssl.h         | 66 +++++++++++++++++------------------
 include/mbedtls/x509.h        | 10 +++---
 include/mbedtls/x509_crt.h    | 28 +++++++--------
 include/mbedtls/x509_csr.h    |  8 ++---
 6 files changed, 66 insertions(+), 66 deletions(-)

diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 8e69bc0fb3..f4eb683d3a 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -53,7 +53,7 @@
 /** Failed to get an IP address for the given hostname. */
 #define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052
 /** Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  PSA_ERROR_BUFFER_TOO_SMALL
 /** The context is invalid, eg because it was free()ed. */
 #define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045
 /** Polling the net context failed. */
@@ -147,11 +147,11 @@ int mbedtls_net_bind(mbedtls_net_context *ctx, const char *bind_ip, const char *
  *                  can be NULL if client_ip is null
  *
  * \return          0 if successful, or
- *                  MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                  MBEDTLS_ERR_NET_BIND_FAILED,
- *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
- *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
- *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
+ *                  #MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                  #MBEDTLS_ERR_NET_BIND_FAILED,
+ *                  #MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  #PSA_ERROR_BUFFER_TOO_SMALL if buf_size is too small,
+ *                  #MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
  *                  non-blocking and accept() would block.
  */
 int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index e9b482208e..cf9e4407ce 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -53,11 +53,11 @@
 #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO             -0x5480  /**< The PKCS #7 content info is invalid or cannot be parsed. */
 #define MBEDTLS_ERR_PKCS7_INVALID_ALG                      -0x5500  /**< The algorithm tag or value is invalid or cannot be parsed. */
 #define MBEDTLS_ERR_PKCS7_INVALID_CERT                     -0x5580  /**< The certificate tag or value is invalid or cannot be parsed. */
-#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE                -0x5600  /**< Error parsing the signature */
+#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE                PSA_ERROR_INVALID_SIGNATURE  /**< Error parsing the signature */
 #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO              -0x5680  /**< Error parsing the signer's info */
-#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA                   -0x5700  /**< Input invalid. */
-#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED                     -0x5780  /**< Allocation of memory failed. */
-#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL                      -0x5800  /**< Verification Failed */
+#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA                   PSA_ERROR_INVALID_ARGUMENT  /**< Input invalid. */
+#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED                     PSA_ERROR_INSUFFICIENT_MEMORY  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL                      PSA_ERROR_INVALID_SIGNATURE  /**< Verification Failed */
 #define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID                -0x5880  /**< The PKCS #7 date issued/expired dates are invalid */
 /* \} name */
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 628d5c7e71..ab3f256913 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -44,7 +44,7 @@
 /** The requested feature is not available. */
 #define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    PSA_ERROR_INVALID_ARGUMENT
 /** Verification of the message MAC failed. */
 #define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180
 /** An invalid SSL record was received. */
@@ -105,7 +105,7 @@
 /** Cache entry not found */
 #define MBEDTLS_ERR_SSL_CACHE_ENTRY_NOT_FOUND             -0x7E80
 /** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      PSA_ERROR_INSUFFICIENT_MEMORY
 /** Hardware acceleration function returned with error */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80
 /** Hardware acceleration function skipped / left alone data */
@@ -129,7 +129,7 @@
 /** DTLS client must retry for hello verification */
 #define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80
 /** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  PSA_ERROR_BUFFER_TOO_SMALL
 /* Error space gap */
 /** No data of requested type currently available on underlying transport. */
 #define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900
@@ -1912,7 +1912,7 @@ void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
  * \param ssl      SSL context
  * \param conf     SSL configuration to use
  *
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
+ * \return         0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY if
  *                 memory allocation failed
  */
 int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
@@ -1924,7 +1924,7 @@ int mbedtls_ssl_setup(mbedtls_ssl_context *ssl,
  *                 pointers and data.
  *
  * \param ssl      SSL context
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
+ * \return         0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY or
                    MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
  */
 int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
@@ -2579,14 +2579,14 @@ void mbedtls_ssl_conf_session_tickets_cb(mbedtls_ssl_config *conf,
  *                              milliseconds.
  *
  * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if an input is not valid.
+ *                 #PSA_ERROR_INVALID_ARGUMENT if an input is not valid.
  */
 static inline int mbedtls_ssl_session_get_ticket_creation_time(
     mbedtls_ssl_session *session, mbedtls_ms_time_t *ticket_creation_time)
 {
     if (session == NULL || ticket_creation_time == NULL ||
         session->MBEDTLS_PRIVATE(endpoint) != MBEDTLS_SSL_IS_SERVER) {
-        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+        return PSA_ERROR_INVALID_ARGUMENT;
     }
 
     *ticket_creation_time = session->MBEDTLS_PRIVATE(ticket_creation_time);
@@ -2937,8 +2937,8 @@ void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
  * \note           An internal copy is made, so the info buffer can be reused.
  *
  * \return         0 on success,
- *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
- *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
+ *                 #PSA_ERROR_INVALID_ARGUMENT if used on client,
+ *                 #PSA_ERROR_INSUFFICIENT_MEMORY if out of memory.
  */
 int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
                                         const unsigned char *info,
@@ -3175,8 +3175,8 @@ int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl, const mbedtls_ssl_session
  * \param len      The size of the serialized data in bytes.
  *
  * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return         #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed.
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
  * \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
  *                 was generated in a different version or configuration of
  *                 Mbed TLS.
@@ -3215,7 +3215,7 @@ int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
  *                 tickets.
  *
  * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
+ * \return         #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small.
  * \return         #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if the
  *                 MBEDTLS_SSL_SESSION_TICKETS configuration option is disabled
  *                 and the session is a TLS 1.3 session.
@@ -3348,7 +3348,7 @@ void mbedtls_ssl_conf_tls13_key_exchange_modes(mbedtls_ssl_config *conf,
  *                      record headers.
  *
  * \return              \c 0 on success.
- * \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len
+ * \return              #PSA_ERROR_INVALID_ARGUMENT if \p len
  *                      is too large.
  */
 int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
@@ -3495,7 +3495,7 @@ void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
  *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ * \return         0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
                               mbedtls_x509_crt *own_cert,
@@ -3744,8 +3744,8 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
  *                 #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
  *                 for more details.
  *
- * \return         0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
- *                 allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \return         0 if successful, #PSA_ERROR_INSUFFICIENT_MEMORY on
+ *                 allocation failure, #PSA_ERROR_INVALID_ARGUMENT on
  *                 too long input hostname.
  *
  *                 Hostname set to the one provided on success (cleared
@@ -3805,7 +3805,7 @@ const unsigned char *mbedtls_ssl_get_hs_sni(mbedtls_ssl_context *ssl,
  * \param own_cert own public certificate chain
  * \param pk_key   own private key
  *
- * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
+ * \return         0 on success or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
                                 mbedtls_x509_crt *own_cert,
@@ -3934,7 +3934,7 @@ int mbedtls_ssl_set_hs_ecjpake_password_opaque(mbedtls_ssl_context *ssl,
  *                 the lifetime of the table must be at least as long as the
  *                 lifetime of the SSL configuration structure.
  *
- * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
+ * \return         0 on success, or #PSA_ERROR_INVALID_ARGUMENT.
  */
 int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
                                     const char *const *protos);
@@ -4001,7 +4001,7 @@ void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
  *                          (excluding the terminating MBEDTLS_TLS_SRTP_UNSET).
  *
  * \return                  0 on success
- * \return                  #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
+ * \return                  #PSA_ERROR_INVALID_ARGUMENT when the list of
  *                          protection profiles is incorrect.
  */
 int mbedtls_ssl_conf_dtls_srtp_protection_profiles
@@ -4021,7 +4021,7 @@ int mbedtls_ssl_conf_dtls_srtp_protection_profiles
  *                         is ignored.
  *
  * \return                 0 on success
- * \return                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ * \return                 #PSA_ERROR_INVALID_ARGUMENT
  * \return                 #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
  */
 int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
@@ -4166,7 +4166,7 @@ void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
  *                 MBEDTLS_SSL_MAX_FRAG_LEN_512,  MBEDTLS_SSL_MAX_FRAG_LEN_1024,
  *                 MBEDTLS_SSL_MAX_FRAG_LEN_2048, MBEDTLS_SSL_MAX_FRAG_LEN_4096)
  *
- * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
+ * \return         0 if successful or #PSA_ERROR_INVALID_ARGUMENT
  */
 int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf, unsigned char mfl_code);
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
@@ -4892,7 +4892,7 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
  *                 fragment length (either the built-in limit or the one set
  *                 or negotiated with the peer), then:
  *                 - with TLS, less bytes than requested are written.
- *                 - with DTLS, MBEDTLS_ERR_SSL_BAD_INPUT_DATA is returned.
+ *                 - with DTLS, #PSA_ERROR_INVALID_ARGUMENT is returned.
  *                 \c mbedtls_ssl_get_max_out_record_payload() may be used to
  *                 query the active maximum fragment length.
  *
@@ -4976,7 +4976,7 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
  * \param len      maximum number of bytes to read
  *
  * \return         The (positive) number of bytes read if successful.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
  * \return         #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not
  *                 possible to read early data for the SSL context \p ssl. Note
  *                 that this function is intended to be called for an SSL
@@ -5082,10 +5082,10 @@ int mbedtls_ssl_write_early_data(mbedtls_ssl_context *ssl,
  *
  * \param ssl      The SSL context to query
  *
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if this function is called
  *                 from the server-side.
  *
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if this function is called
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if this function is called
  *                 prior to completion of the handshake.
  *
  * \return         #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_INDICATED if the client
@@ -5134,7 +5134,7 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
  *
  * \note           This feature is currently only available under certain
  *                 conditions, see the documentation of the return value
- *                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA for details.
+ *                 #PSA_ERROR_INVALID_ARGUMENT for details.
  *
  * \note           When this function succeeds, it calls
  *                 mbedtls_ssl_session_reset() on \p ssl which as a result is
@@ -5159,15 +5159,15 @@ void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
  *                 to determine the necessary size by calling this function
  *                 with \p buf set to \c NULL and \p buf_len to \c 0. However,
  *                 the value of \p olen is only guaranteed to be correct when
- *                 the function returns #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL or
+ *                 the function returns #PSA_ERROR_BUFFER_TOO_SMALL or
  *                 \c 0. If the return value is different, then the value of
  *                 \p olen is undefined.
  *
  * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed
+ * \return         #PSA_ERROR_BUFFER_TOO_SMALL if \p buf is too small.
+ * \return         #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed
  *                 while resetting the context.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if a handshake is in
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if a handshake is in
  *                 progress, or there is pending data for reading or sending,
  *                 or the connection does not use DTLS 1.2 with an AEAD
  *                 ciphersuite, or renegotiation is enabled.
@@ -5240,10 +5240,10 @@ int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
  * \param len      The size of the serialized data in bytes.
  *
  * \return         \c 0 if successful.
- * \return         #MBEDTLS_ERR_SSL_ALLOC_FAILED if memory allocation failed.
+ * \return         #PSA_ERROR_INSUFFICIENT_MEMORY if memory allocation failed.
  * \return         #MBEDTLS_ERR_SSL_VERSION_MISMATCH if the serialized data
  *                 comes from a different Mbed TLS version or build.
- * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return         #PSA_ERROR_INVALID_ARGUMENT if input data is invalid.
  */
 int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
                              const unsigned char *buf,
@@ -5352,7 +5352,7 @@ int  mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
  *       context_len are ignored and a 0-length context is used.
  *
  * \return            0 on success.
- * \return            MBEDTLS_ERR_SSL_BAD_INPUT_DATA if the handshake is not yet completed.
+ * \return            #PSA_ERROR_INVALID_ARGUMENT if the handshake is not yet completed.
  * \return            An SSL-specific error on failure.
  */
 int mbedtls_ssl_export_keying_material(mbedtls_ssl_context *ssl,
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index b1a80e3011..a021a7d996 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -58,7 +58,7 @@
 /** The date tag or value is invalid. */
 #define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400
 /** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                PSA_ERROR_INVALID_SIGNATURE
 /** The extension tag or value is invalid. */
 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500
 /** CRT/CRL/CSR has an unsupported version number. */
@@ -68,17 +68,17 @@
 /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
 #define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680
 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               PSA_ERROR_INVALID_SIGNATURE
 /** Format not recognized as DER or PEM. */
 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780
 /** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   PSA_ERROR_INVALID_ARGUMENT
 /** Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880
+#define MBEDTLS_ERR_X509_ALLOC_FAILED                     PSA_ERROR_INSUFFICIENT_MEMORY
 /** Read/write of file failed. */
 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900
 /** Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 PSA_ERROR_BUFFER_TOO_SMALL
 /** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
 /** \} name X509 Error codes */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index bf418a6851..6b81652bb0 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -234,7 +234,7 @@ mbedtls_x509write_cert;
  * \param ctx       Certificate context to use
  * \param san_list  List of SAN values
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  *
  * \note            "dnsName", "uniformResourceIdentifier", "IP address",
  *                  "otherName", and "DirectoryName", as defined in RFC 5280,
@@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
  *                 other than fatal error, as a non-zero return code
  *                 immediately aborts the verification process. For fatal
  *                 errors, a specific error code should be used (different
- *                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+ *                 from #PSA_ERROR_INVALID_SIGNATURE which should not
  *                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
  *                 can be used if no better code is available.
  *
@@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
  *
  * \return         \c 0 if the chain is valid with respect to the
  *                 passed CN, CAs, CRLs and security profile.
- * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * \return         #PSA_ERROR_INVALID_SIGNATURE in case the
  *                 certificate chain verification failed. In this case,
  *                 \c *flags will have one or more
  *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
  *
  * \return         \c 0 if the chain is valid with respect to the
  *                 passed CN, CAs, CRLs and security profile.
- * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
+ * \return         #PSA_ERROR_INVALID_SIGNATURE in case the
  *                 certificate chain verification failed. In this case,
  *                 \c *flags will have one or more
  *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
  *                 that bit MAY be set.
  *
  * \return         0 is these uses of the certificate are allowed,
- *                 MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
+ *                 #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension
  *                 is present but does not match the usage argument.
  *
  * \note           You should only call this function on leaf certificates, on
@@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
  * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
  *
  * \return          0 if this use of the certificate is allowed,
- *                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
+ *                  #PSA_ERROR_INVALID_ARGUMENT if not.
  *
  * \note            Usually only makes sense on leaf certificates.
  */
@@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
  *                     input buffer
  *
  * \return          0 if successful, or
- *                  MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
+ *                  #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer
  *                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
  */
 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
@@ -1041,7 +1041,7 @@ void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx, mbedtls_md_ty
  * \param val       value of the extension OCTET STRING
  * \param val_len   length of the value data
  *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
                                         const char *oid, size_t oid_len,
@@ -1057,7 +1057,7 @@ int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
  *                      certificate (only for CA certificates, -1 is
  *                      unlimited)
  *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
                                                 int is_ca, int max_pathlen);
@@ -1070,7 +1070,7 @@ int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
  *
  * \param ctx       CRT context to use
  *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx);
 
@@ -1081,7 +1081,7 @@ int mbedtls_x509write_crt_set_subject_key_identifier(mbedtls_x509write_cert *ctx
  *
  * \param ctx       CRT context to use
  *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *ctx);
 #endif /* PSA_WANT_ALG_SHA_1 */
@@ -1093,7 +1093,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier(mbedtls_x509write_cert *c
  * \param ctx       CRT context to use
  * \param key_usage key usage flags to set
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
                                         unsigned int key_usage);
@@ -1106,7 +1106,7 @@ int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
  * \param exts      extended key usage extensions to set, a sequence of
  *                  MBEDTLS_ASN1_OID objects
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
                                             const mbedtls_asn1_sequence *exts);
@@ -1118,7 +1118,7 @@ int mbedtls_x509write_crt_set_ext_key_usage(mbedtls_x509write_cert *ctx,
  * \param ctx           CRT context to use
  * \param ns_cert_type  Netscape Cert Type flags to set
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
                                            unsigned char ns_cert_type);
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index b11539440c..60a553f55d 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -263,7 +263,7 @@ void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx, mbedtls_md_typ
  * \param ctx       CSR context to use
  * \param key_usage key usage flags to set
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  *
  * \note            The <code>decipherOnly</code> flag from the Key Usage
  *                  extension is represented by bit 8 (i.e.
@@ -281,7 +281,7 @@ int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx, unsigned cha
  * \param ctx       CSR context to use
  * \param san_list  List of SAN values
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  *
  * \note            Only "dnsName", "uniformResourceIdentifier" and "otherName",
  *                  as defined in RFC 5280, are supported.
@@ -296,7 +296,7 @@ int mbedtls_x509write_csr_set_subject_alternative_name(mbedtls_x509write_csr *ct
  * \param ctx           CSR context to use
  * \param ns_cert_type  Netscape Cert Type flags to set
  *
- * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
                                            unsigned char ns_cert_type);
@@ -312,7 +312,7 @@ int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
  * \param val       value of the extension OCTET STRING
  * \param val_len   length of the value data
  *
- * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
+ * \return          0 if successful, or a #PSA_ERROR_INSUFFICIENT_MEMORY
  */
 int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
                                         const char *oid, size_t oid_len,

From f5b48c3d9c741d3b8e0519eb3a77ae0a5f7ee9ee Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Mon, 18 Aug 2025 14:52:41 +0100
Subject: [PATCH 113/216] Add Changelog and documentation

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 ChangeLog.d/unify-errors.txt            |  8 ++++++++
 docs/4.0-migration-guide/error-codes.md | 14 ++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 ChangeLog.d/unify-errors.txt

diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt
new file mode 100644
index 0000000000..3dad7f3b67
--- /dev/null
+++ b/ChangeLog.d/unify-errors.txt
@@ -0,0 +1,8 @@
+API changes
+   * Make the following error codes aliases of their PSA equivalents, where
+     xxx is a module, e.g. X509 or SSL.
+     MBEDTLS_ERR_xxx_BAD_INPUT_DATA    -> PSA_ERROR_INVALID_ARGUMENT
+     MBEDTLS_ERR_xxx_ALLOC_FAILED      -> PSA_ERROR_INSUFFICIENT_MEMORY
+     MBEDTLS_ERR_xxx_VERIFY_FAILED     -> PSA_ERROR_INVALID_SIGNATURE
+     MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE
+     MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL  -> PSA_ERROR_BUFFER_TOO_SMALL
diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md
index 074acc04bb..3bcdb8c580 100644
--- a/docs/4.0-migration-guide/error-codes.md
+++ b/docs/4.0-migration-guide/error-codes.md
@@ -18,6 +18,8 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l
 
 Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface.
 
+#### Specific error codes
+
 | Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) |
 | ------------------------------ | --------------------------- |
 | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` |
@@ -25,4 +27,16 @@ Many legacy error codes have been removed in favor of PSA error codes. Generally
 | `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`
 | `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` |
 
+#### General Replacements
+
+The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code.
+
+| Legacy constant (Mbed TLS 3.6)  | PSA constant (TF-PSA-Crypto 1.0) |
+|---------------------------------| ---------------------------------------------- |
+| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` |
+| `MBEDTLS_ERR_xxx_ALLOC_FAILED`  | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` |
+| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` |
+| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL` |
+
 See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.

From f8b4aa135b565c65db8f8336782f7edf9eb5f8e6 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 19 Aug 2025 07:52:48 +0100
Subject: [PATCH 114/216] Add ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/509write_crt_set_serial_raw-alignment.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/509write_crt_set_serial_raw-alignment.txt

diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt
new file mode 100644
index 0000000000..1fc938bdcb
--- /dev/null
+++ b/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt
@@ -0,0 +1,3 @@
+API changes
+    * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw
+      function so a const to align with the restof the API.

From e984d35590a1fc8351a9b01096fa193cf9c76cb6 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Tue, 19 Aug 2025 10:06:27 +0100
Subject: [PATCH 115/216] Fix ssl tests expecting old X509 error output

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 tests/ssl-opt.sh | 98 ++++++++++++++++++++++++------------------------
 1 file changed, 49 insertions(+), 49 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d0278b123c..35afb8fcf9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5839,7 +5839,7 @@ run_test    "Authentication: server badcert, client required" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "send alert level=2 message=48" \
-            -c "X509 - Certificate verification failed"
+            -c "Last error was: \(-0x95\|-149\)"
             # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
 # We don't check that the server receives the alert because it might
 # detect that its write end of the connection is closed and abort
@@ -5854,7 +5854,7 @@ run_test    "Authentication: server badcert, client required (1.2)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "send alert level=2 message=48" \
-            -c "X509 - Certificate verification failed"
+            -c "Last error was: \(-0x95\|-149\)"
             # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
 
 run_test    "Authentication: server badcert, client optional" \
@@ -5866,7 +5866,7 @@ run_test    "Authentication: server badcert, client optional" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: server badcert, client optional (1.2)" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5877,7 +5877,7 @@ run_test    "Authentication: server badcert, client optional (1.2)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: server badcert, client none" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5888,7 +5888,7 @@ run_test    "Authentication: server badcert, client none" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: server badcert, client none (1.2)" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5899,7 +5899,7 @@ run_test    "Authentication: server badcert, client none (1.2)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: server goodcert, client required, no trusted CA" \
             "$P_SRV" \
@@ -5930,7 +5930,7 @@ run_test    "Authentication: server goodcert, client optional, no trusted CA" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed" \
+            -C "Last error was: \(-0x95\|-149\)" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
@@ -5942,7 +5942,7 @@ run_test    "Authentication: server goodcert, client optional, no trusted CA (1.
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed" \
+            -C "Last error was: \(-0x95\|-149\)" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 run_test    "Authentication: server goodcert, client none, no trusted CA" \
@@ -5953,7 +5953,7 @@ run_test    "Authentication: server goodcert, client none, no trusted CA" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed" \
+            -C "Last error was: \(-0x95\|-149\)" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
@@ -5965,7 +5965,7 @@ run_test    "Authentication: server goodcert, client none, no trusted CA (1.2)"
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed" \
+            -C "Last error was: \(-0x95\|-149\)" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 # The next few tests check what happens if the server has a valid certificate
@@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname match, client required, CA callback" \
          "$P_SRV" \
@@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \
          -c "use CA callback for X.509 CRT verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch (wrong), client required" \
          "$P_SRV" \
@@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "X509 - Certificate verification failed"
+         -c "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch (empty), client required" \
          "$P_SRV" \
@@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "X509 - Certificate verification failed"
+         -c "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch (truncated), client required" \
          "$P_SRV" \
@@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "X509 - Certificate verification failed"
+         -c "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch (last char), client required" \
          "$P_SRV" \
@@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "X509 - Certificate verification failed"
+         -c "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch (trailing), client required" \
          "$P_SRV" \
@@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "X509 - Certificate verification failed"
+         -c "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch, client optional" \
          "$P_SRV" \
@@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \
          0 \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname mismatch, client none" \
          "$P_SRV" \
@@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname null, client required" \
          "$P_SRV" \
@@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname null, client optional" \
          "$P_SRV" \
@@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \
          -C "Certificate verification without having set hostname" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname null, client none" \
          "$P_SRV" \
@@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client required" \
          "$P_SRV" \
@@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client required, CA callback" \
          "$P_SRV" \
@@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \
          -C "use CA callback for X.509 CRT verification" \
          -C "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client optional" \
          "$P_SRV" \
@@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \
          -c "Certificate verification without having set hostname" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client none" \
          "$P_SRV" \
@@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \
          "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2
          -C "Certificate verification without CN verification" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \
@@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3
          -C "Certificate verification without CN verification" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
          "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
@@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2"
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
@@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3"
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "X509 - Certificate verification failed"
+         -C "Last error was: \(-0x95\|-149\)"
 
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because
@@ -6252,7 +6252,7 @@ run_test    "Authentication: client badcert, server required" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -s "send alert level=2 message=48" \
-            -s "X509 - Certificate verification failed"
+            -s "Last error was: \(-0x95\|-149\)"
 # We don't check that the client receives the alert because it might
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
@@ -6270,7 +6270,7 @@ run_test    "Authentication: client cert self-signed and trusted, server require
             -S "skip parse certificate verify" \
             -S "x509_verify_cert() returned" \
             -S "! The certificate is not correctly signed" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: client cert not trusted, server required" \
             "$P_SRV debug_level=3 auth_mode=required" \
@@ -6286,7 +6286,7 @@ run_test    "Authentication: client cert not trusted, server required" \
             -s "x509_verify_cert() returned" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
+            -s "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: client badcert, server optional" \
             "$P_SRV debug_level=3 auth_mode=optional" \
@@ -6303,7 +6303,7 @@ run_test    "Authentication: client badcert, server optional" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: client badcert, server none" \
             "$P_SRV debug_level=3 auth_mode=none" \
@@ -6320,7 +6320,7 @@ run_test    "Authentication: client badcert, server none" \
             -S "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication: client no cert, server optional" \
             "$P_SRV debug_level=3 auth_mode=optional" \
@@ -6336,7 +6336,7 @@ run_test    "Authentication: client no cert, server optional" \
             -s "! Certificate was missing" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 run_test    "Authentication: openssl client no cert, server optional" \
@@ -6347,7 +6347,7 @@ run_test    "Authentication: openssl client no cert, server optional" \
             -s "skip parse certificate verify" \
             -s "! Certificate was missing" \
             -S "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Authentication: client no cert, openssl server optional" \
@@ -6483,7 +6483,7 @@ run_test    "Authentication: send CA list in CertificateRequest, client self sig
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -c "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
+            -s "Last error was: \(-0x95\|-149\)"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication: send alt conf DN hints in CertificateRequest" \
@@ -6530,7 +6530,7 @@ run_test    "Authentication, CA callback: server badcert, client required" \
             -c "x509_verify_cert() returned" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
-            -c "X509 - Certificate verification failed"
+            -c "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication, CA callback: server badcert, client optional" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6541,7 +6541,7 @@ run_test    "Authentication, CA callback: server badcert, client optional" \
             -c "x509_verify_cert() returned" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication, CA callback: server badcert, client none" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6552,7 +6552,7 @@ run_test    "Authentication, CA callback: server badcert, client none" \
             -C "x509_verify_cert() returned" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because
@@ -6619,7 +6619,7 @@ run_test    "Authentication, CA callback: client badcert, server required" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -s "send alert level=2 message=48" \
-            -s "X509 - Certificate verification failed"
+            -s "Last error was: \(-0x95\|-149\)"
 # We don't check that the client receives the alert because it might
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
@@ -6639,7 +6639,7 @@ run_test    "Authentication, CA callback: client cert not trusted, server requir
             -s "x509_verify_cert() returned" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
-            -s "X509 - Certificate verification failed"
+            -s "Last error was: \(-0x95\|-149\)"
 
 run_test    "Authentication, CA callback: client badcert, server optional" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
@@ -6657,7 +6657,7 @@ run_test    "Authentication, CA callback: client badcert, server optional" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "X509 - Certificate verification failed"
+            -S "Last error was: \(-0x95\|-149\)"
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
@@ -9498,7 +9498,7 @@ run_test    "EC restart: TLS, max_ops=1000, badsign" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
-            -c "X509 - Certificate verification failed"
+            -c "Last error was: \(-0x95\|-149\)"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
@@ -9518,7 +9518,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
@@ -9538,7 +9538,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
@@ -9558,7 +9558,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)"
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
@@ -9578,7 +9578,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "X509 - Certificate verification failed"
+            -C "Last error was: \(-0x95\|-149\)"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE

From 1a1ff64f42de8858680b2262e7bbbd2550d3eebf Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Tue, 19 Aug 2025 11:11:58 +0100
Subject: [PATCH 116/216] Remove tf-psa-crypto/include/mbedtls/private from
 Doxygen

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 doxygen/mbedtls.doxyfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 04a4f170d0..00e64d05c9 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -8,6 +8,7 @@ EXTRACT_STATIC         = YES
 CASE_SENSE_NAMES       = NO
 INPUT                  = ../include input ../tf-psa-crypto/include ../tests/include/alt-dummy
 FILE_PATTERNS          = *.h
+EXCLUDE                = ../tf-psa-crypto/include/mbedtls/private
 RECURSIVE              = YES
 EXCLUDE_SYMLINKS       = YES
 SOURCE_BROWSER         = YES

From 24e3388cf3bb50c1d4b762aed63b63de036ffd96 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 19 Aug 2025 16:56:25 +0100
Subject: [PATCH 117/216] Clarify use of CC and friends for file generation

Add more detail around how generation of configuration-independent files
chooses a C compiler. Mention that setting HOSTCC or CC is recommended
where there are multiple toolchains.

Mention that the fallback location is the cc executable, which may help
users troubleshooting when the file generation picks up the wrong
toolchain (as in Mbed-TLS/mbedtls#10360).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 README.md | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index fc1536e23c..7981a0236d 100644
--- a/README.md
+++ b/README.md
@@ -72,7 +72,13 @@ The following tools are required:
     Depending on your Python installation, you may need to invoke `python` instead of `python3`. To install the packages system-wide, omit the `--user` option.
 * A C compiler for the host platform, for some test data.
 
