Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr

programs/ssl/ssl_test_common_source.c

@@ -101,6 +101,10 @@ void nss_keylog_export( void *p_expkey,
             goto exit;
         }
 
+        /* Ensure no stdio buffering of secrets, as such buffers cannot be
+         * wiped. */
+        mbedtls_setbuf( f, NULL );
+
         if( fwrite( nss_keylog_line, 1, len, f ) != len )
         {
             fclose( f );
@@ -305,6 +309,9 @@ uint16_t ssl_sig_algs_for_test[] = {
 #if defined(MBEDTLS_SHA224_C)
     MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
 #endif
+#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
+    MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
+#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
 #if defined(MBEDTLS_SHA1_C)
     /* Allow SHA-1 as we use it extensively in tests. */
     MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )