diff --git a/include/psa/crypto.h b/include/psa/crypto.h
index 07ee00061..1ee403cf7 100644
--- a/include/psa/crypto.h
+++ b/include/psa/crypto.h
@@ -1165,7 +1165,7 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
  * is as follows:
  * -# Allocate an operation object which will be passed to all the functions
  *    listed here.
- * -# Call psa_hash_start() to specify the algorithm.
+ * -# Call psa_hash_setup() to specify the algorithm.
  * -# Call psa_hash_update() zero, one or more times, passing a fragment
  *    of the message each time. The hash that is calculated is the hash
  *    of the concatenation of these messages in order.
@@ -1173,9 +1173,9 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
  *    To compare the hash with an expected value, call psa_hash_verify().
  *
  * The application may call psa_hash_abort() at any time after the operation
- * has been initialized with psa_hash_start().
+ * has been initialized with psa_hash_setup().
  *
- * After a successful call to psa_hash_start(), the application must
+ * After a successful call to psa_hash_setup(), the application must
  * eventually terminate the operation. The following events terminate an
  * operation:
  * - A failed call to psa_hash_update().
@@ -1194,12 +1194,12 @@ typedef struct psa_hash_operation_s psa_hash_operation_t;
  * \retval PSA_ERROR_HARDWARE_FAILURE
  * \retval PSA_ERROR_TAMPERING_DETECTED
  */
-psa_status_t psa_hash_start(psa_hash_operation_t *operation,
+psa_status_t psa_hash_setup(psa_hash_operation_t *operation,
                             psa_algorithm_t alg);
 
 /** Add a message fragment to a multipart hash operation.
  *
- * The application must call psa_hash_start() before calling this function.
+ * The application must call psa_hash_setup() before calling this function.
  *
  * If this function returns an error status, the operation becomes inactive.
  *
@@ -1222,7 +1222,7 @@ psa_status_t psa_hash_update(psa_hash_operation_t *operation,
 
 /** Finish the calculation of the hash of a message.
  *
- * The application must call psa_hash_start() before calling this function.
+ * The application must call psa_hash_setup() before calling this function.
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update().
  *
@@ -1265,7 +1265,7 @@ psa_status_t psa_hash_finish(psa_hash_operation_t *operation,
 /** Finish the calculation of the hash of a message and compare it with
  * an expected value.
  *
- * The application must call psa_hash_start() before calling this function.
+ * The application must call psa_hash_setup() before calling this function.
  * This function calculates the hash of the message formed by concatenating
  * the inputs passed to preceding calls to psa_hash_update(). It then
  * compares the calculated hash with the expected hash passed as a
@@ -1299,7 +1299,7 @@ psa_status_t psa_hash_verify(psa_hash_operation_t *operation,
 
 /** Abort a hash operation.
  *
- * This function may be called at any time after psa_hash_start().
+ * This function may be called at any time after psa_hash_setup().
  * Aborting an operation frees all associated resources except for the
  * \c operation structure itself.
  *
@@ -1680,7 +1680,7 @@ psa_status_t psa_aead_decrypt( psa_key_slot_t key,
  * \brief Sign a hash or short message with a private key.
  *
  * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_start(), psa_hash_update()
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
  * and psa_hash_finish(). Then pass the resulting hash as the \p hash
  * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
  * to determine the hash algorithm to use.
@@ -1733,7 +1733,7 @@ psa_status_t psa_asymmetric_sign(psa_key_slot_t key,
  * \brief Verify the signature a hash or short message using a public key.
  *
  * Note that to perform a hash-and-sign signature algorithm, you must
- * first calculate the hash by calling psa_hash_start(), psa_hash_update()
+ * first calculate the hash by calling psa_hash_setup(), psa_hash_update()
  * and psa_hash_finish(). Then pass the resulting hash as the \p hash
  * parameter to this function. You can use #PSA_ALG_SIGN_GET_HASH(\p alg)
  * to determine the hash algorithm to use.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index cc996a01c..76e1a68e5 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -944,7 +944,7 @@ psa_status_t psa_hash_abort( psa_hash_operation_t *operation )
     return( PSA_SUCCESS );
 }
 
-psa_status_t psa_hash_start( psa_hash_operation_t *operation,
+psa_status_t psa_hash_setup( psa_hash_operation_t *operation,
                              psa_algorithm_t alg )
 {
     int ret;
@@ -1311,7 +1311,7 @@ static psa_status_t psa_mac_init( psa_mac_operation_t *operation,
 #if defined(MBEDTLS_MD_C)
     if( PSA_ALG_IS_HMAC( operation->alg ) )
     {
-        status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
+        status = psa_hash_setup( &operation->ctx.hmac.hash_ctx,
                                  PSA_ALG_HMAC_HASH( alg ) );
     }
     else
@@ -1445,7 +1445,7 @@ static int psa_hmac_start( psa_mac_operation_t *operation,
         opad[i] = ipad[i] ^ 0x36 ^ 0x5C;
     memset( opad + key_length, 0x5C, block_size - key_length );
 
-    status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
+    status = psa_hash_setup( &operation->ctx.hmac.hash_ctx,
                              PSA_ALG_HMAC_HASH( alg ) );
     if( status != PSA_SUCCESS )
         goto cleanup;
@@ -1627,7 +1627,7 @@ static psa_status_t psa_mac_finish_internal( psa_mac_operation_t *operation,
                     goto cleanup;
                 /* From here on, tmp needs to be wiped. */
 
-                status = psa_hash_start( &operation->ctx.hmac.hash_ctx,
+                status = psa_hash_setup( &operation->ctx.hmac.hash_ctx,
                                          PSA_ALG_HMAC_HASH( operation->alg ) );
                 if( status != PSA_SUCCESS )
                     goto hmac_cleanup;
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 3681a2ee1..438b7219f 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1057,7 +1057,7 @@ void hash_setup( int alg_arg,
 
     TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
 
-    status = psa_hash_start( &operation, alg );
+    status = psa_hash_setup( &operation, alg );
     psa_hash_abort( &operation );
     TEST_ASSERT( status == expected_status );
 
@@ -1084,7 +1084,7 @@ void hash_finish( int alg_arg, data_t *input, data_t *expected_hash )
 
     TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
 
-    TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
+    TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
     TEST_ASSERT( psa_hash_update( &operation,
                                   input->x, input->len ) == PSA_SUCCESS );
     TEST_ASSERT( psa_hash_finish( &operation,
@@ -1115,7 +1115,7 @@ void hash_verify( int alg_arg, data_t *input, data_t *expected_hash )
 
     TEST_ASSERT( psa_crypto_init( ) == PSA_SUCCESS );
 
-    TEST_ASSERT( psa_hash_start( &operation, alg ) == PSA_SUCCESS );
+    TEST_ASSERT( psa_hash_setup( &operation, alg ) == PSA_SUCCESS );
     TEST_ASSERT( psa_hash_update( &operation,
                                   input->x,
                                   input->len ) == PSA_SUCCESS );