-If you are cross-compiling, you must set the `CC` environment variable to a C compiler for the host platform when generating the configuration-independent files.
+The scripts that generate the configuration-independent files will look for a host C compiler in the following places (in order of preference):
+
+1. The `HOSTCC` environment variable. This can be used if `CC` is pointing to a cross-compiler.
+2. The `CC` environment variable.
+3. An executable called `cc` in the current path.
+
+Note: If you have multiple toolchains installed, it is recommended to set `CC` or `HOSTCC` to the intended host compiler before generating the files.
 
 Any of the following methods are available to generate the configuration-independent files:
 

From f3486e198b94aa9ffe52e3db303ec19fbcbc985c Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Mon, 18 Aug 2025 14:09:26 +0100
Subject: [PATCH 118/216] components-configuration-crypto.sh: Added setters for
 MBEDTLS_PSA_CRYPTO_RNG_HASH

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index f7647415c5..4714194565 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2354,14 +2354,15 @@ component_test_block_cipher_no_decrypt_aesce_armcc () {
 }
 
 component_test_ctr_drbg_aes_256_sha_256 () {
-    msg "build: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+    msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+    msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     make test
 }
 
@@ -2378,15 +2379,16 @@ component_test_ctr_drbg_aes_128_sha_512 () {
 }
 
 component_test_ctr_drbg_aes_128_sha_256 () {
-    msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+    msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
     scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_ENTROPY_FORCE_SHA256 (ASan build)"
+    msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     make test
 }
 

From 3492807e0b337925011e16d7d79b25e20709d59d Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 20 Aug 2025 10:26:11 +0100
Subject: [PATCH 119/216] Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC

Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from
components-configuration-crypto.sh. Replace them with
PSA_WANT_ALG_DETERMINISTIC_ECDSA.

This is safe because:
* MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order
  to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C.
* MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in
  config_adjust_legacy_from_psa.h, and only if
  PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined.

Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset
of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include
MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a
sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index f7647415c5..4d7fceffe3 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
     msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
-    scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
 
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
@@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () {
     scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
-    scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # requires HMAC_DRBG
+    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
     msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
@@ -293,7 +293,6 @@ component_test_crypto_full_md_light_only () {
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
     scripts/config.py unset MBEDTLS_PKCS7_C
     # Disable indirect dependencies of MD_C
-    scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC # needs HMAC_DRBG
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
     # Disable things that would auto-enable MD_C
     scripts/config.py unset MBEDTLS_PKCS5_C
@@ -1656,7 +1655,6 @@ config_psa_crypto_hmac_use_psa () {
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
     scripts/config.py unset MBEDTLS_HKDF_C
     # Dependencies of HMAC_DRBG
-    scripts/config.py unset MBEDTLS_ECDSA_DETERMINISTIC
     scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
 }
 

From ed7058730a60d473fa8ae5b86393ec34bec79681 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Wed, 20 Aug 2025 10:51:23 +0100
Subject: [PATCH 120/216] Removed the directory with the programs, and its
 inclusion in the parent directory CMakeLists.txt file

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 programs/CMakeLists.txt        |   2 +-
 programs/pkey/CMakeLists.txt   |  19 --
 programs/pkey/dh_prime.txt     |   2 -
 programs/pkey/gen_key.c        | 478 ---------------------------------
 programs/pkey/pk_sign.c        | 154 -----------
 programs/pkey/pk_verify.c      | 129 ---------
 programs/pkey/rsa_priv.txt     |   8 -
 programs/pkey/rsa_pub.txt      |   2 -
 programs/pkey/rsa_sign_pss.c   | 160 -----------
 programs/pkey/rsa_verify_pss.c | 137 ----------
 10 files changed, 1 insertion(+), 1090 deletions(-)
 delete mode 100644 programs/pkey/CMakeLists.txt
 delete mode 100644 programs/pkey/dh_prime.txt
 delete mode 100644 programs/pkey/gen_key.c
 delete mode 100644 programs/pkey/pk_sign.c
 delete mode 100644 programs/pkey/pk_verify.c
 delete mode 100644 programs/pkey/rsa_priv.txt
 delete mode 100644 programs/pkey/rsa_pub.txt
 delete mode 100644 programs/pkey/rsa_sign_pss.c
 delete mode 100644 programs/pkey/rsa_verify_pss.c

diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 1e5b2a4b67..1aba21b756 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt
@@ -4,7 +4,7 @@ add_custom_target(${programs_target})
 if (NOT WIN32)
     add_subdirectory(fuzz)
 endif()
-add_subdirectory(pkey)
+
 add_subdirectory(ssl)
 add_subdirectory(test)
 add_subdirectory(util)
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
deleted file mode 100644
index a2b1836d58..0000000000
--- a/programs/pkey/CMakeLists.txt
+++ /dev/null
@@ -1,19 +0,0 @@
-set(executables_mbedcrypto
-    gen_key
-    pk_sign
-    pk_verify
-    rsa_sign_pss
-    rsa_verify_pss
-)
-add_dependencies(${programs_target} ${executables_mbedcrypto})
-
-foreach(exe IN LISTS executables_mbedcrypto)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables_mbedcrypto}
-        DESTINATION "bin"
-        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)
diff --git a/programs/pkey/dh_prime.txt b/programs/pkey/dh_prime.txt
deleted file mode 100644
index de0c281483..0000000000
--- a/programs/pkey/dh_prime.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-P = FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3DC2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F83655D23DCA3AD961C62F356208552BB9ED529077096966D670C354E4ABC9804F1746C08CA18217C32905E462E36CE3BE39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9DE2BCBF6955817183995497CEA956AE515D2261898FA051015728E5A8AACAA68FFFFFFFFFFFFFFFF
-G = 02
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
deleted file mode 100644
index ba35534388..0000000000
--- a/programs/pkey/gen_key.c
+++ /dev/null
@@ -1,478 +0,0 @@
-/*
- *  Key generation application
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_PK_WRITE_C) || !defined(MBEDTLS_PEM_WRITE_C) ||    \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) ||           \
-    !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_BIGNUM_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_PK_WRITE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
-                   "MBEDTLS_PEM_WRITE_C and/or MBEDTLS_BIGNUM_C "
-                   "not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#if !defined(_WIN32)
-#include <unistd.h>
-
-#define DEV_RANDOM_THRESHOLD        32
-
-static int dev_random_entropy_poll(void *data, unsigned char *output,
-                                   size_t len, size_t *olen)
-{
-    FILE *file;
-    size_t ret, left = len;
-    unsigned char *p = output;
-    ((void) data);
-
-    *olen = 0;
-
-    file = fopen("/dev/random", "rb");
-    if (file == NULL) {
-        return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-    }
-
-    while (left > 0) {
-        /* /dev/random can return much less than requested. If so, try again */
-        ret = fread(p, 1, left, file);
-        if (ret == 0 && ferror(file)) {
-            fclose(file);
-            return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
-        }
-
-        p += ret;
-        left -= ret;
-        sleep(1);
-    }
-    fclose(file);
-    *olen = len;
-
-    return 0;
-}
-#endif /* !_WIN32 */
-
-#if defined(MBEDTLS_ECP_C)
-#define DFL_EC_CURVE            mbedtls_ecp_curve_list()->grp_id
-#else
-#define DFL_EC_CURVE            0
-#endif
-
-#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
-#define USAGE_DEV_RANDOM \
-    "    use_dev_random=0|1    default: 0\n"
-#else
-#define USAGE_DEV_RANDOM ""
-#endif /* !_WIN32 && MBEDTLS_FS_IO */
-
-#define FORMAT_PEM              0
-#define FORMAT_DER              1
-
-#define DFL_TYPE                MBEDTLS_PK_RSA
-#define DFL_RSA_KEYSIZE         4096
-#define DFL_FILENAME            "keyfile.key"
-#define DFL_FORMAT              FORMAT_PEM
-#define DFL_USE_DEV_RANDOM      0
-
-#define USAGE \
-    "\n usage: gen_key param=<>...\n"                   \
-    "\n acceptable parameters:\n"                       \
-    "    type=rsa|ec           default: rsa\n"          \
-    "    rsa_keysize=%%d        default: 4096\n"        \
-    "    ec_curve=%%s           see below\n"            \
-    "    filename=%%s           default: keyfile.key\n" \
-    "    format=pem|der        default: pem\n"          \
-    USAGE_DEV_RANDOM                                    \
-    "\n"
-
-
-/*
- * global options
- */
-struct options {
-    int type;                   /* the type of key to generate          */
-    int rsa_keysize;            /* length of key in bits                */
-    int ec_curve;               /* curve identifier for EC keys         */
-    const char *filename;       /* filename of the key file             */
-    int format;                 /* the output format to use             */
-    int use_dev_random;         /* use /dev/random as entropy source    */
-} opt;
-
-static int write_private_key(mbedtls_pk_context *key, const char *output_file)
-{
-    int ret;
-    FILE *f;
-    unsigned char output_buf[16000];
-    unsigned char *c = output_buf;
-    size_t len = 0;
-
-    memset(output_buf, 0, 16000);
-    if (opt.format == FORMAT_PEM) {
-        if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
-            return ret;
-        }
-
-        len = strlen((char *) output_buf);
-    } else {
-        if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
-            return ret;
-        }
-
-        len = ret;
-        c = output_buf + sizeof(output_buf) - len;
-    }
-
-    if ((f = fopen(output_file, "wb")) == NULL) {
-        return -1;
-    }
-
-    if (fwrite(c, 1, len, f) != len) {
-        fclose(f);
-        return -1;
-    }
-
-    fclose(f);
-
-    return 0;
-}
-
-#if defined(MBEDTLS_ECP_C)
-static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
-{
-    int ret = 0;
-
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id(
-            mbedtls_ecp_keypair_get_group_id(ecp));
-    mbedtls_printf("curve: %s\n", curve_info->name);
-
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_group_init(&grp);
-    mbedtls_mpi D;
-    mbedtls_mpi_init(&D);
-    mbedtls_ecp_point pt;
-    mbedtls_ecp_point_init(&pt);
-    mbedtls_mpi X, Y;
-    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
-
-    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
-                                       (has_private ? &D : NULL),
-                                       &pt));
-
-    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
-    size_t len = 0;
-    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
-                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
-                        &len, point_bin, sizeof(point_bin)));
-    switch (mbedtls_ecp_get_type(&grp)) {
-        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
-            if ((len & 1) == 0 || point_bin[0] != 0x04) {
-                /* Point in an unxepected format. This shouldn't happen. */
-                ret = -1;
-                goto cleanup;
-            }
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
-            break;
-        case MBEDTLS_ECP_TYPE_MONTGOMERY:
-            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            break;
-        default:
-            mbedtls_printf(
-                "This program does not yet support listing coordinates for this curve type.\n");
-            break;
-    }
-
-    if (has_private) {
-        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
-    }
-
-cleanup:
-    mbedtls_ecp_group_free(&grp);
-    mbedtls_mpi_free(&D);
-    mbedtls_ecp_point_free(&pt);
-    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
-    return ret;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_pk_context key;
-    char buf[1024];
-    int i;
-    char *p, *q;
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-#endif /* MBEDTLS_RSA_C */
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "gen_key";
-#if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_curve_info *curve_info;
-#endif
-
-    /*
-     * Set to sane values
-     */
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-#endif /* MBEDTLS_RSA_C */
-
-    mbedtls_entropy_init(&entropy);
-    mbedtls_pk_init(&key);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    memset(buf, 0, sizeof(buf));
-
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-
-    if (argc < 2) {
-usage:
-        mbedtls_printf(USAGE);
-#if defined(MBEDTLS_ECP_C)
-        mbedtls_printf(" available ec_curve values:\n");
-        curve_info = mbedtls_ecp_curve_list();
-        mbedtls_printf("    %s (default)\n", curve_info->name);
-        while ((++curve_info)->name != NULL) {
-            mbedtls_printf("    %s\n", curve_info->name);
-        }
-#endif /* MBEDTLS_ECP_C */
-        goto exit;
-    }
-
-    opt.type                = DFL_TYPE;
-    opt.rsa_keysize         = DFL_RSA_KEYSIZE;
-    opt.ec_curve            = DFL_EC_CURVE;
-    opt.filename            = DFL_FILENAME;
-    opt.format              = DFL_FORMAT;
-    opt.use_dev_random      = DFL_USE_DEV_RANDOM;
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((q = strchr(p, '=')) == NULL) {
-            goto usage;
-        }
-        *q++ = '\0';
-
-        if (strcmp(p, "type") == 0) {
-            if (strcmp(q, "rsa") == 0) {
-                opt.type = MBEDTLS_PK_RSA;
-            } else if (strcmp(q, "ec") == 0) {
-                opt.type = MBEDTLS_PK_ECKEY;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "format") == 0) {
-            if (strcmp(q, "pem") == 0) {
-                opt.format = FORMAT_PEM;
-            } else if (strcmp(q, "der") == 0) {
-                opt.format = FORMAT_DER;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "rsa_keysize") == 0) {
-            opt.rsa_keysize = atoi(q);
-            if (opt.rsa_keysize < 1024 ||
-                opt.rsa_keysize > MBEDTLS_MPI_MAX_BITS) {
-                goto usage;
-            }
-        }
-#if defined(MBEDTLS_ECP_C)
-        else if (strcmp(p, "ec_curve") == 0) {
-            if ((curve_info = mbedtls_ecp_curve_info_from_name(q)) == NULL) {
-                goto usage;
-            }
-            opt.ec_curve = curve_info->grp_id;
-        }
-#endif
-        else if (strcmp(p, "filename") == 0) {
-            opt.filename = q;
-        } else if (strcmp(p, "use_dev_random") == 0) {
-            opt.use_dev_random = atoi(q);
-            if (opt.use_dev_random < 0 || opt.use_dev_random > 1) {
-                goto usage;
-            }
-        } else {
-            goto usage;
-        }
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-#if !defined(_WIN32) && defined(MBEDTLS_FS_IO)
-    if (opt.use_dev_random) {
-        if ((ret = mbedtls_entropy_add_source(&entropy, dev_random_entropy_poll,
-                                              NULL, DEV_RANDOM_THRESHOLD,
-                                              MBEDTLS_ENTROPY_SOURCE_STRONG)) != 0) {
-            mbedtls_printf(" failed\n  ! mbedtls_entropy_add_source returned -0x%04x\n",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-
-        mbedtls_printf("\n    Using /dev/random, so can take a long time! ");
-        fflush(stdout);
-    }
-#endif /* !_WIN32 && MBEDTLS_FS_IO */
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * 1.1. Generate the key
-     */
-    mbedtls_printf("\n  . Generating the private key ...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_setup(&key,
-                                mbedtls_pk_info_from_type((mbedtls_pk_type_t) opt.type))) != 0) {
-        mbedtls_printf(" failed\n  !  mbedtls_pk_setup returned -0x%04x", (unsigned int) -ret);
-        goto exit;
-    }
-
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME)
-    if (opt.type == MBEDTLS_PK_RSA) {
-        ret = mbedtls_rsa_gen_key(mbedtls_pk_rsa(key), mbedtls_ctr_drbg_random, &ctr_drbg,
-                                  opt.rsa_keysize, 65537);
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_rsa_gen_key returned -0x%04x",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-    } else
-#endif /* MBEDTLS_RSA_C */
-#if defined(MBEDTLS_ECP_C)
-    if (opt.type == MBEDTLS_PK_ECKEY) {
-        ret = mbedtls_ecp_gen_key((mbedtls_ecp_group_id) opt.ec_curve,
-                                  mbedtls_pk_ec(key),
-                                  mbedtls_ctr_drbg_random, &ctr_drbg);
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_ecp_gen_key returned -0x%04x",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-    } else
-#endif /* MBEDTLS_ECP_C */
-    {
-        mbedtls_printf(" failed\n  !  key type not supported\n");
-        goto exit;
-    }
-
-    /*
-     * 1.2 Print the key
-     */
-    mbedtls_printf(" ok\n  . Key information:\n");
-
-#if defined(MBEDTLS_RSA_C)
-    if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
-        mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
-
-        if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
-            (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
-            mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-            goto exit;
-        }
-
-        mbedtls_mpi_write_file("N:  ",  &N,  16, NULL);
-        mbedtls_mpi_write_file("E:  ",  &E,  16, NULL);
-        mbedtls_mpi_write_file("D:  ",  &D,  16, NULL);
-        mbedtls_mpi_write_file("P:  ",  &P,  16, NULL);
-        mbedtls_mpi_write_file("Q:  ",  &Q,  16, NULL);
-        mbedtls_mpi_write_file("DP: ",  &DP, 16, NULL);
-        mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL);
-        mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL);
-    } else
-#endif
-#if defined(MBEDTLS_ECP_C)
-    if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
-        if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
-            mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
-            goto exit;
-        }
-    } else
-#endif
-    mbedtls_printf("  ! key type not supported\n");
-
-    /*
-     * 1.3 Export key
-     */
-    mbedtls_printf("  . Writing key to file...");
-
-    if ((ret = write_private_key(&key, opt.filename)) != 0) {
-        mbedtls_printf(" failed\n");
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-#ifdef MBEDTLS_ERROR_C
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, buf, sizeof(buf));
-           mbedtls_printf(" - %s\n", buf); */
-#else
-        mbedtls_printf("\n");
-#endif
-    }
-
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-#endif /* MBEDTLS_RSA_C */
-
-    mbedtls_pk_free(&key);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_psa_crypto_free();
-
-    mbedtls_exit(exit_code);
-}
-#endif /* program viability conditions */
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
deleted file mode 100644
index 4ddb473c0f..0000000000
--- a/programs/pkey/pk_sign.c
+++ /dev/null
@@ -1,154 +0,0 @@
-/*
- *  Public key-based signature creation program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
-    !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
-    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_MD_C and/or "
-                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_pk_context pk;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
-    char filename[512];
-    const char *pers = "mbedtls_pk_sign";
-    size_t olen = 0;
-
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_pk_init(&pk);
-
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-
-    if (argc != 3) {
-        mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
-        mbedtls_printf(" failed\n  ! Could not parse '%s'\n", argv[1]);
-        goto exit;
-    }
-
-    /*
-     * Compute the SHA-256 hash of the input file,
-     * then calculate the signature of the hash.
-     */
-    mbedtls_printf("\n  . Generating the SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[2], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                               buf, sizeof(buf), &olen)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned -0x%04x\n", (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Write the signature into <filename>.sig
-     */
-    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
-
-    if ((f = fopen(filename, "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
-        goto exit;
-    }
-
-    if (fwrite(buf, 1, olen, f) != olen) {
-        mbedtls_printf("failed\n  ! fwrite failed\n\n");
-        fclose(f);
-        goto exit;
-    }
-
-    fclose(f);
-
-    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_pk_free(&pk);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_psa_crypto_free();
-
-#if defined(MBEDTLS_ERROR_C)
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
-           mbedtls_printf("  !  Last error was: %s\n", buf); */
-    }
-#endif
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C &&
-          PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
-          MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
deleted file mode 100644
index 27aff441a1..0000000000
--- a/programs/pkey/pk_verify.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
- *  Public key-based signature verification program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_MD_C) || \
-    !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_PK_PARSE_C) ||   \
-    !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_MD_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_PK_PARSE_C and/or "
-                   "MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i;
-    mbedtls_pk_context pk;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_PK_SIGNATURE_MAX_SIZE];
-    char filename[512];
-
-    mbedtls_pk_init(&pk);
-
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-
-    if (argc != 3) {
-        mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Extract the signature from the file
-     */
-    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[2]);
-
-    if ((f = fopen(filename, "rb")) == NULL) {
-        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
-        goto exit;
-    }
-
-    i = fread(buf, 1, sizeof(buf), f);
-
-    fclose(f);
-
-    /*
-     * Compute the SHA-256 hash of the input file and
-     * verify the signature
-     */
-    mbedtls_printf("\n  . Verifying the SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[2], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                                 buf, i)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_verify returned -0x%04x\n", (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_pk_free(&pk);
-    mbedtls_psa_crypto_free();
-
-#if defined(MBEDTLS_ERROR_C)
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
-           mbedtls_printf("  !  Last error was: %s\n", buf); */
-    }
-#endif
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */
diff --git a/programs/pkey/rsa_priv.txt b/programs/pkey/rsa_priv.txt
deleted file mode 100644
index 254fcf8522..0000000000
--- a/programs/pkey/rsa_priv.txt
+++ /dev/null
@@ -1,8 +0,0 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
-D = 589552BB4F2F023ADDDD5586D0C8FD857512D82080436678D07F984A29D892D31F1F7000FC5A39A0F73E27D885E47249A4148C8A5653EF69F91F8F736BA9F84841C2D99CD8C24DE8B72B5C9BE0EDBE23F93D731749FEA9CFB4A48DD2B7F35A2703E74AA2D4DB7DE9CEEA7D763AF0ADA7AC176C4E9A22C4CDA65CEC0C65964401
-P = CD083568D2D46C44C40C1FA0101AF2155E59C70B08423112AF0C1202514BBA5210765E29FF13036F56C7495894D80CF8C3BAEE2839BACBB0B86F6A2965F60DB1
-Q = CA0EEEA5E710E8E9811A6B846399420E3AE4A4C16647E426DDF8BBBCB11CD3F35CE2E4B6BCAD07AE2C0EC2ECBFCC601B207CDD77B5673E16382B1130BF465261
-DP = 0D0E21C07BF434B4A83B116472C2147A11D8EB98A33CFBBCF1D275EF19D815941622435AAF3839B6C432CA53CE9E772CFBE1923A937A766FD93E96E6EDEC1DF1
-DQ = 269CEBE6305DFEE4809377F078C814E37B45AE6677114DFC4F76F5097E1F3031D592567AC55B9B98213B40ECD54A4D2361F5FAACA1B1F51F71E4690893C4F081
-QP = 97AC5BB885ABCA314375E9E4DB1BA4B2218C90619F61BD474F5785075ECA81750A735199A8C191FE2D3355E7CF601A70E5CABDE0E02C2538BB9FB4871540B3C1
diff --git a/programs/pkey/rsa_pub.txt b/programs/pkey/rsa_pub.txt
deleted file mode 100644
index 1e7ae0c9c9..0000000000
--- a/programs/pkey/rsa_pub.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-N = A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211
-E = 010001
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
deleted file mode 100644
index d94daf3977..0000000000
--- a/programs/pkey/rsa_sign_pss.c
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- *  RSASSA-PSS/SHA-256 signature creation program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) ||        \
-    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
-                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/rsa.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_pk_context pk;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    char filename[512];
-    const char *pers = "rsa_sign_pss";
-    size_t olen = 0;
-
-    mbedtls_entropy_init(&entropy);
-    mbedtls_pk_init(&pk);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-
-    if (argc != 3) {
-        mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
-        mbedtls_printf(" failed\n  ! Could not read key from '%s'\n", argv[1]);
-        mbedtls_printf("  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
-        mbedtls_printf(" failed\n  ! Key is not an RSA key\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
-                                       MBEDTLS_RSA_PKCS_V21,
-                                       MBEDTLS_MD_SHA256)) != 0) {
-        mbedtls_printf(" failed\n  ! Padding not supported\n");
-        goto exit;
-    }
-
-    /*
-     * Compute the SHA-256 hash of the input file,
-     * then calculate the RSA signature of the hash.
-     */
-    mbedtls_printf("\n  . Generating the RSA/SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[2], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_pk_sign(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                               buf, sizeof(buf), &olen)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_sign returned %d\n\n", ret);
-        goto exit;
-    }
-
-    /*
-     * Write the signature into <filename>.sig
-     */
-    mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
-
-    if ((f = fopen(filename, "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create %s\n\n", filename);
-        goto exit;
-    }
-
-    if (fwrite(buf, 1, olen, f) != olen) {
-        mbedtls_printf("failed\n  ! fwrite failed\n\n");
-        fclose(f);
-        goto exit;
-    }
-
-    fclose(f);
-
-    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_pk_free(&pk);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_psa_crypto_free();
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
-          PSA_WANT_ALG_SHA_256 && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
-          MBEDTLS_CTR_DRBG_C */
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
deleted file mode 100644
index 15049203ee..0000000000
--- a/programs/pkey/rsa_verify_pss.c
+++ /dev/null
@@ -1,137 +0,0 @@
-/*
- *  RSASSA-PSS/SHA-256 signature verification program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "tf-psa-crypto/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_ENTROPY_C) ||  \
-    !defined(MBEDTLS_RSA_C) || !defined(PSA_WANT_ALG_SHA_256) ||        \
-    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) ||    \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_RSA_C and/or PSA_WANT_ALG_SHA_256 and/or "
-                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/md.h"
-#include "mbedtls/pem.h"
-#include "mbedtls/pk.h"
-#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER)
-#include <mbedtls/private/pk_private.h>
-#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i;
-    mbedtls_pk_context pk;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    char filename[512];
-
-    mbedtls_pk_init(&pk);
-
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-
-    if (argc != 3) {
-        mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
-        mbedtls_printf(" failed\n  ! Could not read key from '%s'\n", argv[1]);
-        mbedtls_printf("  ! mbedtls_pk_parse_public_keyfile returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if (!mbedtls_pk_can_do(&pk, MBEDTLS_PK_RSA)) {
-        mbedtls_printf(" failed\n  ! Key is not an RSA key\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_set_padding(mbedtls_pk_rsa(pk),
-                                       MBEDTLS_RSA_PKCS_V21,
-                                       MBEDTLS_MD_SHA256)) != 0) {
-        mbedtls_printf(" failed\n  ! Invalid padding\n");
-        goto exit;
-    }
-
-    /*
-     * Extract the RSA signature from the file
-     */
-    mbedtls_snprintf(filename, 512, "%s.sig", argv[2]);
-
-    if ((f = fopen(filename, "rb")) == NULL) {
-        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
-        goto exit;
-    }
-
-    i = fread(buf, 1, MBEDTLS_MPI_MAX_SIZE, f);
-
-    fclose(f);
-
-    /*
-     * Compute the SHA-256 hash of the input file and
-     * verify the signature
-     */
-    mbedtls_printf("\n  . Verifying the RSA/SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[2], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[2]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_pk_verify(&pk, MBEDTLS_MD_SHA256, hash, 0,
-                                 buf, i)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_verify returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_pk_free(&pk);
-    mbedtls_psa_crypto_free();
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO */

From 87ae4e6a14c4db5301c78ddb480783ac148d802e Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 30 Jul 2025 05:46:28 +0200
Subject: [PATCH 121/216] Added a changelog entry for the removal

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/10285.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/10285.txt

diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt
new file mode 100644
index 0000000000..dae7e330cd
--- /dev/null
+++ b/ChangeLog.d/10285.txt
@@ -0,0 +1,3 @@
+Removals
+   * Removed the programs/pkey directory. These will be moved to the
+     TF-PSA-Crypto repository later.
\ No newline at end of file

From 5b49f31956c89d7253563fb2237d710b86bc04e8 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 30 Jul 2025 12:14:30 +0200
Subject: [PATCH 122/216] Adjusted the Makefile in the programs directory -
 removed the pkey programs

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 programs/Makefile | 25 -------------------------
 1 file changed, 25 deletions(-)

diff --git a/programs/Makefile b/programs/Makefile
index a043fe1912..f99021aa69 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -36,11 +36,6 @@ LOCAL_CFLAGS += -I$(FRAMEWORK)/tests/programs
 ## Note: Variables cannot be used to define an apps path. This cannot be
 ## substituted by the script generate_visualc_files.pl.
 APPS = \
-	pkey/gen_key \
-	pkey/pk_sign \
-	pkey/pk_verify \
-	pkey/rsa_sign_pss \
-	pkey/rsa_verify_pss \
 	../tf-psa-crypto/programs/psa/aead_demo \
 	../tf-psa-crypto/programs/psa/crypto_examples \
 	../tf-psa-crypto/programs/psa/hmac_demo \
@@ -136,26 +131,6 @@ test/query_config.c:
 	echo "  Gen   $@"
 	$(PERL) ../scripts/generate_query_config.pl
 
-pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
-	echo "  CC    pkey/gen_key.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
-	echo "  CC    pkey/pk_sign.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_verify$(EXEXT): pkey/pk_verify.c $(DEP)
-	echo "  CC    pkey/pk_verify.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
-	echo "  CC    pkey/rsa_sign_pss.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_verify_pss$(EXEXT): pkey/rsa_verify_pss.c $(DEP)
-	echo "  CC    pkey/rsa_verify_pss.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
 	echo "  CC    psa/aead_demo.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

From 3962284de6e0bf6fe52666a4030db74145822af3 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Wed, 20 Aug 2025 11:00:01 +0100
Subject: [PATCH 123/216] Update & fix changelog

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 ChangeLog.d/10285.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ChangeLog.d/10285.txt b/ChangeLog.d/10285.txt
index dae7e330cd..2ac05ab90f 100644
--- a/ChangeLog.d/10285.txt
+++ b/ChangeLog.d/10285.txt
@@ -1,3 +1,3 @@
 Removals
-   * Removed the programs/pkey directory. These will be moved to the
-     TF-PSA-Crypto repository later.
\ No newline at end of file
+   * Removed all public key sample programs from the programs/pkey
+     directory.

From 1cf9a1590bf51790af0c30c97d5807e995962221 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Wed, 20 Aug 2025 11:00:59 +0100
Subject: [PATCH 124/216] Remove programs from gitignore and documentation

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 programs/.gitignore |  5 -----
 programs/README.md  | 10 ----------
 2 files changed, 15 deletions(-)

diff --git a/programs/.gitignore b/programs/.gitignore
index 7eaf38d85b..004dcf22f7 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -8,11 +8,6 @@
 hash/md5sum
 hash/sha1sum
 hash/sha2sum
-pkey/gen_key
-pkey/pk_sign
-pkey/pk_verify
-pkey/rsa_sign_pss
-pkey/rsa_verify_pss
 ssl/dtls_client
 ssl/dtls_server
 ssl/mini_client
diff --git a/programs/README.md b/programs/README.md
index 9239e8a603..b9260bffe9 100644
--- a/programs/README.md
+++ b/programs/README.md
@@ -3,16 +3,6 @@ Mbed TLS sample programs
 
 This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
 
-### Generic public-key cryptography (`pk`) examples
-
-* [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
-
-* [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
-
-### ECDSA and RSA signature examples
-
-* [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
-
 ### SSL/TLS sample applications
 
 * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.

From 32e100a573d347147df6596f80b78189c0ee4556 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 21 Aug 2025 08:00:07 +0100
Subject: [PATCH 125/216] Renamed and corrected ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ...alignment.txt => x509write_crt_set_serial_raw-alignment.txt} | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename ChangeLog.d/{509write_crt_set_serial_raw-alignment.txt => x509write_crt_set_serial_raw-alignment.txt} (59%)

diff --git a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt
similarity index 59%
rename from ChangeLog.d/509write_crt_set_serial_raw-alignment.txt
rename to ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt
index 1fc938bdcb..e04f45a488 100644
--- a/ChangeLog.d/509write_crt_set_serial_raw-alignment.txt
+++ b/ChangeLog.d/x509write_crt_set_serial_raw-alignment.txt
@@ -1,3 +1,3 @@
 API changes
     * Change the serial argument of the mbedtls_x509write_crt_set_serial_raw
-      function so a const to align with the restof the API.
+      function to a const to align with the rest of the API.

From 5dbc24a25546e5484d21fdf3bb1864098f512aab Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 14 Aug 2025 14:38:15 +0100
Subject: [PATCH 126/216] components-configuration-crypto: Removed legacy
 options.

Removed setters for `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY`
and `MBEDTLS_ENTROPY_FORCE_SHA256`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 4714194565..dd8b49dcfa 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2357,7 +2357,6 @@ component_test_ctr_drbg_aes_256_sha_256 () {
     msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
-    scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
     scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
@@ -2367,28 +2366,27 @@ component_test_ctr_drbg_aes_256_sha_256 () {
 }
 
 component_test_ctr_drbg_aes_128_sha_512 () {
-    msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
+    msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
-    scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY (ASan build)"
+    msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 (ASan build)"
     make test
 }
 
 component_test_ctr_drbg_aes_128_sha_256 () {
-    msg "build: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
+    msg "build: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
-    scripts/config.py set MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-    scripts/config.py set MBEDTLS_ENTROPY_FORCE_SHA256
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
     scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: full + MBEDTLS_CTR_DRBG_USE_128_BIT_KEY + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
+    msg "test: full + set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128 + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     make test
 }
 

From 906950d8dc353351759f12dc88d6a6add273dcc8 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 14 Aug 2025 15:59:53 +0100
Subject: [PATCH 127/216] config/depends.py: Removed legacy options.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 scripts/config.py        | 2 --
 tests/scripts/depends.py | 2 --
 2 files changed, 4 deletions(-)

diff --git a/scripts/config.py b/scripts/config.py
index 750ff88c72..20555db846 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -76,12 +76,10 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH', # interacts with CTR_DRBG_128_BIT_KEY
     'MBEDTLS_AES_USE_HARDWARE_ONLY', # hardware dependency
     'MBEDTLS_BLOCK_CIPHER_NO_DECRYPT', # incompatible with ECB in PSA, CBC/XTS/NIST_KW
-    'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
     'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
     'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
     'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
     'MBEDTLS_ECP_WITH_MPI_UINT', # disables the default ECP and is experimental
-    'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
     'MBEDTLS_HAVE_SSE2', # hardware dependency
     'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
     'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 513c6413a5..ae88abf1e2 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -316,11 +316,9 @@ REVERSE_DEPENDENCIES = {
         'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
 
     'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
-                             'MBEDTLS_ENTROPY_FORCE_SHA256',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY'],
     'PSA_WANT_ALG_SHA_256': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
-                             'MBEDTLS_ENTROPY_FORCE_SHA256',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
                              'MBEDTLS_LMS_C',

From a1e867981b0263d02876808160a2f1dd64b998f6 Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Mon, 18 Aug 2025 10:31:31 +0100
Subject: [PATCH 128/216] ssl-opt.sh: Adjust dependency to MBEDTLS_PSA_CRYPTO_C

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
---
 tests/ssl-opt.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index d0278b123c..220e897f6f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -484,7 +484,7 @@ detect_required_features() {
         *"programs/ssl/dtls_client "*|\
         *"programs/ssl/ssl_client1 "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
-            requires_config_enabled MBEDTLS_ENTROPY_C
+            requires_config_enabled MBEDTLS_PSA_CRYPTO_C
             requires_config_enabled MBEDTLS_PEM_PARSE_C
             requires_config_enabled MBEDTLS_SSL_CLI_C
             requires_certificate_authentication
@@ -494,7 +494,7 @@ detect_required_features() {
         *"programs/ssl/ssl_pthread_server "*|\
         *"programs/ssl/ssl_server "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
-            requires_config_enabled MBEDTLS_ENTROPY_C
+            requires_config_enabled MBEDTLS_PSA_CRYPTO_C
             requires_config_enabled MBEDTLS_PEM_PARSE_C
             requires_config_enabled MBEDTLS_SSL_SRV_C
             requires_certificate_authentication

From 1eda7487ae08a3a32a1e9f554071c6fbc74195ac Mon Sep 17 00:00:00 2001
From: Minos Galanakis <minos.galanakis@arm.com>
Date: Thu, 21 Aug 2025 15:57:15 +0100
Subject: [PATCH 129/216] Updated tf-psa-crypto pointer

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index f0b51e354b..86060cd714 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit f0b51e354bb69071d3fab28650894287fac2348e
+Subproject commit 86060cd714013678ac6483b95c6b9585570b9273

From 8fc000ec2c1e3134293fbaa95cfa4ec003e872aa Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 25 Aug 2025 15:19:59 +0200
Subject: [PATCH 130/216] ssl-opt.sh: Fix MBEDTLS_ENTROPY_C dependency
 adjustment

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/ssl-opt.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 220e897f6f..140409c9cc 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -485,6 +485,7 @@ detect_required_features() {
         *"programs/ssl/ssl_client1 "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
             requires_config_enabled MBEDTLS_PSA_CRYPTO_C
+            requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
             requires_config_enabled MBEDTLS_PEM_PARSE_C
             requires_config_enabled MBEDTLS_SSL_CLI_C
             requires_certificate_authentication
@@ -495,6 +496,7 @@ detect_required_features() {
         *"programs/ssl/ssl_server "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
             requires_config_enabled MBEDTLS_PSA_CRYPTO_C
+            requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
             requires_config_enabled MBEDTLS_PEM_PARSE_C
             requires_config_enabled MBEDTLS_SSL_SRV_C
             requires_certificate_authentication

From aad5f1bedd09e29e45438135d57026bb3a78d2a5 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 25 Aug 2025 15:32:48 +0200
Subject: [PATCH 131/216] tests: Prepare to switch to SHA-256 as the default
 CTR_DRBG hash

Ensure that when we switch from SHA-512 to SHA-256
as the default CTR_DRBG hash, we still properly
test CTR_DRBG with SHA-512.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index dd8b49dcfa..17c235bb17 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -2353,6 +2353,18 @@ component_test_block_cipher_no_decrypt_aesce_armcc () {
     not grep aesce_decrypt_block ${BUILTIN_SRC_PATH}/aesce.o
 }
 
+component_test_ctr_drbg_aes_256_sha_512 () {
+    msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)"
+    scripts/config.py full
+    scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512
+    CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
+    make
+
+    msg "test: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512 (ASan build)"
+    make test
+}
+
 component_test_ctr_drbg_aes_256_sha_256 () {
     msg "build: full + MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_256 (ASan build)"
     scripts/config.py full
@@ -2370,6 +2382,7 @@ component_test_ctr_drbg_aes_128_sha_512 () {
     scripts/config.py full
     scripts/config.py unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
     scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_STRENGTH 128
+    scripts/config.py set MBEDTLS_PSA_CRYPTO_RNG_HASH PSA_ALG_SHA_512
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 

From a0b1c8c7fb46dc35a328eedf4a8fad823a16e00a Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 26 Aug 2025 09:15:18 +0200
Subject: [PATCH 132/216] build: Remove CTR_DRBG 128 bits key warnings

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 CMakeLists.txt | 21 ---------------------
 Makefile       | 19 -------------------
 2 files changed, 40 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 162373182b..12ddc2738d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -100,17 +100,6 @@ option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
 option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
 option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
 
-# Warning string - created as a list for compatibility with CMake 2.8
-set(CTR_DRBG_128_BIT_KEY_WARN_L1 "****  WARNING!  MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L2 "****  Using 128-bit keys for CTR_DRBG limits the security of generated\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L3 "****  keys and operations that use random values generated to 128-bit security\n")
-
-set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
-                         "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
-                         "${WARNING_BORDER}")
-
 # Python 3 is only needed here to check for configuration warnings.
 if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
     set(Python3_FIND_STRATEGY LOCATION)
@@ -124,16 +113,6 @@ else()
         set(MBEDTLS_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
     endif()
 endif()
-if(MBEDTLS_PYTHON_EXECUTABLE)
-
-    # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
-    execute_process(COMMAND ${MBEDTLS_PYTHON_EXECUTABLE} ${CMAKE_CURRENT_SOURCE_DIR}/scripts/config.py -f ${CMAKE_CURRENT_SOURCE_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
-                        RESULT_VARIABLE result)
-    if(${result} EQUAL 0)
-        message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
-    endif()
-
-endif()
 
 # We now potentially need to link all executables against PThreads, if available
 set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
diff --git a/Makefile b/Makefile
index a580736602..6706143a24 100644
--- a/Makefile
+++ b/Makefile
@@ -26,7 +26,6 @@ endif
 .PHONY: all no_test programs lib tests install uninstall clean test check lcov apidoc apidoc_clean
 
 all: programs tests
-	$(MAKE) post_build
 
 no_test: programs
 
@@ -146,24 +145,6 @@ uninstall:
 	done
 endif
 
-
-WARNING_BORDER_LONG      =**********************************************************************************\n
-CTR_DRBG_128_BIT_KEY_WARN_L1=****  WARNING!  MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!                      ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L2=****  Using 128-bit keys for CTR_DRBG limits the security of generated         ****\n
-CTR_DRBG_128_BIT_KEY_WARN_L3=****  keys and operations that use random values generated to 128-bit security ****\n
-
-CTR_DRBG_128_BIT_KEY_WARNING=\n$(WARNING_BORDER_LONG)$(CTR_DRBG_128_BIT_KEY_WARN_L1)$(CTR_DRBG_128_BIT_KEY_WARN_L2)$(CTR_DRBG_128_BIT_KEY_WARN_L3)$(WARNING_BORDER_LONG)
-
-# Post build steps
-post_build:
-ifndef WINDOWS
-
-	# If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
-	-scripts/config.py get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY && ([ $$? -eq 0 ]) && \
-	    echo '$(CTR_DRBG_128_BIT_KEY_WARNING)'
-
-endif
-
 clean: clean_more_on_top
 	$(MAKE) -C library clean
 	$(MAKE) -C programs clean

From 7cbeedc6074b2c2a3e1818185a86c324d68cef30 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Tue, 26 Aug 2025 17:26:45 +0100
Subject: [PATCH 133/216] Remove uses of the -c $CRYPTO_CONFIG_H idiom

This is no longer needed as config.py knows where the crypto config file
is these days.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 .../components-configuration-crypto.sh        | 68 +++++++++----------
 1 file changed, 34 insertions(+), 34 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 4d7fceffe3..d422bf8edb 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -82,19 +82,19 @@ component_test_psa_crypto_without_heap() {
     msg "crypto without heap: build libtestdriver1"
     # Disable PSA features that cannot be accelerated and whose builtin support
     # requires calloc/free.
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
+    scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+    scripts/config.py unset-all "^PSA_WANT_ALG_HKDF"
+    scripts/config.py unset-all "^PSA_WANT_ALG_PBKDF2_"
+    scripts/config.py unset-all "^PSA_WANT_ALG_TLS12_"
     # RSA key support requires ASN1 parse/write support for testing, but ASN1
     # is disabled below.
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
+    scripts/config.py unset-all "^PSA_WANT_KEY_TYPE_RSA_"
+    scripts/config.py unset-all "^PSA_WANT_ALG_RSA_"
     # DES requires built-in support for key generation (parity check) so it
     # cannot be accelerated
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DES
     # EC-JPAKE use calloc/free in PSA core
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+    scripts/config.py unset PSA_WANT_ALG_JPAKE
     # Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
     # This is required to get the proper test coverage otherwise there are
     # tests in 'test_suite_psa_crypto_op_fail' that would never be executed.
@@ -102,7 +102,7 @@ component_test_psa_crypto_without_heap() {
     scripts/config.py set PSA_WANT_ECC_SECP_R1_192
 
     # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
-    PSA_SYM_LIST=$(./scripts/config.py -c $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
+    PSA_SYM_LIST=$(./scripts/config.py get-all-enabled PSA_WANT)
     loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
 
     helper_libtestdriver1_adjust_config crypto
@@ -143,7 +143,7 @@ component_test_psa_crypto_without_heap() {
 
 component_test_no_rsa_key_pair_generation () {
     msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
     make
 
     msg "test: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
@@ -210,7 +210,7 @@ component_test_no_hmac_drbg_use_psa () {
     msg "build: Full minus HMAC_DRBG, PSA crypto in TLS"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # requires HMAC_DRBG
 
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
@@ -241,7 +241,7 @@ component_test_psa_external_rng_no_drbg_use_psa () {
     scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA # Requires HMAC_DRBG
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
     msg "test: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto - main suites"
@@ -293,7 +293,7 @@ component_test_crypto_full_md_light_only () {
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
     scripts/config.py unset MBEDTLS_PKCS7_C
     # Disable indirect dependencies of MD_C
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
     # Disable things that would auto-enable MD_C
     scripts/config.py unset MBEDTLS_PKCS5_C
 
@@ -318,17 +318,17 @@ component_test_full_no_cipher () {
     # on CIPHER_C so we disable them.
     # This does not hold for KEY_TYPE_CHACHA20 and ALG_CHACHA20_POLY1305
     # so we keep them enabled.
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CMAC
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CFB
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CTR
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_OFB
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_STREAM_CIPHER
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_CMAC
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_CFB
+    scripts/config.py unset PSA_WANT_ALG_CTR
+    scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_OFB
+    scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+    scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DES
 
     # The following modules directly depends on CIPHER_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
@@ -433,18 +433,18 @@ component_test_everest_curve25519_only () {
     msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
     scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
     scripts/config.py unset MBEDTLS_ECDSA_C
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_ECDSA
+    scripts/config.py set PSA_WANT_ALG_ECDH
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_ECJPAKE_C
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+    scripts/config.py unset PSA_WANT_ALG_JPAKE
 
     # Disable all curves
     scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
-    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
-    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
+    scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
+    scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
 
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
@@ -2065,10 +2065,10 @@ component_build_aes_variations () {
     scripts/config.py set MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
     scripts/config.py unset MBEDTLS_NIST_KW_C
 
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECB_NO_PADDING
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DES
 
     build_test_config_combos ${BUILTIN_SRC_PATH}/aes.o validate_aes_config_variations \
         "MBEDTLS_AES_ROM_TABLES" \

From c50ce1b02b2c7e1cdc0132447ecf477d2942e70b Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Wed, 27 Aug 2025 10:15:54 +0200
Subject: [PATCH 134/216] Update crypto submodule link

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 86060cd714..3fd4e754b2 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 86060cd714013678ac6483b95c6b9585570b9273
+Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961

From a15729d38e8469e3ccb4238052e22ad41e743dd1 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Tue, 19 Aug 2025 13:35:19 +0100
Subject: [PATCH 135/216] Fix libtestdriver1 rewrite in include/mbedtls/private

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 tests/Makefile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/Makefile b/tests/Makefile
index 3a6f0e62ea..a52bc32f57 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -369,6 +369,7 @@ libtestdriver1.a:
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/include/*/*.h
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/core/*.[ch]
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*.h
+	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/include/*/*/*.h
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*.h
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/include/*/*/*.h
 	perl -i ./scripts/libtestdriver1_rewrite.pl ./libtestdriver1/tf-psa-crypto/drivers/builtin/src/*.[ch]

From b907dbc4d3c3bc813d3da3baa96f8217e87480a2 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Wed, 27 Aug 2025 15:19:40 +0100
Subject: [PATCH 136/216] Remove other cases of explicit crypto config file

Remove unnecessary passing of the crypto config filename either with the
'-f' or '-c' switch, throughout all of the all.sh component files.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 .../components-configuration-crypto.sh        |  88 +++++++--------
 tests/scripts/components-configuration-tls.sh | 100 +++++++++---------
 tests/scripts/components-psasim.sh            |   2 +-
 3 files changed, 95 insertions(+), 95 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index d422bf8edb..24b7d6cbfb 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -356,7 +356,7 @@ component_test_full_no_ccm () {
     #
     # Note: also PSA_WANT_ALG_CCM_STAR_NO_TAG is enabled, but it does not cause
     # PSA_WANT_ALG_CCM to be re-enabled.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM
+    scripts/config.py unset PSA_WANT_ALG_CCM
 
     make
 
@@ -377,17 +377,17 @@ component_test_full_no_ccm_star_no_tag () {
     #
     # Note: PSA_WANT_ALG_CCM is enabled, but it does not cause
     # PSA_WANT_ALG_CCM_STAR_NO_TAG to be re-enabled.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_STREAM_CIPHER
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_STREAM_CIPHER
+    scripts/config.py unset PSA_WANT_ALG_CTR
+    scripts/config.py unset PSA_WANT_ALG_CFB
+    scripts/config.py unset PSA_WANT_ALG_OFB
+    scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
     # NOTE unsettting PSA_WANT_ALG_ECB_NO_PADDING without unsetting NIST_KW_C will
     # mean PSA_WANT_ALG_ECB_NO_PADDING is re-enabled, so disabling it also.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_NIST_KW_C
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset MBEDTLS_NIST_KW_C
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
 
     make
 
@@ -540,10 +540,10 @@ component_test_psa_crypto_config_ffdh_2048_only () {
     scripts/config.py full
 
     # Disable all DH groups other than 2048.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
+    scripts/config.py unset PSA_WANT_DH_RFC7919_3072
+    scripts/config.py unset PSA_WANT_DH_RFC7919_4096
+    scripts/config.py unset PSA_WANT_DH_RFC7919_6144
+    scripts/config.py unset PSA_WANT_DH_RFC7919_8192
 
     make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
 
@@ -754,7 +754,7 @@ component_test_psa_crypto_config_accel_ecc_some_key_types () {
     scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
 
     # this is not supported by the driver API yet
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 
     # Build
     # -----
@@ -848,7 +848,7 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
     scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
 
     # this is not supported by the driver API yet
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 
     # Build
     # -----
@@ -1020,7 +1020,7 @@ config_psa_crypto_no_ecp_at_all () {
     # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
     scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
     scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 
     # Restartable feature is not yet supported by PSA. Once it will in
     # the future, the following line could be removed (see issues
@@ -1137,12 +1137,12 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
     # Disable all the features that auto-enable ECP_LIGHT (see build_info.h)
     scripts/config.py unset MBEDTLS_PK_PARSE_EC_EXTENDED
     scripts/config.py unset MBEDTLS_PK_PARSE_EC_COMPRESSED
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 
     # RSA support is intentionally disabled on this test because RSA_C depends
     # on BIGNUM_C.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
+    scripts/config.py unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
+    scripts/config.py unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
     scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
     # Also disable key exchanges that depend on RSA
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@@ -1151,9 +1151,9 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
     if [ "$test_target" = "ECC" ]; then
         # When testing ECC only, we disable FFDH support, both from builtin and
         # PSA sides.
-        scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_FFDH
-        scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
-        scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
+        scripts/config.py unset PSA_WANT_ALG_FFDH
+        scripts/config.py unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
+        scripts/config.py unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
     fi
 
     # Restartable feature is not yet supported by PSA. Once it will in
@@ -1390,7 +1390,7 @@ build_and_test_psa_want_key_pair_partial () {
 
     # All the PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_yyy are enabled by default in
     # crypto_config.h so we just disable the one we don't want.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset "$disabled_psa_want"
+    scripts/config.py unset "$disabled_psa_want"
 
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
@@ -1501,9 +1501,9 @@ component_test_new_psa_want_key_pair_symbol () {
 
     # Keep only PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC enabled in order to ensure
     # that proper translations is done in crypto_legacy.h.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
+    scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT
+    scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT
+    scripts/config.py unset PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
 
     make
 
@@ -1655,7 +1655,7 @@ config_psa_crypto_hmac_use_psa () {
     scripts/config.py unset MBEDTLS_HMAC_DRBG_C
     scripts/config.py unset MBEDTLS_HKDF_C
     # Dependencies of HMAC_DRBG
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
 }
 
 component_test_psa_crypto_config_accel_hmac () {
@@ -1712,7 +1712,7 @@ component_test_psa_crypto_config_accel_aead () {
     helper_libtestdriver1_adjust_config "full"
 
     # Disable CCM_STAR_NO_TAG because this re-enables CCM_C.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
 
     # Build
     # -----
@@ -1828,14 +1828,14 @@ common_block_cipher_dispatch () {
     # legacy key types to be re-enabled in "config_adjust_legacy_from_psa.h".
     # Keep this also in the reference component in order to skip the same tests
     # that were skipped in the accelerated one.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CTR
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CFB
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_OFB
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+    scripts/config.py unset PSA_WANT_ALG_CTR
+    scripts/config.py unset PSA_WANT_ALG_CFB
+    scripts/config.py unset PSA_WANT_ALG_OFB
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_CMAC
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
 
     # Disable direct dependency on AES_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
@@ -1928,7 +1928,7 @@ component_test_full_block_cipher_legacy_dispatch () {
 component_test_aead_chachapoly_disabled () {
     msg "build: full minus CHACHAPOLY"
     scripts/config.py full
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
+    scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
     msg "test: full minus CHACHAPOLY"
@@ -1938,8 +1938,8 @@ component_test_aead_chachapoly_disabled () {
 component_test_aead_only_ccm () {
     msg "build: full minus CHACHAPOLY and GCM"
     scripts/config.py full
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CHACHA20_POLY1305
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_GCM
+    scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
+    scripts/config.py unset PSA_WANT_ALG_GCM
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
     msg "test: full minus CHACHAPOLY and GCM"
@@ -2279,10 +2279,10 @@ config_block_cipher_no_decrypt () {
 
     # Enable support for cryptographic mechanisms through the PSA API.
     # Note: XTS, KW are not yet supported via the PSA API in Mbed TLS.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_ECB_NO_PADDING
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_KEY_TYPE_DES
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_ECB_NO_PADDING
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DES
 }
 
 component_test_block_cipher_no_decrypt_aesni () {
diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index c8b2287d71..b74b30477c 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -50,15 +50,15 @@ component_test_tls1_2_default_stream_cipher_only () {
     msg "build: default with only stream cipher use psa"
 
     # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+    scripts/config.py unset PSA_WANT_ALG_CCM
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_GCM
+    scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
     #Disable TLS 1.3 (as no AEAD)
     scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
     # Disable CBC. Note: When implemented, PSA_WANT_ALG_CBC_MAC will also need to be unset here to fully disable CBC
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
     # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
     # Enable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
@@ -79,14 +79,14 @@ component_test_tls1_2_default_cbc_legacy_cipher_only () {
     msg "build: default with only CBC-legacy cipher use psa"
 
     # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+    scripts/config.py unset PSA_WANT_ALG_CCM
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_GCM
+    scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
     #Disable TLS 1.3 (as no AEAD)
     scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
     # Enable CBC-legacy
-    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
     # Disable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     scripts/config.py unset MBEDTLS_SSL_ENCRYPT_THEN_MAC
     # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
@@ -108,14 +108,14 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only () {
     msg "build: default with only CBC-legacy and CBC-EtM ciphers use psa"
 
     # Disable AEAD (controlled by the presence of one of GCM_C, CCM_C, CHACHAPOLY_C)
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CCM_STAR_NO_TAG
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_GCM
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_CHACHA20_POLY1305
+    scripts/config.py unset PSA_WANT_ALG_CCM
+    scripts/config.py unset PSA_WANT_ALG_CCM_STAR_NO_TAG
+    scripts/config.py unset PSA_WANT_ALG_GCM
+    scripts/config.py unset PSA_WANT_ALG_CHACHA20_POLY1305
     #Disable TLS 1.3 (as no AEAD)
     scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
     # Enable CBC-legacy
-    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py set PSA_WANT_ALG_CBC_NO_PADDING
     # Enable CBC-EtM (controlled by the same as CBC-legacy plus MBEDTLS_SSL_ENCRYPT_THEN_MAC)
     scripts/config.py set MBEDTLS_SSL_ENCRYPT_THEN_MAC
     # Disable stream (currently that's just the NULL pseudo-cipher (controlled by MBEDTLS_CIPHER_NULL_CIPHER))
@@ -361,10 +361,10 @@ component_test_ssl_alloc_buffer_and_mfl () {
 
 component_test_when_no_ciphersuites_have_mac () {
     msg "build: when no ciphersuites have MAC"
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_NO_PADDING
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CBC_PKCS7
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_CMAC
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
+    scripts/config.py unset PSA_WANT_ALG_CBC_NO_PADDING
+    scripts/config.py unset PSA_WANT_ALG_CBC_PKCS7
+    scripts/config.py unset PSA_WANT_ALG_CMAC
+    scripts/config.py unset PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128
 
     scripts/config.py unset MBEDTLS_CIPHER_NULL_CIPHER
 
@@ -419,22 +419,22 @@ component_test_tls13_only_psk () {
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
     scripts/config.py set MBEDTLS_TEST_HOOKS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_FFDH
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_2048
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_3072
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_4096
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_6144
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_DH_RFC7919_8192
+    scripts/config.py unset PSA_WANT_ALG_ECDH
+    scripts/config.py unset PSA_WANT_ALG_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
+    scripts/config.py unset PSA_WANT_ALG_RSA_PSS
+    scripts/config.py unset PSA_WANT_ALG_FFDH
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+    scripts/config.py unset PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+    scripts/config.py unset PSA_WANT_DH_RFC7919_2048
+    scripts/config.py unset PSA_WANT_DH_RFC7919_3072
+    scripts/config.py unset PSA_WANT_DH_RFC7919_4096
+    scripts/config.py unset PSA_WANT_DH_RFC7919_6144
+    scripts/config.py unset PSA_WANT_DH_RFC7919_8192
     # Note: The four unsets below are to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDH_C
     scripts/config.py unset MBEDTLS_ECDSA_C
@@ -471,7 +471,7 @@ component_test_tls13_only_ephemeral_ffdh () {
     scripts/config.py unset MBEDTLS_SSL_EARLY_DATA
 
     scripts/config.py set MBEDTLS_TEST_HOOKS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
+    scripts/config.py unset PSA_WANT_ALG_ECDH
     # Note: The unset below is to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDH_C
 
@@ -495,10 +495,10 @@ component_test_tls13_only_psk_ephemeral () {
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
     scripts/config.py set MBEDTLS_TEST_HOOKS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
+    scripts/config.py unset PSA_WANT_ALG_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
+    scripts/config.py unset PSA_WANT_ALG_RSA_PSS
     # Note: The two unsets below are to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDSA_C
 
@@ -522,11 +522,11 @@ component_test_tls13_only_psk_ephemeral_ffdh () {
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
     scripts/config.py set MBEDTLS_TEST_HOOKS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDH
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
+    scripts/config.py unset PSA_WANT_ALG_ECDH
+    scripts/config.py unset PSA_WANT_ALG_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
+    scripts/config.py unset PSA_WANT_ALG_RSA_PSS
     # Note: The three unsets below are to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDH_C
     scripts/config.py unset MBEDTLS_ECDSA_C
@@ -550,10 +550,10 @@ component_test_tls13_only_psk_all () {
     scripts/config.py set   MBEDTLS_SSL_EARLY_DATA
 
     scripts/config.py set MBEDTLS_TEST_HOOKS
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_OAEP
-    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_RSA_PSS
+    scripts/config.py unset PSA_WANT_ALG_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py unset PSA_WANT_ALG_RSA_OAEP
+    scripts/config.py unset PSA_WANT_ALG_RSA_PSS
     # Note: The two unsets below are to be removed for Mbed TLS 4.0
     scripts/config.py unset MBEDTLS_ECDSA_C
 
diff --git a/tests/scripts/components-psasim.sh b/tests/scripts/components-psasim.sh
index ba8ab331d2..a20f917ddb 100644
--- a/tests/scripts/components-psasim.sh
+++ b/tests/scripts/components-psasim.sh
@@ -78,7 +78,7 @@ component_test_suite_with_psasim()
     msg "build client library"
     helper_psasim_config client
     # PAKE functions are still unsupported from PSASIM
-    scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+    scripts/config.py unset PSA_WANT_ALG_JPAKE
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
     helper_psasim_build client
 

From 07eb02889efd9d3d72ab1dad7f4dab0a96731c46 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Thu, 28 Aug 2025 11:54:46 +0100
Subject: [PATCH 137/216] Remove a redundant error test case and improve
 another

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 tests/suites/test_suite_error.data | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/tests/suites/test_suite_error.data b/tests/suites/test_suite_error.data
index e496841cf0..8565098286 100644
--- a/tests/suites/test_suite_error.data
+++ b/tests/suites/test_suite_error.data
@@ -3,12 +3,8 @@ depends_on:MBEDTLS_AES_C
 error_strerror:-0x0020:"AES - Invalid key length"
 
 Single high error
-depends_on:MBEDTLS_RSA_C
-error_strerror:-0x4200:"RSA - Key failed to pass the validity check of the library"
-
-Low and high error
-depends_on:MBEDTLS_AES_C:MBEDTLS_RSA_C
-error_strerror:-0x4220:"RSA - Key failed to pass the validity check of the library \: AES - Invalid key length"
+depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_X509_CRT_PARSE_C
+error_strerror:-0x2280:"X509 - The serial tag or value is invalid"
 
 Non existing high error
 error_strerror:-0x8880:"UNKNOWN ERROR CODE (8880)"

From a01ddf65b7f58dc145ac3be10d1eac7365a74b7a Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Thu, 28 Aug 2025 14:18:43 +0100
Subject: [PATCH 138/216] Revert unification for some error codes

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 ChangeLog.d/unify-errors.txt |  1 -
 include/mbedtls/pkcs7.h      |  2 +-
 include/mbedtls/x509.h       |  6 +--
 include/mbedtls/x509_crt.h   | 12 ++---
 tests/ssl-opt.sh             | 98 ++++++++++++++++++------------------
 5 files changed, 59 insertions(+), 60 deletions(-)

diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt
index 3dad7f3b67..0ed56ba305 100644
--- a/ChangeLog.d/unify-errors.txt
+++ b/ChangeLog.d/unify-errors.txt
@@ -4,5 +4,4 @@ API changes
      MBEDTLS_ERR_xxx_BAD_INPUT_DATA    -> PSA_ERROR_INVALID_ARGUMENT
      MBEDTLS_ERR_xxx_ALLOC_FAILED      -> PSA_ERROR_INSUFFICIENT_MEMORY
      MBEDTLS_ERR_xxx_VERIFY_FAILED     -> PSA_ERROR_INVALID_SIGNATURE
-     MBEDTLS_ERR_xxx_INVALID_SIGNATURE -> PSA_ERROR_INVALID_SIGNATURE
      MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL  -> PSA_ERROR_BUFFER_TOO_SMALL
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index cf9e4407ce..957ca53d71 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -53,7 +53,7 @@
 #define MBEDTLS_ERR_PKCS7_INVALID_CONTENT_INFO             -0x5480  /**< The PKCS #7 content info is invalid or cannot be parsed. */
 #define MBEDTLS_ERR_PKCS7_INVALID_ALG                      -0x5500  /**< The algorithm tag or value is invalid or cannot be parsed. */
 #define MBEDTLS_ERR_PKCS7_INVALID_CERT                     -0x5580  /**< The certificate tag or value is invalid or cannot be parsed. */
-#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE                PSA_ERROR_INVALID_SIGNATURE  /**< Error parsing the signature */
+#define MBEDTLS_ERR_PKCS7_INVALID_SIGNATURE                -0x5600  /**< Error parsing the signature */
 #define MBEDTLS_ERR_PKCS7_INVALID_SIGNER_INFO              -0x5680  /**< Error parsing the signer's info */
 #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA                   PSA_ERROR_INVALID_ARGUMENT  /**< Input invalid. */
 #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED                     PSA_ERROR_INSUFFICIENT_MEMORY  /**< Allocation of memory failed. */
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index a021a7d996..3cced52f47 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -58,7 +58,7 @@
 /** The date tag or value is invalid. */
 #define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400
 /** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                PSA_ERROR_INVALID_SIGNATURE
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480
 /** The extension tag or value is invalid. */
 #define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500
 /** CRT/CRL/CSR has an unsupported version number. */
@@ -68,11 +68,11 @@
 /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
 #define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680
 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               PSA_ERROR_INVALID_SIGNATURE
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700
 /** Format not recognized as DER or PEM. */
 #define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780
 /** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   PSA_ERROR_INVALID_ARGUMENT
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800
 /** Allocation of memory failed. */
 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     PSA_ERROR_INSUFFICIENT_MEMORY
 /** Read/write of file failed. */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 6b81652bb0..61986483bb 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -610,7 +610,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
  *                 other than fatal error, as a non-zero return code
  *                 immediately aborts the verification process. For fatal
  *                 errors, a specific error code should be used (different
- *                 from #PSA_ERROR_INVALID_SIGNATURE which should not
+ *                 from #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
  *                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
  *                 can be used if no better code is available.
  *
@@ -653,7 +653,7 @@ int mbedtls_x509_crt_verify_info(char *buf, size_t size, const char *prefix,
  *
  * \return         \c 0 if the chain is valid with respect to the
  *                 passed CN, CAs, CRLs and security profile.
- * \return         #PSA_ERROR_INVALID_SIGNATURE in case the
+ * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
  *                 certificate chain verification failed. In this case,
  *                 \c *flags will have one or more
  *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -694,7 +694,7 @@ int mbedtls_x509_crt_verify(mbedtls_x509_crt *crt,
  *
  * \return         \c 0 if the chain is valid with respect to the
  *                 passed CN, CAs, CRLs and security profile.
- * \return         #PSA_ERROR_INVALID_SIGNATURE in case the
+ * \return         #MBEDTLS_ERR_X509_CERT_VERIFY_FAILED in case the
  *                 certificate chain verification failed. In this case,
  *                 \c *flags will have one or more
  *                 \c MBEDTLS_X509_BADCERT_XXX or \c MBEDTLS_X509_BADCRL_XXX
@@ -826,7 +826,7 @@ int mbedtls_x509_crt_verify_with_ca_cb(mbedtls_x509_crt *crt,
  *                 that bit MAY be set.
  *
  * \return         0 is these uses of the certificate are allowed,
- *                 #PSA_ERROR_INVALID_ARGUMENT if the keyUsage extension
+ *                 #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the keyUsage extension
  *                 is present but does not match the usage argument.
  *
  * \note           You should only call this function on leaf certificates, on
@@ -845,7 +845,7 @@ int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
  * \param usage_len Length of usage_oid (eg given by MBEDTLS_OID_SIZE()).
  *
  * \return          0 if this use of the certificate is allowed,
- *                  #PSA_ERROR_INVALID_ARGUMENT if not.
+ *                  #MBEDTLS_ERR_X509_BAD_INPUT_DATA if not.
  *
  * \note            Usually only makes sense on leaf certificates.
  */
@@ -952,7 +952,7 @@ void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx, int version)
  *                     input buffer
  *
  * \return          0 if successful, or
- *                  #PSA_ERROR_INVALID_ARGUMENT if the provided input buffer
+ *                  #MBEDTLS_ERR_X509_BAD_INPUT_DATA if the provided input buffer
  *                  is too big (longer than MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN)
  */
 int mbedtls_x509write_crt_set_serial_raw(mbedtls_x509write_cert *ctx,
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 35afb8fcf9..d0278b123c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -5839,7 +5839,7 @@ run_test    "Authentication: server badcert, client required" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "send alert level=2 message=48" \
-            -c "Last error was: \(-0x95\|-149\)"
+            -c "X509 - Certificate verification failed"
             # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
 # We don't check that the server receives the alert because it might
 # detect that its write end of the connection is closed and abort
@@ -5854,7 +5854,7 @@ run_test    "Authentication: server badcert, client required (1.2)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
             -c "send alert level=2 message=48" \
-            -c "Last error was: \(-0x95\|-149\)"
+            -c "X509 - Certificate verification failed"
             # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
 
 run_test    "Authentication: server badcert, client optional" \
@@ -5866,7 +5866,7 @@ run_test    "Authentication: server badcert, client optional" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 run_test    "Authentication: server badcert, client optional (1.2)" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5877,7 +5877,7 @@ run_test    "Authentication: server badcert, client optional (1.2)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 run_test    "Authentication: server badcert, client none" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5888,7 +5888,7 @@ run_test    "Authentication: server badcert, client none" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 run_test    "Authentication: server badcert, client none (1.2)" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -5899,7 +5899,7 @@ run_test    "Authentication: server badcert, client none (1.2)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "send alert level=2 message=48" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 run_test    "Authentication: server goodcert, client required, no trusted CA" \
             "$P_SRV" \
@@ -5930,7 +5930,7 @@ run_test    "Authentication: server goodcert, client optional, no trusted CA" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)" \
+            -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
@@ -5942,7 +5942,7 @@ run_test    "Authentication: server goodcert, client optional, no trusted CA (1.
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)" \
+            -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 run_test    "Authentication: server goodcert, client none, no trusted CA" \
@@ -5953,7 +5953,7 @@ run_test    "Authentication: server goodcert, client none, no trusted CA" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)" \
+            -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
@@ -5965,7 +5965,7 @@ run_test    "Authentication: server goodcert, client none, no trusted CA (1.2)"
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! Certificate verification flags"\
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)" \
+            -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
 # The next few tests check what happens if the server has a valid certificate
@@ -5980,7 +5980,7 @@ run_test "Authentication: hostname match, client required" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname match, client required, CA callback" \
          "$P_SRV" \
@@ -5992,7 +5992,7 @@ run_test "Authentication: hostname match, client required, CA callback" \
          -c "use CA callback for X.509 CRT verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch (wrong), client required" \
          "$P_SRV" \
@@ -6001,7 +6001,7 @@ run_test "Authentication: hostname mismatch (wrong), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "Last error was: \(-0x95\|-149\)"
+         -c "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch (empty), client required" \
          "$P_SRV" \
@@ -6010,7 +6010,7 @@ run_test "Authentication: hostname mismatch (empty), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "Last error was: \(-0x95\|-149\)"
+         -c "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch (truncated), client required" \
          "$P_SRV" \
@@ -6019,7 +6019,7 @@ run_test "Authentication: hostname mismatch (truncated), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "Last error was: \(-0x95\|-149\)"
+         -c "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch (last char), client required" \
          "$P_SRV" \
@@ -6028,7 +6028,7 @@ run_test "Authentication: hostname mismatch (last char), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "Last error was: \(-0x95\|-149\)"
+         -c "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch (trailing), client required" \
          "$P_SRV" \
@@ -6037,7 +6037,7 @@ run_test "Authentication: hostname mismatch (trailing), client required" \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -c "Last error was: \(-0x95\|-149\)"
+         -c "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch, client optional" \
          "$P_SRV" \
@@ -6045,7 +6045,7 @@ run_test "Authentication: hostname mismatch, client optional" \
          0 \
          -c "does not match with the expected CN" \
          -c "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname mismatch, client none" \
          "$P_SRV" \
@@ -6055,7 +6055,7 @@ run_test "Authentication: hostname mismatch, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname null, client required" \
          "$P_SRV" \
@@ -6066,7 +6066,7 @@ run_test "Authentication: hostname null, client required" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
          -C "! mbedtls_ssl_handshake returned" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname null, client optional" \
          "$P_SRV" \
@@ -6076,7 +6076,7 @@ run_test "Authentication: hostname null, client optional" \
          -C "Certificate verification without having set hostname" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname null, client none" \
          "$P_SRV" \
@@ -6086,7 +6086,7 @@ run_test "Authentication: hostname null, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client required" \
          "$P_SRV" \
@@ -6098,7 +6098,7 @@ run_test "Authentication: hostname unset, client required" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client required, CA callback" \
          "$P_SRV" \
@@ -6111,7 +6111,7 @@ run_test "Authentication: hostname unset, client required, CA callback" \
          -C "use CA callback for X.509 CRT verification" \
          -C "x509_verify_cert() returned -" \
          -c "! mbedtls_ssl_handshake returned" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client optional" \
          "$P_SRV" \
@@ -6121,7 +6121,7 @@ run_test "Authentication: hostname unset, client optional" \
          -c "Certificate verification without having set hostname" \
          -c "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client none" \
          "$P_SRV" \
@@ -6131,7 +6131,7 @@ run_test "Authentication: hostname unset, client none" \
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \
          "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
@@ -6142,7 +6142,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.2
          -C "Certificate verification without CN verification" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \
@@ -6154,7 +6154,7 @@ run_test "Authentication: hostname unset, client default, server picks cert, 1.3
          -C "Certificate verification without CN verification" \
          -c "get_hostname_for_verification() returned -" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
          "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
@@ -6164,7 +6164,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.2"
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
 run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
@@ -6175,7 +6175,7 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3"
          -C "Certificate verification without having set hostname" \
          -C "Certificate verification without CN verification" \
          -C "x509_verify_cert() returned -" \
-         -C "Last error was: \(-0x95\|-149\)"
+         -C "X509 - Certificate verification failed"
 
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because
@@ -6252,7 +6252,7 @@ run_test    "Authentication: client badcert, server required" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -s "send alert level=2 message=48" \
-            -s "Last error was: \(-0x95\|-149\)"
+            -s "X509 - Certificate verification failed"
 # We don't check that the client receives the alert because it might
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
@@ -6270,7 +6270,7 @@ run_test    "Authentication: client cert self-signed and trusted, server require
             -S "skip parse certificate verify" \
             -S "x509_verify_cert() returned" \
             -S "! The certificate is not correctly signed" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 run_test    "Authentication: client cert not trusted, server required" \
             "$P_SRV debug_level=3 auth_mode=required" \
@@ -6286,7 +6286,7 @@ run_test    "Authentication: client cert not trusted, server required" \
             -s "x509_verify_cert() returned" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
-            -s "Last error was: \(-0x95\|-149\)"
+            -s "X509 - Certificate verification failed"
 
 run_test    "Authentication: client badcert, server optional" \
             "$P_SRV debug_level=3 auth_mode=optional" \
@@ -6303,7 +6303,7 @@ run_test    "Authentication: client badcert, server optional" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 run_test    "Authentication: client badcert, server none" \
             "$P_SRV debug_level=3 auth_mode=none" \
@@ -6320,7 +6320,7 @@ run_test    "Authentication: client badcert, server none" \
             -S "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 run_test    "Authentication: client no cert, server optional" \
             "$P_SRV debug_level=3 auth_mode=optional" \
@@ -6336,7 +6336,7 @@ run_test    "Authentication: client no cert, server optional" \
             -s "! Certificate was missing" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 requires_openssl_tls1_3_with_compatible_ephemeral
 run_test    "Authentication: openssl client no cert, server optional" \
@@ -6347,7 +6347,7 @@ run_test    "Authentication: openssl client no cert, server optional" \
             -s "skip parse certificate verify" \
             -s "! Certificate was missing" \
             -S "! mbedtls_ssl_handshake returned" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 run_test    "Authentication: client no cert, openssl server optional" \
@@ -6483,7 +6483,7 @@ run_test    "Authentication: send CA list in CertificateRequest, client self sig
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -c "! mbedtls_ssl_handshake returned" \
-            -s "Last error was: \(-0x95\|-149\)"
+            -s "X509 - Certificate verification failed"
 
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication: send alt conf DN hints in CertificateRequest" \
@@ -6530,7 +6530,7 @@ run_test    "Authentication, CA callback: server badcert, client required" \
             -c "x509_verify_cert() returned" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
-            -c "Last error was: \(-0x95\|-149\)"
+            -c "X509 - Certificate verification failed"
 
 run_test    "Authentication, CA callback: server badcert, client optional" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6541,7 +6541,7 @@ run_test    "Authentication, CA callback: server badcert, client optional" \
             -c "x509_verify_cert() returned" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 run_test    "Authentication, CA callback: server badcert, client none" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6552,7 +6552,7 @@ run_test    "Authentication, CA callback: server badcert, client none" \
             -C "x509_verify_cert() returned" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because
@@ -6619,7 +6619,7 @@ run_test    "Authentication, CA callback: client badcert, server required" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
             -s "send alert level=2 message=48" \
-            -s "Last error was: \(-0x95\|-149\)"
+            -s "X509 - Certificate verification failed"
 # We don't check that the client receives the alert because it might
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
@@ -6639,7 +6639,7 @@ run_test    "Authentication, CA callback: client cert not trusted, server requir
             -s "x509_verify_cert() returned" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -s "! mbedtls_ssl_handshake returned" \
-            -s "Last error was: \(-0x95\|-149\)"
+            -s "X509 - Certificate verification failed"
 
 run_test    "Authentication, CA callback: client badcert, server optional" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
@@ -6657,7 +6657,7 @@ run_test    "Authentication, CA callback: client badcert, server optional" \
             -s "! The certificate is not correctly signed by the trusted CA" \
             -S "! mbedtls_ssl_handshake returned" \
             -C "! mbedtls_ssl_handshake returned" \
-            -S "Last error was: \(-0x95\|-149\)"
+            -S "X509 - Certificate verification failed"
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
@@ -9498,7 +9498,7 @@ run_test    "EC restart: TLS, max_ops=1000, badsign" \
             -C "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -c "! mbedtls_ssl_handshake returned" \
-            -c "Last error was: \(-0x95\|-149\)"
+            -c "X509 - Certificate verification failed"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
@@ -9518,7 +9518,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_P
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
@@ -9538,7 +9538,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -c "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
@@ -9558,7 +9558,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)"
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 # With USE_PSA enabled we expect only partial restartable behaviour:
 # everything except ECDH (where TLS calls PSA directly).
@@ -9578,7 +9578,7 @@ run_test    "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
             -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
             -C "! The certificate is not correctly signed by the trusted CA" \
             -C "! mbedtls_ssl_handshake returned" \
-            -C "Last error was: \(-0x95\|-149\)"
+            -C "X509 - Certificate verification failed"
 
 # With USE_PSA disabled we expect full restartable behaviour.
 requires_config_enabled MBEDTLS_ECP_RESTARTABLE

From 6361e54b221b7f8a065bd6a6bef502f5109a4851 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Thu, 28 Aug 2025 14:30:04 +0100
Subject: [PATCH 139/216] Add each whole unified error code to the migration
 guide

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 docs/4.0-migration-guide/error-codes.md | 33 +++++++++++--------------
 1 file changed, 14 insertions(+), 19 deletions(-)

diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md
index 3bcdb8c580..ffb1e0e3bb 100644
--- a/docs/4.0-migration-guide/error-codes.md
+++ b/docs/4.0-migration-guide/error-codes.md
@@ -18,25 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l
 
 Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface.
 
-#### Specific error codes
-
-| Legacy constant (Mbed TLS 3.6) | PSA constant (Mbed TLS 4.0) |
-| ------------------------------ | --------------------------- |
+| Legacy constant (Mbed TLS 3.6)          | PSA constant (Mbed TLS 4.0) |
+|-----------------------------------------| --------------------------- |
 | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` |
-| `MBEDTLS_ERR_ERROR_GENERIC_ERROR` | `PSA_ERROR_GENERIC_ERROR` |
-| `MBEDTLS_ERR_OID_BUF_TOO_SMALL` | `PSA_ERROR_BUFFER_TOO_SMALL`
-| `MBEDTLS_ERR_OID_NOT_FOUND` | `PSA_ERROR_NOT_SUPPORTED` |
-
-#### General Replacements
-
-The module-specific error codes in the table below have been replaced with a single PSA error code. Here `xxx` corresponds to all modules (e.g. `X509` or `SSL`) with the specific error code.
-
-| Legacy constant (Mbed TLS 3.6)  | PSA constant (TF-PSA-Crypto 1.0) |
-|---------------------------------| ---------------------------------------------- |
-| `MBEDTLS_ERR_xxx_BAD_INPUT_DATA` | `PSA_ERROR_INVALID_ARGUMENT` |
-| `MBEDTLS_ERR_xxx_ALLOC_FAILED`  | `PSA_ERROR_INSUFFICIENT_MEMORY` |
-| `MBEDTLS_ERR_xxx_VERIFY_FAILED` | `PSA_ERROR_INVALID_SIGNATURE` |
-| `MBEDTLS_ERR_xxx_INVALID_SIGNATURE` | `PSA_ERROR_INVALID_SIGNATURE` |
-| `MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL` |
+| `MBEDTLS_ERR_ERROR_GENERIC_ERROR`       | `PSA_ERROR_GENERIC_ERROR` |
+| `MBEDTLS_ERR_OID_NOT_FOUND`             | `PSA_ERROR_NOT_SUPPORTED` |
+| `MBEDTLS_ERR_OID_BUF_TOO_SMALL`         | `PSA_ERROR_BUFFER_TOO_SMALL`|
+| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL` |
+| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL` |
+| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL` |
+| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA`      | `PSA_ERROR_INVALID_ARGUMENT` |
+| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA`        | `PSA_ERROR_INVALID_ARGUMENT` |
+| `MBEDTLS_ERR_PKCS7_ALLOC_FAILED`        | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_SSL_ALLOC_FAILED`          | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_X509_ALLOC_FAILED`         | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED`       | `PSA_ERROR_INVALID_SIGNATURE` |
 
 See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.

From bc48725b64c6ebec8dbdf1b1c4142c824a37a607 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 16 Jun 2025 13:37:03 +0200
Subject: [PATCH 140/216] Include fixups (headers moves to private directory)

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 include/mbedtls/debug.h                       |  2 +-
 include/mbedtls/error.h                       |  2 +-
 include/mbedtls/ssl.h                         |  6 +--
 include/mbedtls/ssl_ciphersuites.h            |  2 +-
 include/mbedtls/x509.h                        |  2 +-
 include/mbedtls/x509_crt.h                    |  2 +-
 library/pkcs7.c                               |  2 +-
 library/ssl_misc.h                            | 10 ++--
 library/ssl_msg.c                             |  2 +-
 library/ssl_tls.c                             |  2 +-
 library/ssl_tls12_server.c                    |  2 +-
 library/ssl_tls13_generic.c                   |  2 +-
 library/ssl_tls13_server.c                    |  2 +-
 library/x509.c                                |  2 +-
 library/x509_create.c                         |  2 +-
 library/x509_crl.c                            |  2 +-
 library/x509_crt.c                            |  2 +-
 library/x509_csr.c                            |  2 +-
 library/x509_internal.h                       |  2 +-
 library/x509_oid.c                            |  2 +-
 library/x509write.c                           |  2 +-
 library/x509write_crt.c                       |  2 +-
 library/x509write_csr.c                       |  2 +-
 programs/fuzz/fuzz_client.c                   |  4 +-
 programs/fuzz/fuzz_dtlsclient.c               |  4 +-
 programs/fuzz/fuzz_dtlsserver.c               |  4 +-
 programs/fuzz/fuzz_server.c                   |  4 +-
 programs/ssl/dtls_client.c                    |  4 +-
 programs/ssl/dtls_server.c                    |  4 +-
 programs/ssl/mini_client.c                    |  4 +-
 programs/ssl/ssl_client1.c                    |  4 +-
 programs/ssl/ssl_fork_server.c                |  4 +-
 programs/ssl/ssl_mail_client.c                |  4 +-
 programs/ssl/ssl_pthread_server.c             |  4 +-
 programs/ssl/ssl_server.c                     |  4 +-
 programs/ssl/ssl_test_lib.h                   |  6 +--
 programs/test/selftest.c                      | 46 +++++++++----------
 programs/x509/cert_app.c                      |  4 +-
 programs/x509/cert_req.c                      |  4 +-
 programs/x509/cert_write.c                    |  6 +--
 .../psasim/src/aut_psa_random.c               |  2 +-
 tests/suites/test_suite_pkcs7.function        |  6 +--
 tests/suites/test_suite_x509parse.function    |  4 +-
 tests/suites/test_suite_x509write.function    |  6 +--
 tf-psa-crypto                                 |  2 +-
 45 files changed, 96 insertions(+), 96 deletions(-)

diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index b6d4e27052..c293e87315 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -15,7 +15,7 @@
 #include "mbedtls/ssl.h"
 
 #if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+#include "mbedtls/private/ecp.h"
 #endif
 
 #if defined(MBEDTLS_DEBUG_C)
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 7abb00fd03..ee3d093c93 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -11,7 +11,7 @@
 #define MBEDTLS_ERROR_H
 
 #include "mbedtls/build_info.h"
-#include "mbedtls/error_common.h"
+#include "mbedtls/private/error_common.h"
 
 #include <stddef.h>
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 628d5c7e71..36132c34e3 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -14,8 +14,8 @@
 
 #include "mbedtls/build_info.h"
 
-#include "mbedtls/bignum.h"
-#include "mbedtls/ecp.h"
+#include "mbedtls/private/bignum.h"
+#include "mbedtls/private/ecp.h"
 
 #include "mbedtls/ssl_ciphersuites.h"
 
@@ -27,7 +27,7 @@
 #include "mbedtls/md.h"
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED)
-#include "mbedtls/ecdh.h"
+#include "mbedtls/private/ecdh.h"
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index b03123107c..c97f6abeee 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -14,7 +14,7 @@
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/pk.h"
-#include "mbedtls/cipher.h"
+#include "mbedtls/private/cipher.h"
 #include "mbedtls/md.h"
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index b1a80e3011..f0742a8a87 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -17,7 +17,7 @@
 #include "mbedtls/pk.h"
 
 #if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+#include "mbedtls/private/rsa.h"
 #endif
 
 /**
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index bbe5fc45cf..a7bf0291aa 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -15,7 +15,7 @@
 
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crl.h"
-#include "mbedtls/bignum.h"
+#include "mbedtls/private/bignum.h"
 
 /**
  * \addtogroup x509_module
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 3481cbdb1b..57b4e96bdf 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -9,7 +9,7 @@
 #include "mbedtls/asn1.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/error.h"
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 981ac0ecf1..ed3c4a776f 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -19,26 +19,26 @@
 #include "mbedtls/debug.h"
 #include "debug_internal.h"
 
-#include "mbedtls/cipher.h"
+#include "mbedtls/private/cipher.h"
 
 #include "psa/crypto.h"
 #include "psa_util_internal.h"
 extern const mbedtls_error_pair_t psa_to_ssl_errors[7];
 
 #if defined(PSA_WANT_ALG_MD5)
-#include "mbedtls/md5.h"
+#include "mbedtls/private/md5.h"
 #endif
 
 #if defined(PSA_WANT_ALG_SHA_1)
-#include "mbedtls/sha1.h"
+#include "mbedtls/private/sha1.h"
 #endif
 
 #if defined(PSA_WANT_ALG_SHA_256)
-#include "mbedtls/sha256.h"
+#include "mbedtls/private/sha256.h"
 #endif
 
 #if defined(PSA_WANT_ALG_SHA_512)
-#include "mbedtls/sha512.h"
+#include "mbedtls/private/sha512.h"
 #endif
 
 #include "mbedtls/pk.h"
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 731cbc8ece..fd7e16cb97 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -30,7 +30,7 @@
 #include "psa/crypto.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #endif
 
 /* Define a local translating function to save code size by not using too many
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9144f9222b..c575a428e8 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -34,7 +34,7 @@
 #include "psa/crypto.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #endif
 
 /* Define local translating functions to save code size by not using too many
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index b2b5e33c0b..181c6de3a0 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -34,7 +34,7 @@ static int local_err_translation(psa_status_t status)
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+#include "mbedtls/private/ecp.h"
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index e88c00a564..756d5290b4 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -13,7 +13,7 @@
 
 #include "mbedtls/error.h"
 #include "debug_internal.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
 #include "psa/crypto.h"
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index dc50bee868..2a4744572b 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -13,7 +13,7 @@
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "mbedtls/psa_util.h"
 
 #include "ssl_tls13_keys.h"
diff --git a/library/x509.c b/library/x509.c
index 1adff8fafc..9d7b4b7e23 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/asn1.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 
 #include <limits.h>
diff --git a/library/x509_create.c b/library/x509_create.c
index 370eb9b2e1..341d74189e 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -11,7 +11,7 @@
 
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 
 #include <limits.h>
diff --git a/library/x509_crl.c b/library/x509_crl.c
index 0b98ba4664..e8aca5bb80 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/x509_crl.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "mbedtls/platform_util.h"
 
 #include <string.h>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index e6b9252859..df1dbf6179 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -23,7 +23,7 @@
 
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 32a3bb2e78..e78b5d7e60 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509_internal.h b/library/x509_internal.h
index b44b957f9b..5505b9778c 100644
--- a/library/x509_internal.h
+++ b/library/x509_internal.h
@@ -19,7 +19,7 @@
 #include "pk_internal.h"
 
 #if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+#include "mbedtls/private/rsa.h"
 #endif
 
 int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
diff --git a/library/x509_oid.c b/library/x509_oid.c
index cc0063bcd3..8963529853 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -14,7 +14,7 @@
  * disabled. */
 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 
 #include <stdio.h>
diff --git a/library/x509write.c b/library/x509write.c
index 0906a5a9d1..1d4d556291 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -11,7 +11,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 663b308d62..ccf5a92281 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -18,7 +18,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/platform_util.h"
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 8e37278f95..88e5e5ae81 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -17,7 +17,7 @@
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 0878480ea7..70eb656487 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -1,8 +1,8 @@
 #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "fuzz_common.h"
 #include <string.h>
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index ca7626d5ba..c83f314138 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -6,8 +6,8 @@
 #include "fuzz_common.h"
 #include "mbedtls/ssl.h"
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "test/certs.h"
 
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 4f159fbefe..dd2a8b644b 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -7,8 +7,8 @@
 #include "mbedtls/ssl.h"
 #include "test/certs.h"
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/ssl_cookie.h"
 
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 3a5e502fe5..3b1054e16a 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -1,8 +1,8 @@
 #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/ssl_ticket.h"
 #include "test/certs.h"
 #include "fuzz_common.h"
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 26eb20d49f..bb1d5af2e3 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -31,8 +31,8 @@ int main(void)
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "mbedtls/timing.h"
 #include "test/certs.h"
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 0e155fd0d2..479b5430f9 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -45,8 +45,8 @@ int main(void)
 #include <stdlib.h>
 #include <stdio.h>
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/ssl_cookie.h"
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index e3adb3cf8a..96d41b35ba 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -43,8 +43,8 @@ int main(void)
 
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 
 #include <sys/socket.h>
 #include <netinet/in.h>
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index dba8aab658..c56ff0702f 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -27,8 +27,8 @@ int main(void)
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "test/certs.h"
 
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f8752bb604..ff1c877ee2 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -31,8 +31,8 @@ int main(void)
 }
 #else
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 521bc5418a..0c2822cb30 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -38,8 +38,8 @@ int main(void)
 #include "mbedtls/error.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "test/certs.h"
 #include "mbedtls/x509.h"
 
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 5701a7b838..867926d98c 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -38,8 +38,8 @@ int main(void)
 #include <windows.h>
 #endif
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 2f26ca4801..fd9da18490 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -31,8 +31,8 @@ int main(void)
 #include <windows.h>
 #endif
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/net_sockets.h"
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 20dbe61dfe..1dda8d62ac 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -43,9 +43,9 @@
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/ssl_ciphersuites.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/hmac_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
+#include "mbedtls/private/hmac_drbg.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/error.h"
 #include "mbedtls/debug.h"
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 372a84dc79..2c2b48ed82 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -9,31 +9,31 @@
 
 #include "mbedtls/build_info.h"
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/hmac_drbg.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/gcm.h"
-#include "mbedtls/ccm.h"
-#include "mbedtls/cmac.h"
-#include "mbedtls/md5.h"
-#include "mbedtls/ripemd160.h"
-#include "mbedtls/sha1.h"
-#include "mbedtls/sha256.h"
-#include "mbedtls/sha512.h"
-#include "mbedtls/sha3.h"
-#include "mbedtls/aes.h"
-#include "mbedtls/camellia.h"
-#include "mbedtls/aria.h"
-#include "mbedtls/chacha20.h"
-#include "mbedtls/poly1305.h"
-#include "mbedtls/chachapoly.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/hmac_drbg.h"
+#include "mbedtls/private/ctr_drbg.h"
+#include "mbedtls/private/gcm.h"
+#include "mbedtls/private/ccm.h"
+#include "mbedtls/private/cmac.h"
+#include "mbedtls/private/md5.h"
+#include "mbedtls/private/ripemd160.h"
+#include "mbedtls/private/sha1.h"
+#include "mbedtls/private/sha256.h"
+#include "mbedtls/private/sha512.h"
+#include "mbedtls/private/sha3.h"
+#include "mbedtls/private/aes.h"
+#include "mbedtls/private/camellia.h"
+#include "mbedtls/private/aria.h"
+#include "mbedtls/private/chacha20.h"
+#include "mbedtls/private/poly1305.h"
+#include "mbedtls/private/chachapoly.h"
 #include "mbedtls/base64.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/rsa.h"
+#include "mbedtls/private/bignum.h"
+#include "mbedtls/private/rsa.h"
 #include "mbedtls/x509.h"
-#include "mbedtls/pkcs5.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/ecjpake.h"
+#include "mbedtls/private/pkcs5.h"
+#include "mbedtls/private/ecp.h"
+#include "mbedtls/private/ecjpake.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/nist_kw.h"
 #include "mbedtls/debug.h"
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index c747505519..2f31a8e3ae 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -27,8 +27,8 @@ int main(void)
 }
 #else
 
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/ssl.h"
 #include "mbedtls/x509.h"
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 02fd567841..c20f08d569 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -29,8 +29,8 @@ int main(void)
 #else
 
 #include "mbedtls/x509_csr.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 
 #include <stdio.h>
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index fb55c3f291..be3223088e 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -30,9 +30,9 @@ int main(void)
 
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/private/oid.h"
+#include "mbedtls/private/entropy.h"
+#include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
 #include "test/helpers.h"
 
diff --git a/tests/psa-client-server/psasim/src/aut_psa_random.c b/tests/psa-client-server/psasim/src/aut_psa_random.c
index 5880c4deb9..203f4d44ba 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_random.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_random.c
@@ -10,7 +10,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 
-#include "mbedtls/entropy.h"
+#include "mbedtls/private/entropy.h"
 
 #define BUFFER_SIZE 100
 
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index 0c4a00b9e3..335bec5a88 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -1,14 +1,14 @@
 /* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
+#include "mbedtls/private/bignum.h"
 #include "mbedtls/pkcs7.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
 #include "x509_internal.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "sys/types.h"
 #include "sys/stat.h"
-#include "mbedtls/rsa.h"
+#include "mbedtls/private/rsa.h"
 #include "mbedtls/error.h"
 /* END_HEADER */
 
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 079dca48c9..4ce66e9074 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -1,12 +1,12 @@
 /* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
+#include "mbedtls/private/bignum.h"
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
 #include "mbedtls/x509_csr.h"
 #include "x509_internal.h"
 #include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/error.h"
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 000c09a950..0c0e7993e2 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -1,12 +1,12 @@
 /* BEGIN_HEADER */
-#include "mbedtls/bignum.h"
+#include "mbedtls/private/bignum.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
 #include "x509_internal.h"
 #include "mbedtls/pem.h"
-#include "mbedtls/oid.h"
+#include "mbedtls/private/oid.h"
 #include "x509_oid.h"
-#include "mbedtls/rsa.h"
+#include "mbedtls/private/rsa.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/pk.h"
diff --git a/tf-psa-crypto b/tf-psa-crypto
index 3fd4e754b2..20524a8972 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 3fd4e754b283d7b766d8f3798fe07d42b3bcf961
+Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6

From 5fe229da406288db00f566ab42721311b8997222 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 16 Jun 2025 15:06:22 +0200
Subject: [PATCH 141/216] Update framework submodule git link:

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index 3f2ef1ecf6..f6e287cd79 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 3f2ef1ecf6d70b1e6bb7ad587f9a5bd6eaf65a2a
+Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e

From 7a65ce6737ff83b1f22081ecfdddb0510c8739ef Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 16 Jun 2025 23:23:36 +0200
Subject: [PATCH 142/216] Unfortunately, we had two files named oid.h - one in
 the main repo, and one in the tf-psa-crypto repo, and these files included
 the mbedtls one, so I restored the header include

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/pkcs7.c                            | 2 +-
 library/ssl_msg.c                          | 2 +-
 library/ssl_tls.c                          | 2 +-
 library/ssl_tls13_generic.c                | 2 +-
 library/ssl_tls13_server.c                 | 2 +-
 library/x509.c                             | 2 +-
 library/x509_create.c                      | 2 +-
 library/x509_crl.c                         | 2 +-
 library/x509_crt.c                         | 2 +-
 library/x509_csr.c                         | 2 +-
 library/x509_oid.c                         | 2 +-
 library/x509write.c                        | 2 +-
 library/x509write_crt.c                    | 2 +-
 library/x509write_csr.c                    | 2 +-
 programs/x509/cert_write.c                 | 2 +-
 tests/suites/test_suite_pkcs7.function     | 2 +-
 tests/suites/test_suite_x509parse.function | 2 +-
 tests/suites/test_suite_x509write.function | 2 +-
 18 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/library/pkcs7.c b/library/pkcs7.c
index 57b4e96bdf..3481cbdb1b 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -9,7 +9,7 @@
 #include "mbedtls/asn1.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/error.h"
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fd7e16cb97..731cbc8ece 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -30,7 +30,7 @@
 #include "psa/crypto.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #endif
 
 /* Define a local translating function to save code size by not using too many
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index c575a428e8..9144f9222b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -34,7 +34,7 @@
 #include "psa/crypto.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #endif
 
 /* Define local translating functions to save code size by not using too many
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 756d5290b4..e88c00a564 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -13,7 +13,7 @@
 
 #include "mbedtls/error.h"
 #include "debug_internal.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
 #include "psa/crypto.h"
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 2a4744572b..dc50bee868 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -13,7 +13,7 @@
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "mbedtls/psa_util.h"
 
 #include "ssl_tls13_keys.h"
diff --git a/library/x509.c b/library/x509.c
index 9d7b4b7e23..1adff8fafc 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/asn1.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 
 #include <limits.h>
diff --git a/library/x509_create.c b/library/x509_create.c
index 341d74189e..370eb9b2e1 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -11,7 +11,7 @@
 
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 
 #include <limits.h>
diff --git a/library/x509_crl.c b/library/x509_crl.c
index e8aca5bb80..0b98ba4664 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/x509_crl.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
 
 #include <string.h>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index df1dbf6179..e6b9252859 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -23,7 +23,7 @@
 
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509_csr.c b/library/x509_csr.c
index e78b5d7e60..32a3bb2e78 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -21,7 +21,7 @@
 
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509_oid.c b/library/x509_oid.c
index 8963529853..cc0063bcd3 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -14,7 +14,7 @@
  * disabled. */
 #if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 
 #include <stdio.h>
diff --git a/library/x509write.c b/library/x509write.c
index 1d4d556291..0906a5a9d1 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -11,7 +11,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index ccf5a92281..663b308d62 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -18,7 +18,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/platform_util.h"
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 88e5e5ae81..8e37278f95 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -17,7 +17,7 @@
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/platform_util.h"
 
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index be3223088e..2ed63f08de 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -30,7 +30,7 @@ int main(void)
 
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "mbedtls/private/entropy.h"
 #include "mbedtls/private/ctr_drbg.h"
 #include "mbedtls/error.h"
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index 335bec5a88..91e0e46ae3 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -5,7 +5,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
 #include "x509_internal.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "sys/types.h"
 #include "sys/stat.h"
 #include "mbedtls/private/rsa.h"
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 4ce66e9074..f813cc1ac3 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -6,7 +6,7 @@
 #include "mbedtls/x509_csr.h"
 #include "x509_internal.h"
 #include "mbedtls/pem.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/error.h"
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 0c0e7993e2..40677f2338 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -4,7 +4,7 @@
 #include "mbedtls/x509_csr.h"
 #include "x509_internal.h"
 #include "mbedtls/pem.h"
-#include "mbedtls/private/oid.h"
+#include "mbedtls/oid.h"
 #include "x509_oid.h"
 #include "mbedtls/private/rsa.h"
 #include "mbedtls/asn1.h"

From 4e091786cab3fda62331e8597a69bad29c19c751 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Fri, 4 Jul 2025 15:07:15 +0200
Subject: [PATCH 143/216] Moved the MbedTLS config adjust headers to a private
 subdirectory

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 include/mbedtls/build_info.h                       | 4 ++--
 include/mbedtls/{ => private}/config_adjust_ssl.h  | 2 +-
 include/mbedtls/{ => private}/config_adjust_x509.h | 2 +-
 tests/scripts/libtestdriver1_rewrite.pl            | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)
 rename include/mbedtls/{ => private}/config_adjust_ssl.h (98%)
 rename include/mbedtls/{ => private}/config_adjust_x509.h (96%)

diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index c6e89db677..b46db36d1f 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -74,9 +74,9 @@
  */
 #define MBEDTLS_CONFIG_FILES_READ
 
-#include "mbedtls/config_adjust_x509.h"
+#include "mbedtls/private/config_adjust_x509.h"
 
-#include "mbedtls/config_adjust_ssl.h"
+#include "mbedtls/private/config_adjust_ssl.h"
 
 /* Indicate that all configuration symbols are set,
  * even the ones that are calculated programmatically.
diff --git a/include/mbedtls/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h
similarity index 98%
rename from include/mbedtls/config_adjust_ssl.h
rename to include/mbedtls/private/config_adjust_ssl.h
index 36641e18b6..4e006f86da 100644
--- a/include/mbedtls/config_adjust_ssl.h
+++ b/include/mbedtls/private/config_adjust_ssl.h
@@ -1,5 +1,5 @@
 /**
- * \file mbedtls/config_adjust_ssl.h
+ * \file mbedtls/private/config_adjust_ssl.h
  * \brief Adjust TLS configuration
  *
  * This is an internal header. Do not include it directly.
diff --git a/include/mbedtls/config_adjust_x509.h b/include/mbedtls/private/config_adjust_x509.h
similarity index 96%
rename from include/mbedtls/config_adjust_x509.h
rename to include/mbedtls/private/config_adjust_x509.h
index cfb2d88916..4af976666b 100644
--- a/include/mbedtls/config_adjust_x509.h
+++ b/include/mbedtls/private/config_adjust_x509.h
@@ -1,5 +1,5 @@
 /**
- * \file mbedtls/config_adjust_x509.h
+ * \file mbedtls/private/config_adjust_x509.h
  * \brief Adjust X.509 configuration
  *
  * This is an internal header. Do not include it directly.
diff --git a/tests/scripts/libtestdriver1_rewrite.pl b/tests/scripts/libtestdriver1_rewrite.pl
index f96ff5e05c..36143b0caf 100755
--- a/tests/scripts/libtestdriver1_rewrite.pl
+++ b/tests/scripts/libtestdriver1_rewrite.pl
@@ -22,8 +22,8 @@ my $private_files_regex = join('|', map { quotemeta($_) } @private_files);
 while (<>) {
     s!^(\s*#\s*include\s*[\"<])mbedtls/build_info.h!${1}libtestdriver1/include/mbedtls/build_info.h!;
     s!^(\s*#\s*include\s*[\"<])mbedtls/mbedtls_config.h!${1}libtestdriver1/include/mbedtls/mbedtls_config.h!;
-    s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/config_adjust_x509.h!;
-    s!^(\s*#\s*include\s*[\"<])mbedtls/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/config_adjust_ssl.h!;
+    s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_x509.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_x509.h!;
+    s!^(\s*#\s*include\s*[\"<])mbedtls/private/config_adjust_ssl.h!${1}libtestdriver1/include/mbedtls/private/config_adjust_ssl.h!;
     s!^(\s*#\s*include\s*[\"<])mbedtls/check_config.h!${1}libtestdriver1/include/mbedtls/check_config.h!;
     # Files in include/mbedtls and drivers/builtin/include/mbedtls are both
     # included in files via #include mbedtls/<file>.h, so when expanding to the

From 34b3bb3a3ff1bfa38db3354c80647d6d3bfffc7f Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Fri, 29 Aug 2025 07:18:06 +0200
Subject: [PATCH 144/216] Updated the framework pointer

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index f6e287cd79..a85d4bfa3b 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit f6e287cd798535f56b9fd33cdd5585fbc399ad0e
+Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439

From bb7b2b765fb4178e756b5087bc4195b07f43dd11 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Fri, 29 Aug 2025 08:04:35 +0200
Subject: [PATCH 145/216] Fixed the mbedtls installation cmake: now private
 headers, which are used in the installation, are included in it too

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 include/CMakeLists.txt | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 755efedd1c..9ea17af8b8 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -7,6 +7,12 @@ if(INSTALL_MBEDTLS_HEADERS)
     install(FILES ${headers}
         DESTINATION include/mbedtls
         PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+    file(GLOB private_headers "mbedtls/private/*.h")
+
+    install(FILES ${private_headers}
+        DESTINATION include/mbedtls/private
+        PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
 endif(INSTALL_MBEDTLS_HEADERS)
 
 # Make mbedtls_config.h available in an out-of-source build. ssl-opt.sh requires it.

From 55862e126fc724bf147840ba086dc9b17dae8704 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Fri, 29 Aug 2025 09:39:34 +0200
Subject: [PATCH 146/216] Updated the framework pointer

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index a85d4bfa3b..6cb0bcb7d8 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit a85d4bfa3b25dced8229a27800b9498b9fbb5439
+Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f

From 0f7cf1942b8da5a437b25a8b136cb9abb3883da7 Mon Sep 17 00:00:00 2001
From: Felix Conway <felix.conway@arm.com>
Date: Fri, 29 Aug 2025 09:41:59 +0100
Subject: [PATCH 147/216] Small documentation fixes

Signed-off-by: Felix Conway <felix.conway@arm.com>
---
 ChangeLog.d/unify-errors.txt            |  2 +-
 docs/4.0-migration-guide/error-codes.md | 22 +++++++++++-----------
 2 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/ChangeLog.d/unify-errors.txt b/ChangeLog.d/unify-errors.txt
index 0ed56ba305..f229f1bc4d 100644
--- a/ChangeLog.d/unify-errors.txt
+++ b/ChangeLog.d/unify-errors.txt
@@ -3,5 +3,5 @@ API changes
      xxx is a module, e.g. X509 or SSL.
      MBEDTLS_ERR_xxx_BAD_INPUT_DATA    -> PSA_ERROR_INVALID_ARGUMENT
      MBEDTLS_ERR_xxx_ALLOC_FAILED      -> PSA_ERROR_INSUFFICIENT_MEMORY
-     MBEDTLS_ERR_xxx_VERIFY_FAILED     -> PSA_ERROR_INVALID_SIGNATURE
      MBEDTLS_ERR_xxx_BUFFER_TOO_SMALL  -> PSA_ERROR_BUFFER_TOO_SMALL
+     MBEDTLS_ERR_PKCS7_VERIFY_FAIL     -> PSA_ERROR_INVALID_SIGNATURE
diff --git a/docs/4.0-migration-guide/error-codes.md b/docs/4.0-migration-guide/error-codes.md
index ffb1e0e3bb..a2744679e0 100644
--- a/docs/4.0-migration-guide/error-codes.md
+++ b/docs/4.0-migration-guide/error-codes.md
@@ -18,20 +18,20 @@ As a consequence, the functions `mbedtls_low_level_strerr()` and `mbedtls_high_l
 
 Many legacy error codes have been removed in favor of PSA error codes. Generally, functions that returned a legacy error code in the table below in Mbed TLS 3.6 now return the PSA error code listed on the same row. Similarly, callbacks should apply the same changes to error code, unless there has been a relevant change to the callback's interface.
 
-| Legacy constant (Mbed TLS 3.6)          | PSA constant (Mbed TLS 4.0) |
-|-----------------------------------------| --------------------------- |
+| Legacy constant (Mbed TLS 3.6)          | PSA constant (Mbed TLS 4.0)     |
+|-----------------------------------------|---------------------------------|
 | `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` | `PSA_ERROR_CORRUPTION_DETECTED` |
-| `MBEDTLS_ERR_ERROR_GENERIC_ERROR`       | `PSA_ERROR_GENERIC_ERROR` |
-| `MBEDTLS_ERR_OID_NOT_FOUND`             | `PSA_ERROR_NOT_SUPPORTED` |
-| `MBEDTLS_ERR_OID_BUF_TOO_SMALL`         | `PSA_ERROR_BUFFER_TOO_SMALL`|
-| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL` |
-| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL` |
-| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL` |
-| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA`      | `PSA_ERROR_INVALID_ARGUMENT` |
-| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA`        | `PSA_ERROR_INVALID_ARGUMENT` |
+| `MBEDTLS_ERR_ERROR_GENERIC_ERROR`       | `PSA_ERROR_GENERIC_ERROR`       |
+| `MBEDTLS_ERR_NET_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL`    |
+| `MBEDTLS_ERR_OID_BUF_TOO_SMALL`         | `PSA_ERROR_BUFFER_TOO_SMALL`    |
+| `MBEDTLS_ERR_OID_NOT_FOUND`             | `PSA_ERROR_NOT_SUPPORTED`       |
 | `MBEDTLS_ERR_PKCS7_ALLOC_FAILED`        | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA`      | `PSA_ERROR_INVALID_ARGUMENT`    |
+| `MBEDTLS_ERR_PKCS7_VERIFY_FAIL`         | `PSA_ERROR_INVALID_SIGNATURE`   |
 | `MBEDTLS_ERR_SSL_ALLOC_FAILED`          | `PSA_ERROR_INSUFFICIENT_MEMORY` |
+| `MBEDTLS_ERR_SSL_BAD_INPUT_DATA`        | `PSA_ERROR_INVALID_ARGUMENT`    |
+| `MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL`      | `PSA_ERROR_BUFFER_TOO_SMALL`    |
 | `MBEDTLS_ERR_X509_ALLOC_FAILED`         | `PSA_ERROR_INSUFFICIENT_MEMORY` |
-| `MBEDTLS_ERR_PKCS7_VERIFY_FAILED`       | `PSA_ERROR_INVALID_SIGNATURE` |
+| `MBEDTLS_ERR_X509_BUFFER_TOO_SMALL`     | `PSA_ERROR_BUFFER_TOO_SMALL`    |
 
 See also the corresponding section in the TF-PSA-Crypto migration guide, which lists error codes from cryptography modules.

From 8e4d8c92277aab24568da37a816badf5ddaaf2b0 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 13 Mar 2025 13:38:30 +0100
Subject: [PATCH 148/216] Update ssl_tls.c to use psa_pake_get_shared_key

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 9144f9222b..b75c6d4c11 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6385,13 +6385,29 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
                 return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            status = psa_pake_get_implicit_key(&handshake->psa_pake_ctx,
-                                               &derivation);
+            mbedtls_svc_key_id_t shared_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+
+            psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT;
+            psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE);
+            psa_set_key_algorithm(&shared_key_attributes, alg);
+            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD);
+
+            status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id);
+
             if (status != PSA_SUCCESS) {
                 psa_key_derivation_abort(&derivation);
                 return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
+            status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id);
+
+            if (status != PSA_SUCCESS) {
+                psa_key_derivation_abort(&derivation);
+                return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+            }
+
+            psa_destroy_key(shared_key_id);
+
             status = psa_key_derivation_output_bytes(&derivation,
                                                      handshake->premaster,
                                                      handshake->pmslen);

From ce42312229a05d7f925d4f0a31a0bcaaee8fcfee Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 13 Mar 2025 13:39:16 +0100
Subject: [PATCH 149/216] Finished updating the tests

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 20524a8972..59cba29b14 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 20524a89722972a7dbf06a32ab7bb225053713f6
+Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7

From 5663c2379997cc4bc72d291d955af54951b12093 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 13 Mar 2025 15:01:48 +0100
Subject: [PATCH 150/216] Create a changelog entry

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9322.txt | 3 +++
 1 file changed, 3 insertions(+)
 create mode 100644 ChangeLog.d/9322.txt

diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt
new file mode 100644
index 0000000000..582e47f66b
--- /dev/null
+++ b/ChangeLog.d/9322.txt
@@ -0,0 +1,3 @@
+Changes
+   * Use the new `psa_pake_get_shared_key()` function implemented in
+     tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()`

From 8135b84ed2f5a2c2ab032098b0816f1bf1e4f405 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 3 Apr 2025 16:36:24 +0200
Subject: [PATCH 151/216] Fixed incorrect usage of key derivation procedures

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index b75c6d4c11..12af239374 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6390,7 +6390,7 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
             psa_key_attributes_t shared_key_attributes = PSA_KEY_ATTRIBUTES_INIT;
             psa_set_key_usage_flags(&shared_key_attributes, PSA_KEY_USAGE_DERIVE);
             psa_set_key_algorithm(&shared_key_attributes, alg);
-            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_PASSWORD);
+            psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE);
 
             status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id);
 
@@ -6401,13 +6401,13 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
 
             status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id);
 
+            psa_destroy_key(shared_key_id);
+
             if (status != PSA_SUCCESS) {
                 psa_key_derivation_abort(&derivation);
                 return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            psa_destroy_key(shared_key_id);
-
             status = psa_key_derivation_output_bytes(&derivation,
                                                      handshake->premaster,
                                                      handshake->pmslen);

From 92129adcf2e5cc3f656412a0aa9a454761c1a7c0 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Mon, 7 Apr 2025 16:10:42 +0200
Subject: [PATCH 152/216] Removed the whitespace which is causing CI to fail

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 library/ssl_tls.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 12af239374..78bcb92f4c 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6392,14 +6392,18 @@ static int ssl_compute_master(mbedtls_ssl_handshake_params *handshake,
             psa_set_key_algorithm(&shared_key_attributes, alg);
             psa_set_key_type(&shared_key_attributes, PSA_KEY_TYPE_DERIVE);
 
-            status = psa_pake_get_shared_key(&handshake->psa_pake_ctx, &shared_key_attributes, &shared_key_id);
+            status = psa_pake_get_shared_key(&handshake->psa_pake_ctx,
+                                             &shared_key_attributes,
+                                             &shared_key_id);
 
             if (status != PSA_SUCCESS) {
                 psa_key_derivation_abort(&derivation);
                 return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
             }
 
-            status = psa_key_derivation_input_key(&derivation, PSA_KEY_DERIVATION_INPUT_SECRET, shared_key_id);
+            status = psa_key_derivation_input_key(&derivation,
+                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                  shared_key_id);
 
             psa_destroy_key(shared_key_id);
 

From ab4716619aa31b67be0cd84bdf33dd04e947c7ea Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Thu, 28 Aug 2025 04:21:29 +0200
Subject: [PATCH 153/216] Removed the unnecessary changelog entry

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 ChangeLog.d/9322.txt | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 ChangeLog.d/9322.txt

diff --git a/ChangeLog.d/9322.txt b/ChangeLog.d/9322.txt
deleted file mode 100644
index 582e47f66b..0000000000
--- a/ChangeLog.d/9322.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
-   * Use the new `psa_pake_get_shared_key()` function implemented in
-     tf-psa-crypto instead of the removed `psa_pake_get_implicit_key()`

From 68f658c95ed1de59c94c0ba84e1b6d5ec8fe6f71 Mon Sep 17 00:00:00 2001
From: Anton Matkin <anton.matkin@arm.com>
Date: Fri, 29 Aug 2025 16:07:44 +0200
Subject: [PATCH 154/216] Updated tf-psa-crypto pointer

Signed-off-by: Anton Matkin <anton.matkin@arm.com>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 59cba29b14..197f8859a7 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 59cba29b14bbfd76e7ae8618b3cc1c96e542b3b7
+Subproject commit 197f8859a7111deb66578e401c320d08bf534e62

From f19a900ed5099c8f65cdb40c8dc51b554b1479f0 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 8 Aug 2025 08:53:31 +0100
Subject: [PATCH 155/216] Temporarily include private symbols in sample
 programs

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_client2.c  | 3 +++
 programs/ssl/ssl_test_lib.h | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 40304dd381..b31dc92694 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -6,6 +6,9 @@
  */
 
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
+#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+
+#include "mbedtls/private/pk_private.h"
 
 #include "ssl_test_lib.h"
 
diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 1dda8d62ac..5cfa7d2327 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -7,6 +7,9 @@
 
 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
+#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
+
+#include "mbedtls/private/pk_private.h"
 
 #include "mbedtls/build_info.h"
 

From 69aa8d08e0158a84c498eddb817339b11d559b50 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 15 Aug 2025 09:42:50 +0100
Subject: [PATCH 156/216] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from
 ssl_clinet.c as it it not required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_client2.c | 1 -
 1 file changed, 1 deletion(-)

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index b31dc92694..b099fded5a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -6,7 +6,6 @@
  */
 
 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 
 #include "mbedtls/private/pk_private.h"
 

From a8a9beccc25e6394e8150c96b08850d10e780415 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 15 Aug 2025 09:48:06 +0100
Subject: [PATCH 157/216] Remove MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS from
 ssl_test_lib.h as it is not required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 programs/ssl/ssl_test_lib.h | 1 -
 1 file changed, 1 deletion(-)

diff --git a/programs/ssl/ssl_test_lib.h b/programs/ssl/ssl_test_lib.h
index 5cfa7d2327..6602b1ae21 100644
--- a/programs/ssl/ssl_test_lib.h
+++ b/programs/ssl/ssl_test_lib.h
@@ -7,7 +7,6 @@
 
 #ifndef MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
 #define MBEDTLS_PROGRAMS_SSL_SSL_TEST_LIB_H
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
 
 #include "mbedtls/private/pk_private.h"
 

From dfdac46163b222817f3cdfef496606efa58bf65d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 1 Sep 2025 14:32:39 +0100
Subject: [PATCH 158/216] Update header guard use in p256m test

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 17c235bb17..00a13b29af 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () {
 
     # Disable P256M driver, which is on by default, so that analyze_outcomes
     # can compare this test with test_tfm_config_p256m_driver_accel_ec
-    sed -i '/PROFILE_M_PSA_CRYPTO_CONFIG_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H"
+    sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H"
 
     msg "build: TF-M config without p256m"
     make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests

From ecde0aaa41b2ac20867c2fbea709ea3a089b03e0 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 2 Sep 2025 11:12:39 +0100
Subject: [PATCH 159/216] replace undef with deletion in p256m test

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 00a13b29af..0df6455cec 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () {
 
     # Disable P256M driver, which is on by default, so that analyze_outcomes
     # can compare this test with test_tfm_config_p256m_driver_accel_ec
-    sed -i '/PSA_CRYPTO_CONFIGS_EXT_CRYPTO_CONFIG_PROFILE_MEDIUM_H/i #undef MBEDTLS_PSA_P256M_DRIVER_ENABLED' "$CRYPTO_CONFIG_H"
+    sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d'  "$CRYPTO_CONFIG_H"
 
     msg "build: TF-M config without p256m"
     make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests

From a2aa7daacae757dac9cc02fa1250778b92f79ffe Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 4 Sep 2025 11:22:52 +0100
Subject: [PATCH 160/216] Change unset of MBEDTLS config to more standard
 method

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 0df6455cec..e5d8905fa1 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1356,7 +1356,7 @@ component_test_tfm_config_no_p256m () {
 
     # Disable P256M driver, which is on by default, so that analyze_outcomes
     # can compare this test with test_tfm_config_p256m_driver_accel_ec
-    sed -i '/MBEDTLS_PSA_P256M_DRIVER_ENABLED/d'  "$CRYPTO_CONFIG_H"
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset MBEDTLS_PSA_P256M_DRIVER_ENABLED
 
     msg "build: TF-M config without p256m"
     make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests

From 6c30c0040e6d884ac0afaf42f29a887f51c09bf2 Mon Sep 17 00:00:00 2001
From: David Horstmann <david.horstmann@arm.com>
Date: Fri, 5 Sep 2025 09:34:15 +0100
Subject: [PATCH 161/216] Upgrade packages in requirements.txt

Signed-off-by: David Horstmann <david.horstmann@arm.com>
---
 docs/requirements.txt | 75 +++++++++++++++++++++----------------------
 1 file changed, 37 insertions(+), 38 deletions(-)

diff --git a/docs/requirements.txt b/docs/requirements.txt
index 2287b2a72b..38499f768c 100644
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,84 +1,83 @@
 #
-# This file is autogenerated by pip-compile with Python 3.8
+# This file is autogenerated by pip-compile with Python 3.9
 # by the following command:
 #
-#    pip-compile requirements.in
+#    pip-compile docs/requirements.in
 #
-alabaster==0.7.13
+alabaster==0.7.16
     # via sphinx
-babel==2.15.0
+babel==2.17.0
     # via sphinx
-breathe==4.35.0
-    # via -r requirements.in
-certifi==2024.7.4
+breathe==4.36.0
+    # via -r docs/requirements.in
+certifi==2025.8.3
     # via requests
-charset-normalizer==3.3.2
+charset-normalizer==3.4.3
     # via requests
-click==8.1.7
+click==8.1.8
     # via readthedocs-cli
-docutils==0.20.1
+docutils==0.21.2
     # via
-    #   breathe
     #   sphinx
     #   sphinx-rtd-theme
-idna==3.7
+idna==3.10
     # via requests
 imagesize==1.4.1
     # via sphinx
-importlib-metadata==8.0.0
+importlib-metadata==8.7.0
     # via sphinx
-jinja2==3.1.4
+jinja2==3.1.6
     # via sphinx
 markdown-it-py==3.0.0
     # via rich
-markupsafe==2.1.5
+markupsafe==3.0.2
     # via jinja2
 mdurl==0.1.2
     # via markdown-it-py
-packaging==24.1
+packaging==25.0
     # via sphinx
-pygments==2.18.0
+pygments==2.19.2
     # via
     #   rich
     #   sphinx
-pytz==2024.1
-    # via babel
-pyyaml==6.0.1
+pyyaml==6.0.2
     # via readthedocs-cli
-readthedocs-cli==4
-    # via -r requirements.in
-requests==2.32.3
+readthedocs-cli==5
+    # via -r docs/requirements.in
+requests==2.32.5
     # via
     #   readthedocs-cli
     #   sphinx
-rich==13.7.1
+rich==14.1.0
     # via readthedocs-cli
-snowballstemmer==2.2.0
+snowballstemmer==3.0.1
     # via sphinx
-sphinx==7.1.2
+sphinx==7.4.7
     # via
     #   breathe
     #   sphinx-rtd-theme
     #   sphinxcontrib-jquery
-sphinx-rtd-theme==2.0.0
-    # via -r requirements.in
-sphinxcontrib-applehelp==1.0.4
+sphinx-rtd-theme==3.0.2
+    # via -r docs/requirements.in
+sphinxcontrib-applehelp==2.0.0
     # via sphinx
-sphinxcontrib-devhelp==1.0.2
+sphinxcontrib-devhelp==2.0.0
     # via sphinx
-sphinxcontrib-htmlhelp==2.0.1
+sphinxcontrib-htmlhelp==2.1.0
     # via sphinx
 sphinxcontrib-jquery==4.1
     # via sphinx-rtd-theme
 sphinxcontrib-jsmath==1.0.1
     # via sphinx
-sphinxcontrib-qthelp==1.0.3
+sphinxcontrib-qthelp==2.0.0
     # via sphinx
-sphinxcontrib-serializinghtml==1.1.5
+sphinxcontrib-serializinghtml==2.0.0
     # via sphinx
-typing-extensions==4.12.2
-    # via rich
-urllib3==2.2.2
-    # via requests
-zipp==3.19.2
+tomli==2.2.1
+    # via sphinx
+urllib3==2.5.0
+    # via
+    #   readthedocs-cli
+    #   requests
+zipp==3.23.0
     # via importlib-metadata

From f0b8364cff2d4a30d2064641b31bf9ae554f09f5 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Sat, 6 Sep 2025 16:25:30 +0200
Subject: [PATCH 162/216] Allow metatest.c to use crypto internal headers

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 programs/Makefile            | 2 +-
 programs/test/CMakeLists.txt | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/programs/Makefile b/programs/Makefile
index f99021aa69..6c9d4d7342 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -233,7 +233,7 @@ endif
 
 test/metatest$(EXEXT): $(FRAMEWORK)/tests/programs/metatest.c $(DEP)
 	echo "  CC    $(FRAMEWORK)/tests/programs/metatest.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core $(FRAMEWORK)/tests/programs/metatest.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
+	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -I../library -I../tf-psa-crypto/core -I../tf-psa-crypto/drivers/builtin/include -I../tf-psa-crypto/drivers/builtin/src $(FRAMEWORK)/tests/programs/metatest.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
 test/query_config.o: test/query_config.c $(FRAMEWORK)/tests/programs/query_config.h $(DEP)
 	echo "  CC    test/query_config.c"
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index ca6e8b2070..8a5d6ba822 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -102,6 +102,10 @@ foreach(exe IN LISTS executables)
     target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
 endforeach()
 
+target_include_directories(metatest
+        PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include
+                ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/src)
+
 install(TARGETS ${executables}
         DESTINATION "bin"
         PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

From a450affbcaca5480fa97b6aca36e1e7b9e06e3d2 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Thu, 24 Jul 2025 21:59:52 +0200
Subject: [PATCH 163/216] Fix MBEDTLS_SSL_TLS1_2_SOME_ECC definition

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 include/mbedtls/private/config_adjust_ssl.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h
index 4e006f86da..040216a04e 100644
--- a/include/mbedtls/private/config_adjust_ssl.h
+++ b/include/mbedtls/private/config_adjust_ssl.h
@@ -78,7 +78,7 @@
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
-    (defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
+    (defined(PSA_WANT_ALG_ECDH) || defined(PSA_WANT_ALG_ECDSA) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
 #define MBEDTLS_SSL_TLS1_2_SOME_ECC
 #endif

From 5df9d9d53e13fbec12ef47cb43104bd8b5f62f72 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Mon, 18 Aug 2025 15:04:22 +0200
Subject: [PATCH 164/216] ssl-opt.sh: Fix dependency on ECDSA

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 140409c9cc..a90d5afa9f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2373,7 +2373,7 @@ run_test    "Opaque key for server authentication: ECDH-" \
             -C "error"
 
 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_ECDSA_C
+requires_config_enabled PSA_WANT_ALG_ECDSA
 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
 requires_hash_alg SHA_256

From 1ce0ad089dc7f8fdc3e30ebc7ffe1cbae3b8443c Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 10 Sep 2025 10:07:38 +0200
Subject: [PATCH 165/216] tf-psa-crypto: update reference

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 tf-psa-crypto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf-psa-crypto b/tf-psa-crypto
index 197f8859a7..06bae1e110 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto
@@ -1 +1 @@
-Subproject commit 197f8859a7111deb66578e401c320d08bf534e62
+Subproject commit 06bae1e110ce71b44c3f4d17974d24feea4d2a92

From 82bf414d25c1d70f6f6fb34b481de03a52e23a50 Mon Sep 17 00:00:00 2001
From: Valerio Setti <valerio.setti@nordicsemi.no>
Date: Wed, 10 Sep 2025 10:54:37 +0200
Subject: [PATCH 166/216] framework: update reference

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
---
 framework | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/framework b/framework
index 6cb0bcb7d8..d0d817541a 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 6cb0bcb7d8dad05e29f611117b69accc4626a62f
+Subproject commit d0d817541ae3f449b8cd51afc165668179659699

From efcec8cecd5afabdfd43d930cccf6c22a6438407 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 2 Sep 2025 17:22:35 +0200
Subject: [PATCH 167/216] Cleanup following the removal of MBEDTLS_ENTROPY_C
 option

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 configs/crypto-config-ccm-psk-tls1_2.h           | 1 -
 configs/crypto-config-suite-b.h                  | 1 -
 configs/crypto-config-thread.h                   | 1 -
 tests/scripts/components-configuration-crypto.sh | 2 --
 tests/scripts/depends.py                         | 4 ++--
 5 files changed, 2 insertions(+), 7 deletions(-)

diff --git a/configs/crypto-config-ccm-psk-tls1_2.h b/configs/crypto-config-ccm-psk-tls1_2.h
index 163520ed34..c2dabc28e8 100644
--- a/configs/crypto-config-ccm-psk-tls1_2.h
+++ b/configs/crypto-config-ccm-psk-tls1_2.h
@@ -30,7 +30,6 @@
 /* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
 
 #define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
 #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
 
 /* Save RAM at the expense of ROM */
diff --git a/configs/crypto-config-suite-b.h b/configs/crypto-config-suite-b.h
index 0437bda3ce..4bae5a45c6 100644
--- a/configs/crypto-config-suite-b.h
+++ b/configs/crypto-config-suite-b.h
@@ -48,7 +48,6 @@
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
 #define MBEDTLS_PK_C
 #define MBEDTLS_PK_PARSE_C
 #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
diff --git a/configs/crypto-config-thread.h b/configs/crypto-config-thread.h
index 5475a0af20..1b2621cf58 100644
--- a/configs/crypto-config-thread.h
+++ b/configs/crypto-config-thread.h
@@ -55,7 +55,6 @@
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_MD_C
 #define MBEDTLS_PK_C
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 6ed656bff9..d5efbffde8 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -236,7 +236,6 @@ component_test_psa_external_rng_no_drbg_use_psa () {
     msg "build: PSA_CRYPTO_EXTERNAL_RNG minus *_DRBG, PSA crypto in TLS"
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
-    scripts/config.py unset MBEDTLS_ENTROPY_C
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
     scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
@@ -2091,7 +2090,6 @@ END
         #define PSA_WANT_ALG_SHA3_512  1
         #define PSA_WANT_KEY_TYPE_AES  1
         #define MBEDTLS_CTR_DRBG_C
-        #define MBEDTLS_ENTROPY_C
         #define MBEDTLS_PSA_CRYPTO_C
         #define MBEDTLS_SELF_TEST
 END
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index ae88abf1e2..cd91b78479 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -515,10 +515,10 @@ class DomainData:
             'curves': ExclusiveDomain(curve_symbols, build_and_test),
 
             # Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1, SHA3*,
-            # SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
+            # SHA224 and SHA384 because the built-in entropy module is extensively used
             # across various modules, but it depends on either SHA256 or SHA512.
             # As a consequence an "exclusive" test of anything other than SHA256
-            # or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible.
+            # or SHA512 with the built-in entropy module enabled is not possible.
             'hashes': DualDomain(hash_symbols, build_and_test,
                                  exclude=r'PSA_WANT_ALG_(?!SHA_(256|512))'),
 

From 3b30643143553d7e02cca6655fb9487c5b587e4f Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Tue, 2 Sep 2025 18:30:08 +0200
Subject: [PATCH 168/216] Adapt configurations to stricter compile-time checks

Adapt configurations to stricter compile-time checks
for entropy enablement and MBEDTLS_ENTROPY_NV_SEED
option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 tests/scripts/components-configuration-crypto.sh | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index d5efbffde8..be2b040c29 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -251,16 +251,18 @@ component_test_psa_external_rng_no_drbg_use_psa () {
 }
 
 component_test_psa_external_rng_use_psa_crypto () {
-    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED"
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
     scripts/config.py unset MBEDTLS_CTR_DRBG_C
+    scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
     make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED"
     make test
 
-    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
+    msg "test: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG/NV_SEED"
     tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
@@ -2089,8 +2091,9 @@ END
         #define PSA_WANT_ALG_SHA3_384  1
         #define PSA_WANT_ALG_SHA3_512  1
         #define PSA_WANT_KEY_TYPE_AES  1
-        #define MBEDTLS_CTR_DRBG_C
         #define MBEDTLS_PSA_CRYPTO_C
+        #define MBEDTLS_CTR_DRBG_C
+        #define MBEDTLS_PSA_BUILTIN_GET_ENTROPY
         #define MBEDTLS_SELF_TEST
 END
 

From eb16a9d9ea780bccf86ec6e769894034c40e99b4 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 3 Sep 2025 09:57:29 +0200
Subject: [PATCH 169/216] Prepare for the removal of
 MBEDTLS_PLATFORM_GET_ENTROPY_ALT

We cannot remove it completely yet.
It must remain in config.py so that it is not
included in the full configuration.
A temporary exception is required for it in
analyze_outcomes.py.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 programs/test/selftest.c                           |  4 ++--
 scripts/config.py                                  |  4 +++-
 scripts/footprint.sh                               |  3 ++-
 tests/scripts/analyze_outcomes.py                  |  2 ++
 tests/scripts/components-configuration-platform.sh | 12 +++++++-----
 tests/scripts/components-configuration.sh          |  3 ++-
 6 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 2c2b48ed82..0e906ab4a3 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -210,7 +210,7 @@ static int run_test_snprintf(void)
  * back.
  */
 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C)
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT)
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY)
 static void dummy_entropy(unsigned char *output, size_t output_size)
 {
     srand(1);
@@ -239,7 +239,7 @@ static void create_entropy_seed_file(void)
 
 static int mbedtls_entropy_self_test_wrapper(int verbose)
 {
-#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PLATFORM_GET_ENTROPY_ALT)
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_PSA_DRIVER_GET_ENTROPY)
     create_entropy_seed_file();
 #endif
     return mbedtls_entropy_self_test(verbose);
diff --git a/scripts/config.py b/scripts/config.py
index 20555db846..8493ee655f 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -180,8 +180,10 @@ def baremetal_adapter(name, value, active):
     """Config adapter for "baremetal"."""
     if not is_boolean_setting(name, value):
         return active
-    if name == 'MBEDTLS_PLATFORM_GET_ENTROPY_ALT':
+    if name == 'MBEDTLS_PSA_BUILTIN_GET_ENTROPY':
         # No OS-provided entropy source
+        return False
+    if name == 'MBEDTLS_PSA_DRIVER_GET_ENTROPY':
         return True
     return include_in_full(name) and keep_in_baremetal(name)
 
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index e45a9265ac..e7078cff16 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -64,7 +64,8 @@ doit()
         scripts/config.py unset MBEDTLS_NET_C || true
         scripts/config.py unset MBEDTLS_TIMING_C || true
         scripts/config.py unset MBEDTLS_FS_IO || true
-        scripts/config.py --force set MBEDTLS_PLATFORM_GET_ENTROPY_ALT || true
+        scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true
+        scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true
     } >/dev/null 2>&1
 
     make clean >/dev/null
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index d1bb553c67..a6f03a83c9 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -128,6 +128,8 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # PSA entropy drivers.
             # https://github.com/Mbed-TLS/mbedtls/issues/8150
             'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
+            # Obsolete config option that we are about to remove
+            'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT',
             # Untested aspect of the platform interface.
             # https://github.com/Mbed-TLS/mbedtls/issues/9589
             'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
diff --git a/tests/scripts/components-configuration-platform.sh b/tests/scripts/components-configuration-platform.sh
index ade207a650..b408bec618 100644
--- a/tests/scripts/components-configuration-platform.sh
+++ b/tests/scripts/components-configuration-platform.sh
@@ -20,17 +20,18 @@ component_build_no_std_function () {
     make
 }
 
-component_test_platform_get_entropy_alt()
+component_test_psa_driver_get_entropy()
 {
-    msg "build: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT"
+    msg "build: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY"
     # Use hardware polling as the only source for entropy
-    scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT
+    scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
+    scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY
 
     make
 
     # Run all the tests
-    msg "test: default config + MBEDTLS_PLATFORM_GET_ENTROPY_ALT"
+    msg "test: default - MBEDTLS_PSA_BUILTIN_GET_ENTROPY + MBEDTLS_PSA_DRIVER_GET_ENTROPY"
     make test
 }
 
@@ -40,7 +41,8 @@ component_build_no_sockets () {
     msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s
     scripts/config.py full
     scripts/config.py unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc.
-    scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT # prevent syscall() on GNU/Linux
+    scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY # prevent syscall() on GNU/Linux
+    scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -O1 -std=c99 -pedantic' lib
 }
 
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 5fd9ede124..a35704f299 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -284,7 +284,8 @@ component_test_no_platform () {
     # Use the test alternative implementation of mbedtls_platform_get_entropy()
     # which is provided in "framework/tests/src/fake_external_rng_for_test.c"
     # since the default one is excluded in this scenario.
-    scripts/config.py set MBEDTLS_PLATFORM_GET_ENTROPY_ALT
+    scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY
+    scripts/config.py set MBEDTLS_PSA_DRIVER_GET_ENTROPY
     # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
     # to re-enable platform integration features otherwise disabled in C99 builds
     make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -Os -D_DEFAULT_SOURCE' lib programs

From ab7610c318a2d81f65daaa441461ea8b9b85fcba Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 3 Sep 2025 10:02:03 +0200
Subject: [PATCH 170/216] Cleanup following the removal of entropy options

Cleanup following the removal in TF-PSA-Crypto of:
- MBEDTLS_NO_PLATFORM_ENTROPY
- MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
- MBEDTLS_ENTROPY_HARDWARE_ALT
- MBEDTLS_ENTROPY_MIN_HARDWARE

Only MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES was still
present in Mbed TLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 scripts/config.py                 | 1 -
 tests/scripts/analyze_outcomes.py | 4 ----
 2 files changed, 5 deletions(-)

diff --git a/scripts/config.py b/scripts/config.py
index 8493ee655f..e60d1606f1 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -85,7 +85,6 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
     'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C
     'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
-    'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
     'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
     'MBEDTLS_PSA_DRIVER_GET_ENTROPY', # incompatible with MBEDTLS_PSA_BUILTIN_GET_ENTROPY
     'MBEDTLS_PSA_P256M_DRIVER_ENABLED', # influences SECP256R1 KeyGen/ECDH/ECDSA
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index a6f03a83c9..8660e68942 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -124,10 +124,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # Untested platform-specific optimizations.
             # https://github.com/Mbed-TLS/mbedtls/issues/9588
             'Config: MBEDTLS_HAVE_SSE2',
-            # Obsolete configuration options, to be replaced by
-            # PSA entropy drivers.
-            # https://github.com/Mbed-TLS/mbedtls/issues/8150
-            'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
             # Obsolete config option that we are about to remove
             'Config: MBEDTLS_PLATFORM_GET_ENTROPY_ALT',
             # Untested aspect of the platform interface.

From b01be14907e669bcf9676e86a5cf73352209a96a Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 10 Sep 2025 12:01:52 +0200
Subject: [PATCH 171/216] Fix footprint.sh

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 scripts/footprint.sh | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index e7078cff16..c228a26c04 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -19,6 +19,7 @@
 set -eu
 
 CONFIG_H='include/mbedtls/mbedtls_config.h'
+CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
 
 if [ -r $CONFIG_H ]; then :; else
     echo "$CONFIG_H not found" >&2
@@ -27,6 +28,13 @@ if [ -r $CONFIG_H ]; then :; else
     exit 1
 fi
 
+if [ -r $CRYPTO_CONFIG_H ]; then :; else
+    echo "$CRYPTO_CONFIG_H not found" >&2
+    echo "This script needs to be run from the root of" >&2
+    echo "a git checkout or uncompressed tarball" >&2
+    exit 1
+fi
+
 if grep -i cmake Makefile >/dev/null; then
     echo "Not compatible with CMake" >&2
     exit 1
@@ -56,16 +64,25 @@ doit()
     log "$NAME ($FILE):"
 
     cp $CONFIG_H ${CONFIG_H}.bak
+    cp $CRYPTO_CONFIG_H ${CRYPTO_CONFIG_H}.bak
     if [ "$FILE" != $CONFIG_H ]; then
+        CRYPTO_FILE="${FILE%/*}/crypto-${FILE##*/}"
         cp "$FILE"  $CONFIG_H
+        cp "$CRYPTO_FILE"  $CRYPTO_CONFIG_H
     fi
 
     {
+        scripts/config.py unset MBEDTLS_HAVE_TIME || true
+        scripts/config.py unset MBEDTLS_HAVE_TIME_DATE || true
         scripts/config.py unset MBEDTLS_NET_C || true
         scripts/config.py unset MBEDTLS_TIMING_C || true
         scripts/config.py unset MBEDTLS_FS_IO || true
+        scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C || true
+        scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C || true
         scripts/config.py unset MBEDTLS_PSA_BUILTIN_GET_ENTROPY || true
-        scripts/config.py --force set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true
+        # Force the definition of MBEDTLS_PSA_DRIVER_GET_ENTROPY as it may
+        # not exist in custom configurations.
+        scripts/config.py --force -f ${CRYPTO_CONFIG_H} set MBEDTLS_PSA_DRIVER_GET_ENTROPY || true
     } >/dev/null 2>&1
 
     make clean >/dev/null
@@ -77,7 +94,8 @@ doit()
     log "$( head -n1 "$OUT" )"
     log "$( tail -n1 "$OUT" )"
 
-    cp ${CONFIG_H}.bak $CONFIG_H
+    mv ${CONFIG_H}.bak $CONFIG_H
+    mv ${CRYPTO_CONFIG_H}.bak $CRYPTO_CONFIG_H
 }
 
 # truncate the file just this time

From 9a10e398faac5441ed61075ca74ddc867dda1165 Mon Sep 17 00:00:00 2001
From: Ronald Cron <ronald.cron@arm.com>
Date: Wed, 10 Sep 2025 17:08:12 +0200
Subject: [PATCH 172/216] Simplify footprint.sh

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
---
 scripts/footprint.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index c228a26c04..1f2945159e 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -21,14 +21,14 @@ set -eu
 CONFIG_H='include/mbedtls/mbedtls_config.h'
 CRYPTO_CONFIG_H='tf-psa-crypto/include/psa/crypto_config.h'
 
-if [ -r $CONFIG_H ]; then :; else
+if [ ! -r $CONFIG_H ]; then
     echo "$CONFIG_H not found" >&2
     echo "This script needs to be run from the root of" >&2
     echo "a git checkout or uncompressed tarball" >&2
     exit 1
 fi
 
-if [ -r $CRYPTO_CONFIG_H ]; then :; else
+if [ ! -r $CRYPTO_CONFIG_H ]; then
     echo "$CRYPTO_CONFIG_H not found" >&2
     echo "This script needs to be run from the root of" >&2
     echo "a git checkout or uncompressed tarball" >&2

From 15f1d7f812520c76a7b4ed59b6557a51377b351f Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 10 Jul 2025 09:41:09 +0100
Subject: [PATCH 173/216] Remove support for static ECDH cipher suites

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 docs/architecture/tls13-support.md            |   2 -
 docs/proposed/config-split.md                 |   2 -
 include/mbedtls/mbedtls_config.h              |  48 ----
 include/mbedtls/private/config_adjust_ssl.h   |   2 -
 include/mbedtls/ssl.h                         |   4 +-
 include/mbedtls/ssl_ciphersuites.h            |  12 +-
 library/mbedtls_check_config.h                |  15 -
 library/ssl_ciphersuites.c                    | 264 ------------------
 library/ssl_ciphersuites_internal.h           |  10 +-
 library/ssl_tls.c                             |   5 -
 library/ssl_tls12_client.c                    |  99 +------
 library/ssl_tls12_server.c                    | 106 +------
 .../components-configuration-crypto.sh        |   8 +-
 tests/scripts/depends.py                      |   4 +-
 tests/ssl-opt.sh                              |   7 +-
 tests/suites/test_suite_ssl.data              |  44 ---
 16 files changed, 14 insertions(+), 618 deletions(-)

diff --git a/docs/architecture/tls13-support.md b/docs/architecture/tls13-support.md
index f49e9194ba..c7b11fd1dd 100644
--- a/docs/architecture/tls13-support.md
+++ b/docs/architecture/tls13-support.md
@@ -118,8 +118,6 @@ Support description
   | MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED   | n/a     |
   | MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED   | n/a     |
   | MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED | n/a     |
-  | MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED  | n/a     |
-  | MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED    | n/a     |
   | MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED     | n/a     |
   |                                          |         |
   | MBEDTLS_PSA_CRYPTO_C                     | no (1)  |
diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index 1baab356b2..aa1090328f 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -392,8 +392,6 @@ PSA_WANT_\* macros as in current `crypto_config.h`.
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 827b96165f..f11bcb3fb0 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -273,54 +273,6 @@
  */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
- *
- * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
- *           MBEDTLS_ECDSA_C or PSA_WANT_ALG_ECDSA
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-
-/**
- * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
- *
- * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
- *
- * Requires: MBEDTLS_ECDH_C or PSA_WANT_ALG_ECDH
- *           MBEDTLS_RSA_C
- *           MBEDTLS_X509_CRT_PARSE_C
- *
- * This enables the following ciphersuites (if other requisites are
- * enabled as well):
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- */
-#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-
 /**
  * \def MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
  *
diff --git a/include/mbedtls/private/config_adjust_ssl.h b/include/mbedtls/private/config_adjust_ssl.h
index 040216a04e..ee35a67c9f 100644
--- a/include/mbedtls/private/config_adjust_ssl.h
+++ b/include/mbedtls/private/config_adjust_ssl.h
@@ -64,8 +64,6 @@
 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-#undef MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 #undef MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #endif
 
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 44d28a2d81..02e527cdf5 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -659,9 +659,7 @@
 union mbedtls_ssl_premaster_secret {
     unsigned char dummy; /* Make the union non-empty even with SSL disabled */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
     unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index c97f6abeee..d6c0667aa6 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -163,16 +163,12 @@ typedef enum {
     MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA,
     MBEDTLS_KEY_EXCHANGE_PSK,
     MBEDTLS_KEY_EXCHANGE_ECDHE_PSK,
-    MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-    MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
     MBEDTLS_KEY_EXCHANGE_ECJPAKE,
 } mbedtls_key_exchange_type_t;
 
 /* Key exchanges using a certificate */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
 #endif
 
@@ -220,12 +216,6 @@ typedef enum {
 #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
 #endif
 
-/* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
-#endif
-
 /* Key exchanges that don't involve ephemeral keys */
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
diff --git a/library/mbedtls_check_config.h b/library/mbedtls_check_config.h
index 82fef7481d..3107c11077 100644
--- a/library/mbedtls_check_config.h
+++ b/library/mbedtls_check_config.h
@@ -55,19 +55,6 @@
 #endif /* not all curves accelerated */
 #endif /* some curve accelerated */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_CAN_ECDH) ||                                       \
-      !defined(PSA_HAVE_ALG_ECDSA_SIGN) ||                                \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
-#endif
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_CAN_ECDH) || !defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC) || \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
-#endif
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
     !defined(MBEDTLS_CAN_ECDH)
 #error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
@@ -150,8 +137,6 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                                    \
     !(defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
       defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \
       defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                          \
       defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                    \
       defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index b979cad94f..961a4205e7 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -467,186 +467,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 #endif /* MBEDTLS_CIPHER_NULL_CIPHER */
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_1 */
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-RSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-RSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-RSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-      "TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-      "TLS-ECDH-RSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-      "TLS-ECDH-RSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-      "TLS-ECDH-RSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(PSA_WANT_ALG_SHA_1)
-    { MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA, "TLS-ECDH-RSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      MBEDTLS_CIPHERSUITE_WEAK,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#endif /* PSA_WANT_ALG_SHA_1 */
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-CBC-SHA256",
-      MBEDTLS_CIPHER_AES_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, "TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256",
-      MBEDTLS_CIPHER_AES_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384",
-      MBEDTLS_CIPHER_AES_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-#if defined(PSA_WANT_ALG_GCM)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, "TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384",
-      MBEDTLS_CIPHER_AES_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_KEY_TYPE_AES */
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-      "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-      "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(PSA_WANT_ALG_SHA_256)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-      "TLS-ECDH-ECDSA-WITH-CAMELLIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_CAMELLIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_256 */
-#if defined(PSA_WANT_ALG_SHA_384)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-      "TLS-ECDH-ECDSA-WITH-CAMELLIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_CAMELLIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_384 */
-#endif /* PSA_WANT_ALG_GCM */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
-
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER)
-#if defined(PSA_WANT_ALG_SHA_1)
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA, "TLS-ECDH-ECDSA-WITH-NULL-SHA",
-      MBEDTLS_CIPHER_NULL, MBEDTLS_MD_SHA1, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      MBEDTLS_CIPHERSUITE_WEAK,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif /* PSA_WANT_ALG_SHA_1 */
-#endif /* MBEDTLS_CIPHER_NULL_CIPHER */
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #if defined(PSA_WANT_KEY_TYPE_AES)
 #if defined(PSA_WANT_ALG_GCM)
@@ -898,41 +718,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 
 #endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-      "TLS-ECDH-RSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-      "TLS-ECDH-RSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-      "TLS-ECDH-RSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-      "TLS-ECDH-RSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_RSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
 
 #if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
@@ -1024,41 +809,6 @@ static const mbedtls_ssl_ciphersuite_t ciphersuite_definitions[] =
 
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-      "TLS-ECDH-ECDSA-WITH-ARIA-256-GCM-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_GCM, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_384))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-      "TLS-ECDH-ECDSA-WITH-ARIA-256-CBC-SHA384",
-      MBEDTLS_CIPHER_ARIA_256_CBC, MBEDTLS_MD_SHA384, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_GCM) && defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-      "TLS-ECDH-ECDSA-WITH-ARIA-128-GCM-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_GCM, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-#if (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-    defined(PSA_WANT_ALG_SHA_256))
-    { MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-      "TLS-ECDH-ECDSA-WITH-ARIA-128-CBC-SHA256",
-      MBEDTLS_CIPHER_ARIA_128_CBC, MBEDTLS_MD_SHA256, MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA,
-      0,
-      MBEDTLS_SSL_VERSION_TLS1_2, MBEDTLS_SSL_VERSION_TLS1_2 },
-#endif
-
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
 #endif /* PSA_WANT_KEY_TYPE_ARIA */
 
 
@@ -1203,10 +953,6 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphe
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
             return MBEDTLS_PK_ECDSA;
 
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return MBEDTLS_PK_ECKEY;
-
         default:
             return MBEDTLS_PK_NONE;
     }
@@ -1222,10 +968,6 @@ psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_cip
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
             return PSA_ALG_ECDSA(mbedtls_md_psa_alg_from_type((mbedtls_md_type_t) info->mac));
 
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return PSA_ALG_ECDH;
-
         default:
             return PSA_ALG_NONE;
     }
@@ -1238,10 +980,6 @@ psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_c
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
             return PSA_KEY_USAGE_SIGN_HASH;
 
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return PSA_KEY_USAGE_DERIVE;
-
         default:
             return 0;
     }
@@ -1272,8 +1010,6 @@ int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info)
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
             return 1;
 
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index d1db2dba46..54199dba8a 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -45,8 +45,6 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_
 static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_PSK:
             return 1;
 
@@ -60,9 +58,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
 static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return 1;
+    return 1;
 
         default:
             return 0;
@@ -73,9 +69,7 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuit
 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
             return 1;
 
@@ -87,9 +81,7 @@ static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_cip
 static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
             return 1;
 
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 78bcb92f4c..38db9cd103 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -8623,11 +8623,6 @@ int mbedtls_ssl_check_cert_usage(const mbedtls_x509_crt *cert,
                 usage = MBEDTLS_X509_KU_DIGITAL_SIGNATURE;
                 break;
 
-            case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-            case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-                usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
-                break;
-
             /* Don't use default: we want warnings when adding new values */
             case MBEDTLS_KEY_EXCHANGE_NONE:
             case MBEDTLS_KEY_EXCHANGE_PSK:
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 2129da122d..7675f95e37 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -1732,71 +1732,6 @@ static int ssl_parse_server_psk_hint(mbedtls_ssl_context *ssl,
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    mbedtls_pk_context *peer_pk;
-
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    peer_pk = &ssl->handshake->peer_pubkey;
-#else /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-    if (ssl->session_negotiate->peer_cert == NULL) {
-        /* Should never happen */
-        MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
-        return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-    }
-    peer_pk = &ssl->session_negotiate->peer_cert->pk;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    /* This is a public key, so it can't be opaque, so can_do() is a good
-     * enough check to ensure pk_ec() is safe to use below. */
-    if (!mbedtls_pk_can_do(peer_pk, MBEDTLS_PK_ECKEY)) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("server key not ECDH capable"));
-        return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-    }
-
-    uint16_t tls_id = 0;
-    psa_key_type_t key_type = PSA_KEY_TYPE_NONE;
-    mbedtls_ecp_group_id grp_id = mbedtls_pk_get_ec_group_id(peer_pk);
-
-    if (mbedtls_ssl_check_curve(ssl, grp_id) != 0) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("bad server certificate (ECDH curve)"));
-        return MBEDTLS_ERR_SSL_BAD_CERTIFICATE;
-    }
-
-    tls_id = mbedtls_ssl_get_tls_id_from_ecp_group_id(grp_id);
-    if (tls_id == 0) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("ECC group %u not supported",
-                                  grp_id));
-        return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
-    }
-
-    /* If the above conversion to TLS ID was fine, then also this one will be,
-       so there is no need to check the return value here */
-    mbedtls_ssl_get_psa_curve_info_from_tls_id(tls_id, &key_type,
-                                               &ssl->handshake->xxdh_psa_bits);
-
-    ssl->handshake->xxdh_psa_type = key_type;
-
-    /* Store peer's public key in psa format. */
-    memcpy(ssl->handshake->xxdh_psa_peerkey, peer_pk->pub_raw, peer_pk->pub_raw_len);
-    ssl->handshake->xxdh_psa_peerkey_len = peer_pk->pub_raw_len;
-    ret = 0;
-#if !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    /* We don't need the peer's public key anymore. Free it,
-     * so that more RAM is available for upcoming expensive
-     * operations like ECDHE. */
-    mbedtls_pk_free(peer_pk);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
-    return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
 MBEDTLS_CHECK_RETURN_CRITICAL
 static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
 {
@@ -1807,28 +1742,6 @@ static int ssl_parse_server_key_exchange(mbedtls_ssl_context *ssl)
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse server key exchange"));
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
-        if ((ret = ssl_get_ecdh_params_from_cert(ssl)) != 0) {
-            MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
-            mbedtls_ssl_send_alert_message(
-                ssl,
-                MBEDTLS_SSL_ALERT_LEVEL_FATAL,
-                MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE);
-            return ret;
-        }
-
-        MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
-        mbedtls_ssl_handshake_increment_state(ssl);
-        return 0;
-    }
-    ((void) p);
-    ((void) end);
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
     if (ssl->handshake->ecrs_enabled &&
         ssl->handshake->ecrs_state == ssl_ecrs_ske_start_processing) {
@@ -2380,13 +2293,9 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write client key exchange"));
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_status_t destruction_status = PSA_ERROR_CORRUPTION_DETECTED;
         psa_key_attributes_t key_attributes;
@@ -2460,9 +2369,7 @@ static int ssl_write_client_key_exchange(mbedtls_ssl_context *ssl)
         }
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK) {
         psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 181c6de3a0..96598cc427 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2513,100 +2513,6 @@ static int ssl_write_certificate_request(mbedtls_ssl_context *ssl)
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED */
 
-#if (defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED))
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-    mbedtls_pk_context *pk;
-    mbedtls_pk_type_t pk_type;
-    psa_key_attributes_t key_attributes = PSA_KEY_ATTRIBUTES_INIT;
-    unsigned char buf[PSA_KEY_EXPORT_ECC_KEY_PAIR_MAX_SIZE(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
-    size_t key_len;
-
-    pk = mbedtls_ssl_own_key(ssl);
-
-    if (pk == NULL) {
-        return MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
-    }
-
-    pk_type = mbedtls_pk_get_type(pk);
-
-    switch (pk_type) {
-        case MBEDTLS_PK_OPAQUE:
-        case MBEDTLS_PK_ECKEY:
-        case MBEDTLS_PK_ECKEY_DH:
-        case MBEDTLS_PK_ECDSA:
-            if (!mbedtls_pk_can_do(pk, MBEDTLS_PK_ECKEY)) {
-                return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-            }
-
-            /* Get the attributes of the key previously parsed by PK module in
-             * order to extract its type and length (in bits). */
-            status = psa_get_key_attributes(pk->priv_id, &key_attributes);
-            if (status != PSA_SUCCESS) {
-                ret = PSA_TO_MBEDTLS_ERR(status);
-                goto exit;
-            }
-            ssl->handshake->xxdh_psa_type = psa_get_key_type(&key_attributes);
-            ssl->handshake->xxdh_psa_bits = psa_get_key_bits(&key_attributes);
-
-            if (pk_type != MBEDTLS_PK_OPAQUE) {
-                /* PK_ECKEY[_DH] and PK_ECDSA instead as parsed from the PK
-                 * module and only have ECDSA capabilities. Since we need
-                 * them for ECDH later, we export and then re-import them with
-                 * proper flags and algorithm. Of course We also set key's type
-                 * and bits that we just got above. */
-                key_attributes = psa_key_attributes_init();
-                psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_DERIVE);
-                psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDH);
-                psa_set_key_type(&key_attributes,
-                                 PSA_KEY_TYPE_ECC_KEY_PAIR(ssl->handshake->xxdh_psa_type));
-                psa_set_key_bits(&key_attributes, ssl->handshake->xxdh_psa_bits);
-
-                status = psa_export_key(pk->priv_id, buf, sizeof(buf), &key_len);
-                if (status != PSA_SUCCESS) {
-                    ret = PSA_TO_MBEDTLS_ERR(status);
-                    goto exit;
-                }
-                status = psa_import_key(&key_attributes, buf, key_len,
-                                        &ssl->handshake->xxdh_psa_privkey);
-                if (status != PSA_SUCCESS) {
-                    ret = PSA_TO_MBEDTLS_ERR(status);
-                    goto exit;
-                }
-
-                /* Set this key as owned by the TLS library: it will be its duty
-                 * to clear it exit. */
-                ssl->handshake->xxdh_psa_privkey_is_external = 0;
-
-                ret = 0;
-                break;
-            }
-
-            /* Opaque key is created by the user (externally from Mbed TLS)
-             * so we assume it already has the right algorithm and flags
-             * set. Just copy its ID as reference. */
-            ssl->handshake->xxdh_psa_privkey = pk->priv_id;
-            ssl->handshake->xxdh_psa_privkey_is_external = 1;
-            ret = 0;
-            break;
-
-        default:
-            ret = MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
-    }
-
-exit:
-    psa_reset_key_attributes(&key_attributes);
-    mbedtls_platform_zeroize(buf, sizeof(buf));
-
-    return ret;
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
-
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
     defined(MBEDTLS_SSL_ASYNC_PRIVATE)
 MBEDTLS_CHECK_RETURN_CRITICAL
@@ -3210,13 +3116,9 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                     \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                   \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                      \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
-        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA) {
+        ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA) {
         size_t data_len = (size_t) (*p++);
         size_t buf_len = (size_t) (end - p);
         psa_status_t status = PSA_ERROR_GENERIC_ERROR;
@@ -3279,9 +3181,7 @@ static int ssl_parse_client_key_exchange(mbedtls_ssl_context *ssl)
         handshake->xxdh_psa_privkey = MBEDTLS_SVC_KEY_ID_INIT;
     } else
 #endif /* MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
-          MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+          MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
     if (ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK) {
         if ((ret = ssl_parse_client_psk_identity(ssl, &p, end)) != 0) {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index be2b040c29..38a5d85e7d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -437,7 +437,6 @@ component_test_everest_curve25519_only () {
     scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
     scripts/config.py unset PSA_WANT_ALG_ECDSA
     scripts/config.py set PSA_WANT_ALG_ECDH
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_ECJPAKE_C
     scripts/config.py unset PSA_WANT_ALG_JPAKE
@@ -574,7 +573,6 @@ component_test_psa_crypto_config_accel_ecdsa () {
 
     # Disable things that depend on it
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 
     # Build
     # -----
@@ -615,8 +613,6 @@ component_test_psa_crypto_config_accel_ecdh () {
     scripts/config.py unset MBEDTLS_ECDH_C
 
     # Disable things that depend on it
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@@ -1147,7 +1143,6 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
     scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
     # Also disable key exchanges that depend on RSA
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
     if [ "$test_target" = "ECC" ]; then
         # When testing ECC only, we disable FFDH support, both from builtin and
@@ -1496,7 +1491,8 @@ component_test_new_psa_want_key_pair_symbol () {
     scripts/config.py crypto
 
     # Remove RSA support and its dependencies
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
+    scripts/config.py unset MBEDTLS_PKCS1_V15
+    scripts/config.py unset MBEDTLS_PKCS1_V21
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
     scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index cd91b78479..34ecf4cdbc 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -280,7 +280,6 @@ REVERSE_DEPENDENCIES = {
 
     'PSA_WANT_ALG_ECDSA': ['PSA_WANT_ALG_DETERMINISTIC_ECDSA',
                            'MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED',
-                           'MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED',
                            'MBEDTLS_ECDSA_C'],
     'PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC': [
         'PSA_WANT_ALG_ECDSA',
@@ -294,7 +293,6 @@ REVERSE_DEPENDENCIES = {
         'MBEDTLS_ECP_RESTARTABLE',
         'MBEDTLS_PK_PARSE_EC_EXTENDED',
         'MBEDTLS_PK_PARSE_EC_COMPRESSED',
-        'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED',
         'MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED',
         'MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED',
         'MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED',
@@ -313,7 +311,7 @@ REVERSE_DEPENDENCIES = {
         'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
         'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
         'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE',
-        'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
+        'MBEDTLS_RSA_C'],
 
     'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a90d5afa9f..a13afd6206 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -312,12 +312,9 @@ requires_any_configs_disabled() {
 }
 
 TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
-                                MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
-                                MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \
-                                MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
+                                MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
 
-TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
-                                      MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
+TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
 
 TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
                                         MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index ec62c2cb2e..6c5e718c60 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -380,10 +380,6 @@ Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
 
-Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
-
 Handshake, PSK-WITH-AES-128-CBC-SHA
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
@@ -408,10 +404,6 @@ DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
 
-DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
-
 DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
 depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:PSA_WANT_ALG_SHA_1:MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":1
@@ -479,42 +471,6 @@ Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
 depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CCM:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
 handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
 
-Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
-
-Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
-
-Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_HAVE_ALG_ECDSA_SIGN:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-
-Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
-handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-
-Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_PSA_CRYPTO_C
-handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
-
-Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_CAMELLIA:PSA_WANT_ALG_CBC_NO_PADDING:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
-handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
 Sending app data via TLS, MFL=512 without fragmentation
 depends_on:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 app_data_tls:MBEDTLS_SSL_MAX_FRAG_LEN_512:400:512:1:1

From 558766d814c42d49c7a3548bbfcb97bb078c8b01 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 11 Jul 2025 08:37:22 +0100
Subject: [PATCH 174/216] Remove additional ifdef's

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h  |  6 ++----
 library/ssl_ciphersuites_internal.h | 12 ------------
 library/ssl_tls12_server.c          | 15 +--------------
 3 files changed, 3 insertions(+), 30 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index d6c0667aa6..11eaf6ba14 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -217,8 +217,7 @@ typedef enum {
 #endif
 
 /* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 #endif
 
@@ -244,8 +243,7 @@ typedef enum {
 #endif
 
 /* TLS 1.2 key exchanges using ECDH or ECDHE*/
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED
 #endif
 
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index 54199dba8a..2e9f077571 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -54,18 +54,6 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-    return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 96598cc427..755b837bca 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -22,8 +22,7 @@
 
 /* Define a local translating function to save code size by not using too many
  * arguments in each translating place. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED) || \
-    defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
 static int local_err_translation(psa_status_t status)
 {
     return psa_status_to_mbedtls(status, psa_to_ssl_errors,
@@ -2914,18 +2913,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
     /* Extract static ECDH parameters and abort if ServerKeyExchange
      * is not needed. */
     if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
-        /* For suites involving ECDH, extract DH parameters
-         * from certificate at this point. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-        if (mbedtls_ssl_ciphersuite_uses_ecdh(ciphersuite_info)) {
-            ret = ssl_get_ecdh_params_from_cert(ssl);
-            if (ret != 0) {
-                MBEDTLS_SSL_DEBUG_RET(1, "ssl_get_ecdh_params_from_cert", ret);
-                return ret;
-            }
-        }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
         /* Key exchanges not involving ephemeral keys don't use
          * ServerKeyExchange, so end here. */
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange"));

From 50b45a98ce54b977eaf66f932ba2d571c0365692 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 17 Jul 2025 10:43:05 +0100
Subject: [PATCH 175/216] Reverted changes to config-split

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 docs/proposed/config-split.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/docs/proposed/config-split.md b/docs/proposed/config-split.md
index aa1090328f..1baab356b2 100644
--- a/docs/proposed/config-split.md
+++ b/docs/proposed/config-split.md
@@ -392,6 +392,8 @@ PSA_WANT_\* macros as in current `crypto_config.h`.
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 //#define MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED

From 4d7f715c0775144bb8be651ee8157e7ba78d6577 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 23 Jul 2025 09:56:11 +0100
Subject: [PATCH 176/216] Remove further symbols that are not required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 29 ---------------------
 library/ssl_ciphersuites.c         | 42 ------------------------------
 2 files changed, 71 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 11eaf6ba14..5ef0786eb5 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -38,38 +38,25 @@ extern "C" {
 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
 
 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A
 
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F
-
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A /**< TLS 1.2 */
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
 
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036
@@ -81,20 +68,12 @@ extern "C" {
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256  0xC04A /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384  0xC04B /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256   0xC04C /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384   0xC04D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256    0xC04E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384    0xC04F /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256  0xC05E /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384  0xC05F /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256   0xC060 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384   0xC061 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256    0xC062 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384    0xC063 /**< TLS 1.2 */
 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256         0xC064 /**< TLS 1.2 */
 #define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384         0xC065 /**< TLS 1.2 */
 #define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256         0xC06A /**< TLS 1.2 */
@@ -104,21 +83,13 @@ extern "C" {
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D /**< TLS 1.2 */
 
 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E /**< TLS 1.2 */
 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F /**< TLS 1.2 */
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index 961a4205e7..39826eee66 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -109,46 +109,6 @@ static const int ciphersuite_preference[] =
     /* The ECJPAKE suite */
     MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8,
 
-    /* All AES-256 suites */
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
-
-    /* All CAMELLIA-256 suites */
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384,
-
-    /* All ARIA-256 suites */
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384,
-
-    /* All AES-128 suites */
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
-
-    /* All CAMELLIA-128 suites */
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256,
-
-    /* All ARIA-128 suites */
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256,
-    MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256,
-
     /* The PSK suites */
     MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
     MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384,
@@ -178,8 +138,6 @@ static const int ciphersuite_preference[] =
     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256,
     MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA,
 
-    MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA,
-    MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA,
     MBEDTLS_TLS_PSK_WITH_NULL_SHA384,
     MBEDTLS_TLS_PSK_WITH_NULL_SHA256,
     MBEDTLS_TLS_PSK_WITH_NULL_SHA,

From 3116f2febeab278b9be662ac236c0297e67229f6 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 30 Jul 2025 10:48:45 +0100
Subject: [PATCH 177/216] Remove further symbols

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 2 --
 1 file changed, 2 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5ef0786eb5..17666b2de2 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -37,8 +37,6 @@ extern "C" {
 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0   /**< Weak! */
 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1   /**< Weak! */
 
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
-
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A

From 39280a411055cf3318bc6f5f1db137d06be41b8f Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 30 Jul 2025 13:43:21 +0100
Subject: [PATCH 178/216] Remove ECDH from ssl-opt

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 63 ++++++------------------------------------------
 1 file changed, 7 insertions(+), 56 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index a13afd6206..9a6b5bfd92 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -433,14 +433,12 @@ requires_cipher_enabled() {
 # - $1 = command line (call to a TLS client or server program)
 # - $2 = client/server
 # - $3 = TLS version (TLS12 or TLS13)
-# - $4 = Use an external tool without ECDH support
-# - $5 = run test options
+# - $4 = run test options
 detect_required_features() {
     CMD_LINE=$1
     ROLE=$2
     TLS_VERSION=$3
-    EXT_WO_ECDH=$4
-    TEST_OPTIONS=${5:-}
+    TEST_OPTIONS=${4:-}
 
     case "$CMD_LINE" in
         *\ force_version=*)
@@ -522,24 +520,9 @@ detect_required_features() {
             else
                 # For TLS12 requirements are different between server and client
                 if [ "$ROLE" = "server" ]; then
-                    # If the server uses "server5*" certificates, then an ECDSA based
-                    # key exchange is required. However gnutls also does not
-                    # support ECDH, so this limit the choice to ECDHE-ECDSA
-                    if [ "$EXT_WO_ECDH" = "yes" ]; then
-                        requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-                    else
-                        requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
-                    fi
+                    requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
                 elif [ "$ROLE" = "client" ]; then
-                    # On the client side it is enough to have any certificate
-                    # based authentication together with support for ECDSA.
-                    # Of course the GnuTLS limitation mentioned above applies
-                    # also here.
-                    if [ "$EXT_WO_ECDH" = "yes" ]; then
-                        requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH
-                    else
-                        requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
-                    fi
+                    requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH
                     requires_pk_alg "ECDSA"
                 fi
             fi
@@ -801,10 +784,6 @@ requires_openssl_tls1_3_with_ffdh() {
 # skip next test if openssl cannot handle ephemeral key exchange
 requires_openssl_tls1_3_with_compatible_ephemeral() {
     requires_openssl_next
-
-    if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then
-        requires_openssl_tls1_3_with_ffdh
-    fi
 }
 
 # skip next test if tls1_3 is not available
@@ -1302,28 +1281,6 @@ is_gnutls() {
     esac
 }
 
-# Some external tools (gnutls or openssl) might not have support for static ECDH
-# and this limit the tests that can be run with them. This function checks server
-# and client command lines, given as input, to verify if the current test
-# is using one of these tools.
-use_ext_tool_without_ecdh_support() {
-    case "$1" in
-        *$GNUTLS_SERV*|\
-        *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\
-        *${OPENSSL_NEXT:-"openssl-dummy"}*)
-                echo "yes"
-                return;;
-    esac
-    case "$2" in
-        *$GNUTLS_CLI*|\
-        *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\
-        *${OPENSSL_NEXT:-"openssl-dummy"}*)
-                echo "yes"
-                return;;
-    esac
-    echo "no"
-}
-
 # Generate random psk_list argument for ssl_server2
 get_srv_psk_list ()
 {
@@ -1810,26 +1767,20 @@ run_test() {
         requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
     fi
 
-    # Check if we are trying to use an external tool which does not support ECDH
-    EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD")
 
     # Guess the TLS version which is going to be used.
     # Note that this detection is wrong in some cases, which causes unduly
     # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
     # https://github.com/Mbed-TLS/mbedtls/issues/9560
-    if [ "$EXT_WO_ECDH" = "no" ]; then
-        TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
-    else
-        TLS_VERSION="TLS12"
-    fi
+    TLS_VERSION="TLS12"
 
     # If we're in a PSK-only build and the test can be adapted to PSK, do that.
     maybe_adapt_for_psk "$@"
 
     # If the client or server requires certain features that can be detected
     # from their command-line arguments, check whether they're enabled.
-    detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
-    detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@"
+    detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@"
+    detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@"
 
     # should we skip?
     if [ "X$SKIP_NEXT" = "XYES" ]; then

From dbf397710743ff01e403217de81fcc2d97c64d70 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 11 Aug 2025 11:22:50 +0100
Subject: [PATCH 179/216] Remove tests from ssl-opt.sh that are depedendent the
 removed ECDH algorithm's

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9a6b5bfd92..b67a371134 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2627,30 +2627,6 @@ run_test    "Unique IV in GCM" \
             -u "IV used" \
             -U "IV used"
 
-# Test for correctness of sent single supported algorithm
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-requires_config_enabled MBEDTLS_DEBUG_C
-requires_config_enabled MBEDTLS_SSL_CLI_C
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
-requires_pk_alg "ECDSA"
-requires_hash_alg SHA_256
-run_test    "Single supported algorithm sending: mbedtls client" \
-            "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
-            "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \
-            0 \
-            -c "Supported Signature Algorithm found: 04 03"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_SRV_C
-requires_config_enabled PSA_WANT_ECC_SECP_R1_256
-requires_hash_alg SHA_256
-run_test    "Single supported algorithm sending: openssl client" \
-            "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
-            "$O_CLI -cert $DATA_FILES_PATH/server6.crt \
-                    -key $DATA_FILES_PATH/server6.key" \
-            0
-
 # Tests for certificate verification callback
 run_test    "Configuration-specific CRT verification callback" \
             "$P_SRV debug_level=3" \

From 0a7c5588db6f793cca03ba43226d7b411440dae6 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 11 Aug 2025 14:43:32 +0100
Subject: [PATCH 180/216] Remove further ECDH tests

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 77 +-----------------------------------------------
 1 file changed, 1 insertion(+), 76 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index b67a371134..401ca85d4c 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2306,22 +2306,7 @@ run_test    "Opaque key for server authentication: ECDHE-ECDSA" \
             -C "error"
 
 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: ECDH-" \
-            "$P_SRV auth_mode=required key_opaque=1\
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\
-             key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \
-            "$P_CLI force_version=tls12" \
-            0 \
-            -c "Verifying peer X.509 certificate... ok" \
-            -c "Ciphersuite is TLS-ECDH-" \
-            -s "key types: Opaque, none" \
-            -s "Ciphersuite is TLS-ECDH-" \
-            -S "error" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled PSA_WANT_ALG_ECDSA
+requires_config_enabled MBEDTLS_ECDSA_C
 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
 requires_hash_alg SHA_256
@@ -6103,31 +6088,6 @@ run_test "Authentication: hostname unset, client default, server picks PSK, 1.3"
          -C "x509_verify_cert() returned -" \
          -C "X509 - Certificate verification failed"
 
-# The purpose of the next two tests is to test the client's behaviour when receiving a server
-# certificate with an unsupported elliptic curve. This should usually not happen because
-# the client informs the server about the supported curves - it does, though, in the
-# corner case of a static ECDH suite, because the server doesn't check the curve on that
-# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
-# different means to have the server ignoring the client's supported curve list.
-
-run_test    "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
-            1 \
-            -c "bad certificate (EC key curve)"\
-            -c "! Certificate verification flags"\
-            -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-
-run_test    "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
-            1 \
-            -c "bad certificate (EC key curve)"\
-            -c "! Certificate verification flags"\
-            -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication: client SHA256, server required" \
             "$P_SRV auth_mode=required" \
@@ -6480,33 +6440,6 @@ run_test    "Authentication, CA callback: server badcert, client none" \
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-# The purpose of the next two tests is to test the client's behaviour when receiving a server
-# certificate with an unsupported elliptic curve. This should usually not happen because
-# the client informs the server about the supported curves - it does, though, in the
-# corner case of a static ECDH suite, because the server doesn't check the curve on that
-# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
-# different means to have the server ignoring the client's supported curve list.
-
-run_test    "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
-            1 \
-            -c "use CA callback for X.509 CRT verification" \
-            -c "bad certificate (EC key curve)" \
-            -c "! Certificate verification flags" \
-            -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
-
-run_test    "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
-            "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
-            1 \
-            -c "use CA callback for X.509 CRT verification" \
-            -c "bad certificate (EC key curve)"\
-            -c "! Certificate verification flags"\
-            -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
-
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication, CA callback: client SHA384, server required" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@@ -7911,14 +7844,6 @@ run_test    "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \
             0 \
             -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
 
-
-run_test    "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \
-            "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
-            "$P_CLI" \
-            0 \
-            -c "Ciphersuite is TLS-ECDH-"
-
 run_test    "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \
             "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
              crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \

From 5802394451911448c020daa791f0b1a07f6f1b66 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 12 Aug 2025 08:20:07 +0100
Subject: [PATCH 181/216] Remove further ECDH testd from ssl-opt.sh

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 31 -------------------------------
 1 file changed, 31 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 401ca85d4c..0b182c93d0 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2305,37 +2305,6 @@ run_test    "Opaque key for server authentication: ECDHE-ECDSA" \
             -S "error" \
             -C "error"
 
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_ECDSA_C
-requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
-requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
-            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
-             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
-             debug_level=1" \
-            "$P_CLI force_version=tls12" \
-            1 \
-            -s "key types: Opaque, none" \
-            -s "error" \
-            -c "error" \
-            -c "Public key type mismatch"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
-            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
-             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
-             debug_level=1" \
-            "$P_CLI force_version=tls12" \
-            1 \
-            -s "key types: Opaque, none" \
-            -s "got ciphersuites in common, but none of them usable" \
-            -s "error" \
-            -c "error"
-
 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_hash_alg SHA_256
 run_test    "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \

From fbd806ae95a656f1c474a3435ab17ceffc235491 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 12 Aug 2025 11:41:20 +0100
Subject: [PATCH 182/216] Remove everest ECDH test as it is no longer required

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 .../components-configuration-crypto.sh        | 22 -------------------
 1 file changed, 22 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 38a5d85e7d..c103a6420e 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -430,28 +430,6 @@ component_test_everest () {
     tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
 }
 
-component_test_everest_curve25519_only () {
-    msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
-    scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-    scripts/config.py unset MBEDTLS_ECDSA_C
-    scripts/config.py unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
-    scripts/config.py unset PSA_WANT_ALG_ECDSA
-    scripts/config.py set PSA_WANT_ALG_ECDH
-    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-    scripts/config.py unset MBEDTLS_ECJPAKE_C
-    scripts/config.py unset PSA_WANT_ALG_JPAKE
-
-    # Disable all curves
-    scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
-    scripts/config.py unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
-    scripts/config.py set PSA_WANT_ECC_MONTGOMERY_255
-
-    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
-
-    msg "test: Everest ECDH context, only Curve25519" # ~ 50s
-    make test
-}
-
 component_test_psa_collect_statuses () {
   msg "build+test: psa_collect_statuses" # ~30s
   scripts/config.py full

From a1914ef45371d0491e35cf460bf9e12c7c29f029 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 12 Aug 2025 11:56:04 +0100
Subject: [PATCH 183/216] further removals of ssh tests from ssl-opt

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0b182c93d0..29d0b3f53f 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2337,24 +2337,6 @@ run_test    "Opaque keys for server authentication: EC keys with different algs,
             -S "error" \
             -C "error"
 
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_hash_alg SHA_384
-requires_config_disabled MBEDTLS_X509_REMOVE_INFO
-run_test    "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
-            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \
-             key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \
-             crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \
-             key_opaque_algs2=ecdh,none debug_level=3" \
-            "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \
-            0 \
-            -c "Verifying peer X.509 certificate... ok" \
-            -c "Ciphersuite is TLS-ECDH-ECDSA" \
-            -c "CN=Polarssl Test EC CA" \
-            -s "key types: Opaque, Opaque" \
-            -s "Ciphersuite is TLS-ECDH-ECDSA" \
-            -S "error" \
-            -C "error"
-
 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_hash_alg SHA_384
 requires_config_disabled MBEDTLS_X509_REMOVE_INFO

From 1d651cc8a17d11380c5584cd0dcd6c52264b8cfa Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 12 Aug 2025 14:24:49 +0100
Subject: [PATCH 184/216] Remove additional occurances of static ECDH symbols

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h |  1 -
 tests/compat.sh                    | 15 ---------------
 2 files changed, 16 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 17666b2de2..48e77d1026 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -47,7 +47,6 @@ extern "C" {
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028 /**< TLS 1.2 */
 
diff --git a/tests/compat.sh b/tests/compat.sh
index a11fffda06..2b6f454127 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -359,13 +359,6 @@ add_openssl_ciphersuites()
 
         "ECDSA")
             CIPHERS="$CIPHERS                                   \
-                TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA             \
-                TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256          \
-                TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256          \
-                TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA             \
-                TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384          \
-                TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384          \
-                TLS_ECDH_ECDSA_WITH_NULL_SHA                    \
                 TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256        \
                 TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384        \
                 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256   \
@@ -468,14 +461,6 @@ add_mbedtls_ciphersuites()
 
         "ECDSA")
             M_CIPHERS="$M_CIPHERS                               \
-                TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256         \
-                TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256         \
-                TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384         \
-                TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384         \
-                TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256     \
-                TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256     \
-                TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384     \
-                TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384     \
                 TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256        \
                 TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384        \
                 "

From 013f8aee4ef26fea69dfbb25e887ab7504e09abe Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:03:57 +0100
Subject: [PATCH 185/216] Replace MBEDTLS_KEY_EXCHANGE_PSK_ENABLED with
 MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 48e77d1026..05cd666ffc 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -185,7 +185,7 @@ typedef enum {
 #endif
 
 /* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 #endif
 

From b2f6a69d852a3cb621be9fde4427766e79d4bd0c Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:08:00 +0100
Subject: [PATCH 186/216] Replace MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED with
 MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 05cd666ffc..80d5c7efd6 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -210,8 +210,8 @@ typedef enum {
 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
 #endif
 
-/* TLS 1.2 key exchanges using ECDH or ECDHE*/
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+/* TLS 1.2 key exchanges using ECDHE*/
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED
 #endif
 

From 844a264317b573c88c4658be83ae56e809b641de Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:10:55 +0100
Subject: [PATCH 187/216] Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index c103a6420e..fcca5ffa0a 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1469,8 +1469,6 @@ component_test_new_psa_want_key_pair_symbol () {
     scripts/config.py crypto
 
     # Remove RSA support and its dependencies
-    scripts/config.py unset MBEDTLS_PKCS1_V15
-    scripts/config.py unset MBEDTLS_PKCS1_V21
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
     scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
 

From 0fe02bb1bfa8c070e518756634ce78716ae9b721 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:20:03 +0100
Subject: [PATCH 188/216] Removed TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT as it is
 no longer used

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 29d0b3f53f..7976eec6a7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -314,8 +314,6 @@ requires_any_configs_disabled() {
 TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
                                 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
 
-TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
-
 TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
                                         MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
 

From e16798ec67befca59c1858ee07a12087cf850bb7 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:25:11 +0100
Subject: [PATCH 189/216] Re-add reference to PSA_WANT_ALG_ECDH as this will be
 mantained

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 7976eec6a7..8633953f90 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -782,6 +782,11 @@ requires_openssl_tls1_3_with_ffdh() {
 # skip next test if openssl cannot handle ephemeral key exchange
 requires_openssl_tls1_3_with_compatible_ephemeral() {
     requires_openssl_next
+
+    if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then
+        requires_openssl_tls1_3_with_ffdh
+    fi
+
 }
 
 # skip next test if tls1_3 is not available

From b191c02f6bf582aa0961f943ff207d49b28dab15 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:28:42 +0100
Subject: [PATCH 190/216] Correct style issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 1 -
 1 file changed, 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8633953f90..4a22686757 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -786,7 +786,6 @@ requires_openssl_tls1_3_with_compatible_ephemeral() {
     if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then
         requires_openssl_tls1_3_with_ffdh
     fi
-
 }
 
 # skip next test if tls1_3 is not available

From 6f0eb791110b1d929df6002ba2a8a0c7b0ab6dfb Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 08:37:23 +0100
Subject: [PATCH 191/216] Use get_tls_version to determine TLS_VERSION instead
 of statically assigning it

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4a22686757..2978a0e401 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1774,7 +1774,7 @@ run_test() {
     # Note that this detection is wrong in some cases, which causes unduly
     # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
     # https://github.com/Mbed-TLS/mbedtls/issues/9560
-    TLS_VERSION="TLS12"
+    TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD");
 
     # If we're in a PSK-only build and the test can be adapted to PSK, do that.
     maybe_adapt_for_psk "$@"

From 59213b66df2286039904f68c43d3318deab4182f Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 14 Aug 2025 10:01:06 +0100
Subject: [PATCH 192/216] Re-add everest test, as it was mislabelled

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 .../components-configuration-crypto.sh        | 23 +++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index fcca5ffa0a..05c480675c 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -430,6 +430,29 @@ component_test_everest () {
     tests/compat.sh -f ECDH -V NO -e 'ARIA\|CAMELLIA\|CHACHA'
 }
 
+component_test_everest_curve25519_only () {
+    msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
+    scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+    scripts/config.py unset MBEDTLS_ECDSA_C
+    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA
+    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_ECDSA
+    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ALG_ECDH
+    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+    scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+    scripts/config.py unset MBEDTLS_ECJPAKE_C
+    scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+
+    # Disable all curves
+    scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
+    scripts/config.py -c $CRYPTO_CONFIG_H unset-all "PSA_WANT_ECC_[0-9A-Z_a-z]*$"
+    scripts/config.py -c $CRYPTO_CONFIG_H set PSA_WANT_ECC_MONTGOMERY_255
+
+    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS"
+
+    msg "test: Everest ECDH context, only Curve25519" # ~ 50s
+    make test
+}
+
 component_test_psa_collect_statuses () {
   msg "build+test: psa_collect_statuses" # ~30s
   scripts/config.py full

From 677994af64b1e577c7aba3231efab75cbe95566a Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 15 Aug 2025 08:22:04 +0100
Subject: [PATCH 193/216] Change ecdh to ecdhe on everest test

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 05c480675c..b153fc043d 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -431,7 +431,7 @@ component_test_everest () {
 }
 
 component_test_everest_curve25519_only () {
-    msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
+    msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min
     scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
     scripts/config.py unset MBEDTLS_ECDSA_C
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA

From a7b3f26864bd413a5de083778f9be4c5f37d6b40 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 15 Aug 2025 09:31:17 +0100
Subject: [PATCH 194/216] reverted change to
 MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED, as it appears it could be causing
 issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 80d5c7efd6..cc9f8d819d 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -185,7 +185,7 @@ typedef enum {
 #endif
 
 /* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 #endif
 

From 7b14d8228e0103d42cb91567d1ad5b4f4b552607 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 18 Aug 2025 10:45:00 +0100
Subject: [PATCH 195/216] Reverting TLS_VERSION derivation improvement, as it
 appear to be causing issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2978a0e401..4a22686757 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1774,7 +1774,7 @@ run_test() {
     # Note that this detection is wrong in some cases, which causes unduly
     # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
     # https://github.com/Mbed-TLS/mbedtls/issues/9560
-    TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD");
+    TLS_VERSION="TLS12"
 
     # If we're in a PSK-only build and the test can be adapted to PSK, do that.
     maybe_adapt_for_psk "$@"

From c8823a262d4985757f03e2b4cc7eca4ac7932bb3 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 18 Aug 2025 14:17:19 +0100
Subject: [PATCH 196/216] Remove MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED as it
 appears to be causing issues

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index cc9f8d819d..48e77d1026 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -210,8 +210,8 @@ typedef enum {
 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
 #endif
 
-/* TLS 1.2 key exchanges using ECDHE*/
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED)
+/* TLS 1.2 key exchanges using ECDH or ECDHE*/
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_1_2_ENABLED
 #endif
 

From 4766a23f9cf4fbd1f87ac6cc7cd403fd0e252ea5 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 2 Sep 2025 08:26:07 +0100
Subject: [PATCH 197/216] change MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED to
 MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 48e77d1026..d3519f1969 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -198,7 +198,7 @@ typedef enum {
 #endif
 
 /* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)           || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 #endif

From f57293654e7ab62960400dc425441d3faef0a1a4 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 2 Sep 2025 13:10:52 +0100
Subject: [PATCH 198/216] Revert change to Everest test message back to ECDH

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index b153fc043d..05c480675c 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -431,7 +431,7 @@ component_test_everest () {
 }
 
 component_test_everest_curve25519_only () {
-    msg "build: Everest ECDHE context, only Curve25519" # ~ 6 min
+    msg "build: Everest ECDH context, only Curve25519" # ~ 6 min
     scripts/config.py set MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
     scripts/config.py unset MBEDTLS_ECDSA_C
     scripts/config.py -c $CRYPTO_CONFIG_H unset PSA_WANT_ALG_DETERMINISTIC_ECDSA

From 837167404876a715b659c34ceed82cdea9dd57dc Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 3 Sep 2025 08:16:52 +0100
Subject: [PATCH 199/216] re-add TLS_VERSION derivation

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 4a22686757..1a30d0e2af 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1774,7 +1774,7 @@ run_test() {
     # Note that this detection is wrong in some cases, which causes unduly
     # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
     # https://github.com/Mbed-TLS/mbedtls/issues/9560
-    TLS_VERSION="TLS12"
+    TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD")
 
     # If we're in a PSK-only build and the test can be adapted to PSK, do that.
     maybe_adapt_for_psk "$@"

From 120bd868b6d85254eec5eeadd989deb19645497a Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 3 Sep 2025 15:33:46 +0100
Subject: [PATCH 200/216] add filter to component_full_without_ecdhe_ecdsa

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-tls.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index b74b30477c..28f4f79515 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -235,6 +235,7 @@ component_test_small_mbedtls_ssl_dtls_max_buffering () {
 # - test only TLS (i.e. test_suite_tls and ssl-opt)
 build_full_minus_something_and_test_tls () {
     symbols_to_disable="$1"
+    filter="${2-.}"
 
     msg "build: full minus something, test TLS"
 
@@ -250,11 +251,12 @@ build_full_minus_something_and_test_tls () {
     ( cd tests; ./test_suite_ssl )
 
     msg "ssl-opt: full minus something, test TLS"
-    tests/ssl-opt.sh
+    tests/ssl-opt.sh -f "$filter"
 }
 
+#TODO raise a issue to explain this.
 component_full_without_ecdhe_ecdsa () {
-    build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
+    build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3'
 }
 
 component_full_without_ecdhe_ecdsa_and_tls13 () {

From 1a4f4b32a4059b5e0dc7c33a7d2a3999402c3b3b Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 4 Sep 2025 10:13:09 +0100
Subject: [PATCH 201/216] Add filter to test_tls13_only_ephemeral_ffdh to
 remove ffdh tests

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-tls.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index 28f4f79515..abee9f61b0 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -483,7 +483,7 @@ component_test_tls13_only_ephemeral_ffdh () {
     cd tests; ./test_suite_ssl; cd ..
 
     msg "ssl-opt.sh: TLS 1.3 only, only ephemeral ffdh key exchange mode"
-    tests/ssl-opt.sh
+    tests/ssl-opt.sh -f "ffdh"
 }
 
 component_test_tls13_only_psk_ephemeral () {

From a47fd0faf4b9fa78afc4c63358498b7440a694c3 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 4 Sep 2025 10:34:24 +0100
Subject: [PATCH 202/216] Add bug link to test modifications

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-tls.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/tests/scripts/components-configuration-tls.sh b/tests/scripts/components-configuration-tls.sh
index abee9f61b0..e9f2666d3f 100644
--- a/tests/scripts/components-configuration-tls.sh
+++ b/tests/scripts/components-configuration-tls.sh
@@ -254,7 +254,7 @@ build_full_minus_something_and_test_tls () {
     tests/ssl-opt.sh -f "$filter"
 }
 
-#TODO raise a issue to explain this.
+#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385.
 component_full_without_ecdhe_ecdsa () {
     build_full_minus_something_and_test_tls "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED" 'psk\|PSK\|1\.3'
 }
@@ -466,6 +466,7 @@ component_test_tls13_only_ephemeral () {
     tests/ssl-opt.sh
 }
 
+#These tests are temporarily disabled due to an unknown dependency of static ecdh as described in https://github.com/Mbed-TLS/mbedtls/issues/10385.
 component_test_tls13_only_ephemeral_ffdh () {
     msg "build: TLS 1.3 only from default, only ephemeral ffdh key exchange mode"
     scripts/config.py unset MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED

From 9e360b8f33410343d1d54d92197119ea7c2ad13d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 5 Sep 2025 09:09:28 +0100
Subject: [PATCH 203/216] Remove MBEDTLS_RSA_C from depends.py

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/depends.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/tests/scripts/depends.py b/tests/scripts/depends.py
index 34ecf4cdbc..ad78c26e1c 100755
--- a/tests/scripts/depends.py
+++ b/tests/scripts/depends.py
@@ -310,8 +310,7 @@ REVERSE_DEPENDENCIES = {
         'PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY',
         'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
         'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
-        'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE',
-        'MBEDTLS_RSA_C'],
+        'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE'],
 
     'PSA_WANT_ALG_SHA_224': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
                              'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT',

From 5cdbe308043883679b88b844a071e36c4f95f094 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 8 Sep 2025 13:12:43 +0100
Subject: [PATCH 204/216] replace MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 with MBEDTLS_KEY_EXCHANGE_PSK_ENABLED

After the ECDH keyexchange removal the two became synonyms so the former can
be removed.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 include/mbedtls/ssl_ciphersuites.h  | 7 +------
 library/ssl_ciphersuites_internal.h | 4 ++--
 library/ssl_tls12_server.c          | 8 ++++----
 3 files changed, 7 insertions(+), 12 deletions(-)

diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index d3519f1969..dfd369416b 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -184,11 +184,6 @@ typedef enum {
 #define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
 #endif
 
-/* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
-#endif
-
 /* Key exchanges that involve ephemeral keys */
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
@@ -198,7 +193,7 @@ typedef enum {
 #endif
 
 /* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)           || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
 #define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 #endif
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
index 2e9f077571..524e419f47 100644
--- a/library/ssl_ciphersuites_internal.h
+++ b/library/ssl_ciphersuites_internal.h
@@ -41,7 +41,7 @@ static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
 static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
     switch (info->MBEDTLS_PRIVATE(key_exchange)) {
@@ -52,7 +52,7 @@ static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t
             return 0;
     }
 }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 
 static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 755b837bca..1f498e0109 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2902,14 +2902,14 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t signature_len = 0;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
         ssl->handshake->ciphersuite_info;
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange"));
 
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
     /* Extract static ECDH parameters and abort if ServerKeyExchange
      * is not needed. */
     if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
@@ -2919,7 +2919,7 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
         mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE_PSK_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) && \
     defined(MBEDTLS_SSL_ASYNC_PRIVATE)

From df3e595536080189989bad945cf3787cdc57a63c Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 10 Sep 2025 08:30:12 +0100
Subject: [PATCH 205/216] Re-instate test for correctness of sent single
 supported algorithm

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 1a30d0e2af..22377b8d04 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2565,6 +2565,30 @@ run_test    "Unique IV in GCM" \
             -u "IV used" \
             -U "IV used"
 
+# Test for correctness of sent single supported algorithm
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
+requires_pk_alg "ECDSA"
+requires_hash_alg SHA_256
+run_test    "Single supported algorithm sending: mbedtls client" \
+            "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
+            "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \
+            0 \
+            -c "Supported Signature Algorithm found: 04 03"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled PSA_WANT_ECC_SECP_R1_256
+requires_hash_alg SHA_256
+run_test    "Single supported algorithm sending: openssl client" \
+            "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
+            "$O_CLI -cert $DATA_FILES_PATH/server6.crt \
+                    -key $DATA_FILES_PATH/server6.key" \
+            0
+
 # Tests for certificate verification callback
 run_test    "Configuration-specific CRT verification callback" \
             "$P_SRV debug_level=3" \

From 337161eb41f9b4829450921f3db559cd378c16f9 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 10 Sep 2025 08:39:41 +0100
Subject: [PATCH 206/216] Remove comment referencing ECDH

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 library/ssl_tls12_server.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 1f498e0109..256f1b1583 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2910,8 +2910,6 @@ static int ssl_write_server_key_exchange(mbedtls_ssl_context *ssl)
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write server key exchange"));
 
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    /* Extract static ECDH parameters and abort if ServerKeyExchange
-     * is not needed. */
     if (mbedtls_ssl_ciphersuite_no_pfs(ciphersuite_info)) {
         /* Key exchanges not involving ephemeral keys don't use
          * ServerKeyExchange, so end here. */

From 59474406a6c5bc53293dc8a727ef68e3b40fa0bf Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 10 Sep 2025 08:47:12 +0100
Subject: [PATCH 207/216] Re-instate MBEDTLS_PKCS1_V15 unset

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-configuration-crypto.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 05c480675c..f0c217ba4f 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -1492,6 +1492,7 @@ component_test_new_psa_want_key_pair_symbol () {
     scripts/config.py crypto
 
     # Remove RSA support and its dependencies
+    scripts/config.py unset MBEDTLS_PKCS1_V15
     scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
     scripts/config.py unset MBEDTLS_X509_RSASSA_PSS_SUPPORT
 

From 2f3523313bdcb5f4ff9202e5115de277546fd4b9 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Wed, 10 Sep 2025 09:08:50 +0100
Subject: [PATCH 208/216] Add ChangeLog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/static-ecdh-removal.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 ChangeLog.d/static-ecdh-removal.txt

diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt
new file mode 100644
index 0000000000..d73add317f
--- /dev/null
+++ b/ChangeLog.d/static-ecdh-removal.txt
@@ -0,0 +1,2 @@
+Removals
+   * Remove support for static ECDH suites.

From 26cdf6ee2b0ac1595034ae510bfd290564302c0e Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 11 Sep 2025 07:52:53 +0100
Subject: [PATCH 209/216] Re-adding tests for ECDH

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 22377b8d04..2b10cde5a1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2357,6 +2357,52 @@ run_test    "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
             -S "error" \
             -C "error"
 
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_hash_alg SHA_256
+run_test    "Opaque key for server authentication: ECDH-" \
+            "$P_SRV auth_mode=required key_opaque=1\
+             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\
+             key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \
+            "$P_CLI force_version=tls12" \
+            0 \
+            -c "Verifying peer X.509 certificate... ok" \
+            -c "Ciphersuite is TLS-ECDH-" \
+            -s "key types: Opaque, none" \
+            -s "Ciphersuite is TLS-ECDH-" \
+            -S "error" \
+            -C "error"
+
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled PSA_WANT_ALG_ECDSA
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
+requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test    "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
+            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
+             debug_level=1" \
+            "$P_CLI force_version=tls12" \
+            1 \
+            -s "key types: Opaque, none" \
+            -s "error" \
+            -c "error" \
+            -c "Public key type mismatch"
+
+requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
+requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
+requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
+requires_hash_alg SHA_256
+run_test    "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
+            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
+             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
+             debug_level=1" \
+            "$P_CLI force_version=tls12" \
+            1 \
+            -s "key types: Opaque, none" \
+            -s "got ciphersuites in common, but none of them usable" \
+            -s "error" \
+            -c "error"
+
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 requires_config_enabled MBEDTLS_SSL_SRV_C

From 485d4c1343bae888e39dde8068be2d0ba593262d Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 11 Sep 2025 13:14:10 +0100
Subject: [PATCH 210/216] reverting last commit as the tests cause failures

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/ssl-opt.sh | 46 ----------------------------------------------
 1 file changed, 46 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2b10cde5a1..22377b8d04 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -2357,52 +2357,6 @@ run_test    "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA"
             -S "error" \
             -C "error"
 
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: ECDH-" \
-            "$P_SRV auth_mode=required key_opaque=1\
-             crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\
-             key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \
-            "$P_CLI force_version=tls12" \
-            0 \
-            -c "Verifying peer X.509 certificate... ok" \
-            -c "Ciphersuite is TLS-ECDH-" \
-            -s "key types: Opaque, none" \
-            -s "Ciphersuite is TLS-ECDH-" \
-            -S "error" \
-            -C "error"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled PSA_WANT_ALG_ECDSA
-requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
-requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
-            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
-             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
-             debug_level=1" \
-            "$P_CLI force_version=tls12" \
-            1 \
-            -s "key types: Opaque, none" \
-            -s "error" \
-            -c "error" \
-            -c "Public key type mismatch"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-requires_hash_alg SHA_256
-run_test    "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
-            "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
-             key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
-             debug_level=1" \
-            "$P_CLI force_version=tls12" \
-            1 \
-            -s "key types: Opaque, none" \
-            -s "got ciphersuites in common, but none of them usable" \
-            -s "error" \
-            -c "error"
-
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
 requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
 requires_config_enabled MBEDTLS_SSL_SRV_C

From 486ec6e9b62a39dec39ccc2ab643e5df5a523fab Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 11 Sep 2025 13:21:52 +0100
Subject: [PATCH 211/216] Improved the text in the Changelog

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/static-ecdh-removal.txt | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt
index d73add317f..b67ee288d7 100644
--- a/ChangeLog.d/static-ecdh-removal.txt
+++ b/ChangeLog.d/static-ecdh-removal.txt
@@ -1,2 +1,3 @@
 Removals
-   * Remove support for static ECDH suites.
+   * Removed support for TLS 1.2 static ECDH key 
+     exchanges (ECDH-ECDSA and ECDH-RSA).

From c1e76e04fed2ff722ae162228ba0537a0aa16498 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 12 Sep 2025 08:33:38 +0100
Subject: [PATCH 212/216] correct whitespace style issue

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 ChangeLog.d/static-ecdh-removal.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ChangeLog.d/static-ecdh-removal.txt b/ChangeLog.d/static-ecdh-removal.txt
index b67ee288d7..94512a21f9 100644
--- a/ChangeLog.d/static-ecdh-removal.txt
+++ b/ChangeLog.d/static-ecdh-removal.txt
@@ -1,3 +1,3 @@
 Removals
-   * Removed support for TLS 1.2 static ECDH key 
+   * Removed support for TLS 1.2 static ECDH key
      exchanges (ECDH-ECDSA and ECDH-RSA).

From bb877a8cbff16ccee27b34f9765488724a6676ea Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Thu, 21 Aug 2025 14:27:49 +0100
Subject: [PATCH 213/216] remove further references to
 MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT and
 MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 scripts/config.py                    |  3 ---
 tests/scripts/analyze_outcomes.py    |  2 --
 tests/scripts/components-platform.sh | 18 ------------------
 3 files changed, 23 deletions(-)

diff --git a/scripts/config.py b/scripts/config.py
index e60d1606f1..1f4d73b57f 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -94,10 +94,8 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
     'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
-    'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
-    'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient
     'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
     'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
     'MBEDTLS_X509_REMOVE_INFO', # removes a feature
@@ -164,7 +162,6 @@ EXCLUDE_FROM_BAREMETAL = frozenset([
     'MBEDTLS_THREADING_C', # requires a threading interface
     'MBEDTLS_THREADING_PTHREAD', # requires pthread
     'MBEDTLS_TIMING_C', # requires a clock
-    'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
     'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
     'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
 ])
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 8660e68942..4d51c4e4a5 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -134,8 +134,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok.
             'Config: MBEDTLS_PSA_CRYPTO_SPM',
             # We don't test on armv8 yet.
-            'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
-            'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
             'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
             'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
             # We don't run test_suite_config when we test this.
diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index 25cfd4163d..2b6eec5853 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -299,12 +299,6 @@ component_build_sha_armce () {
 
 
     # test the deprecated form of the config option
-    scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
-        msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
-        make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
-        msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, test T32 crypto instructions built"
-        grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s
-    scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
 
     scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
         msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
@@ -313,18 +307,6 @@ component_build_sha_armce () {
         grep -E 'sha256[a-z0-9]+\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s
     scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
 
-
-    # test the deprecated form of the config option
-    scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-        msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
-        make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
-
-        msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
-        make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
-        msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, test T32 crypto instructions built"
-        grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s
-    scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-
     # examine the disassembly for absence of SHA instructions
     msg "clang, test A32 crypto instructions not built"
     make -B library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm"

From 5496f9025cecb945f1ae8280086cc25869db6abb Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Mon, 8 Sep 2025 08:25:35 +0100
Subject: [PATCH 214/216] Temporarily revert changes to config.py

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 scripts/config.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/scripts/config.py b/scripts/config.py
index 1f4d73b57f..e60d1606f1 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -94,8 +94,10 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
     'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
+    'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
+    'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # setting *_USE_ARMV8_A_CRYPTO is sufficient
     'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
     'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
     'MBEDTLS_X509_REMOVE_INFO', # removes a feature
@@ -162,6 +164,7 @@ EXCLUDE_FROM_BAREMETAL = frozenset([
     'MBEDTLS_THREADING_C', # requires a threading interface
     'MBEDTLS_THREADING_PTHREAD', # requires pthread
     'MBEDTLS_TIMING_C', # requires a clock
+    'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
     'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
     'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT', # requires an OS for runtime-detection
 ])

From 5a7a72ee411275ed13e4ecffa8575988089eb01e Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Tue, 9 Sep 2025 07:54:47 +0100
Subject: [PATCH 215/216] testing with analyze_outcomes changes reverted for
 merge

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/analyze_outcomes.py | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 4d51c4e4a5..8660e68942 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -134,6 +134,8 @@ class CoverageTask(outcome_analysis.CoverageTask):
             # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok.
             'Config: MBEDTLS_PSA_CRYPTO_SPM',
             # We don't test on armv8 yet.
+            'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+            'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
             'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
             'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
             # We don't run test_suite_config when we test this.

From 14e1932935e35af6ab112233376e48072e1d9c52 Mon Sep 17 00:00:00 2001
From: Ben Taylor <ben.taylor@linaro.org>
Date: Fri, 12 Sep 2025 10:52:10 +0100
Subject: [PATCH 216/216] Remove stray comment int components-platform.sh

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
---
 tests/scripts/components-platform.sh | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index 2b6eec5853..4c297483f6 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -297,9 +297,6 @@ component_build_sha_armce () {
         grep -E 'sha256[a-z0-9]+.32\s+[qv]' ${BUILTIN_SRC_PATH}/sha256.s
     scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 
-
-    # test the deprecated form of the config option
-
     scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
         msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
         make -B library/../${BUILTIN_SRC_PATH}/sha256.o library/../${BUILTIN_SRC_PATH}/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"