diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index a07e8abd1..9d30412fd 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -18,3 +18,10 @@ Please tick as appropriate and edit the reasons (e.g.: "backport: not needed bec
 
 Please refer to the [contributing guidelines](https://github.com/Mbed-TLS/mbedtls/blob/development/CONTRIBUTING.md), especially the
 checklist for PR contributors.
+
+Help make review efficient:
+* Multiple simple commits
+  - please structure your PR into a series of small commits, each of which does one thing
+* Avoid force-push
+  - please do not force-push to update your PR - just add new commit(s)
+* See our [Guidelines for Contributors](https://mbed-tls.readthedocs.io/en/latest/reviews/review-for-contributors/) for more details about the review process.
diff --git a/3rdparty/everest/Makefile.inc b/3rdparty/everest/Makefile.inc
index 77a6b4965..8055ce950 100644
--- a/3rdparty/everest/Makefile.inc
+++ b/3rdparty/everest/Makefile.inc
@@ -1,6 +1,6 @@
-THIRDPARTY_INCLUDES+=-I../3rdparty/everest/include -I../3rdparty/everest/include/everest -I../3rdparty/everest/include/everest/kremlib
+THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/everest/include -I$(THIRDPARTY_DIR)/everest/include/everest -I$(THIRDPARTY_DIR)/everest/include/everest/kremlib
 
 THIRDPARTY_CRYPTO_OBJECTS+= \
-	../3rdparty/everest/library/everest.o \
-	../3rdparty/everest/library/x25519.o \
-	../3rdparty/everest/library/Hacl_Curve25519_joined.o
+	$(THIRDPARTY_DIR)/everest/library/everest.o \
+	$(THIRDPARTY_DIR)/everest/library/x25519.o \
+	$(THIRDPARTY_DIR)/everest/library/Hacl_Curve25519_joined.o
diff --git a/3rdparty/p256-m/Makefile.inc b/3rdparty/p256-m/Makefile.inc
index fc8f73bf8..53bb55b54 100644
--- a/3rdparty/p256-m/Makefile.inc
+++ b/3rdparty/p256-m/Makefile.inc
@@ -1,5 +1,5 @@
-THIRDPARTY_INCLUDES+=-I../3rdparty/p256-m/p256-m/include -I../3rdparty/p256-m/p256-m/include/p256-m -I../3rdparty/p256-m/p256-m_driver_interface
+THIRDPARTY_INCLUDES+=-I$(THIRDPARTY_DIR)/p256-m/p256-m/include -I$(THIRDPARTY_DIR)/p256-m/p256-m/include/p256-m -I$(THIRDPARTY_DIR)/p256-m/p256-m_driver_interface
 
 THIRDPARTY_CRYPTO_OBJECTS+= \
-	../3rdparty/p256-m//p256-m_driver_entrypoints.o \
-	../3rdparty/p256-m//p256-m/p256-m.o
+	$(THIRDPARTY_DIR)/p256-m//p256-m_driver_entrypoints.o \
+	$(THIRDPARTY_DIR)/p256-m//p256-m/p256-m.o
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 78599d9f4..38806d90d 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -114,6 +114,11 @@ if(MBEDTLS_PYTHON_EXECUTABLE)
 
 endif()
 
+# We now potentially need to link all executables against PThreads, if available
+set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
+set(THREADS_PREFER_PTHREAD_FLAG TRUE)
+find_package(Threads)
+
 # If this is the root project add longer list of available CMAKE_BUILD_TYPE values
 if(CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR)
     set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
diff --git a/ChangeLog.d/7765.txt b/ChangeLog.d/7765.txt
new file mode 100644
index 000000000..3dd6b5d30
--- /dev/null
+++ b/ChangeLog.d/7765.txt
@@ -0,0 +1,3 @@
+Features
+   * Add functions mbedtls_ecdsa_raw_to_der() and mbedtls_ecdsa_der_to_raw() to
+     convert ECDSA signatures between raw and DER (ASN.1) formats.
diff --git a/ChangeLog.d/8030.txt b/ChangeLog.d/8030.txt
new file mode 100644
index 000000000..d99c9e7e4
--- /dev/null
+++ b/ChangeLog.d/8030.txt
@@ -0,0 +1,7 @@
+Changes
+   * Extended PSA Crypto configurations options for FFDH by making it possible
+     to select only some of the parameters / groups, with the macros
+     PSA_WANT_DH_RFC7919_XXXX. You now need to defined the corresponding macro
+     for each size you want to support. Also, if you have an FFDH accelerator,
+     you'll need to define the appropriate MBEDTLS_PSA_ACCEL macros to signal
+     support for these domain parameters.
diff --git a/ChangeLog.d/8647.txt b/ChangeLog.d/8647.txt
new file mode 100644
index 000000000..98326dc01
--- /dev/null
+++ b/ChangeLog.d/8647.txt
@@ -0,0 +1,10 @@
+Default behavior changes
+   * psa_import_key() now only accepts RSA keys in the PSA standard formats.
+     The undocumented ability to import other formats (PKCS#8, SubjectPublicKey,
+     PEM) accepted by the pkparse module has been removed. Applications that
+     need these formats can call mbedtls_pk_parse_{public,}key() followed by
+     mbedtls_pk_import_into_psa().
+
+Changes
+   * RSA support in PSA no longer auto-enables the pkparse and pkwrite modules,
+     saving code size when those are not otherwise enabled.
diff --git a/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
new file mode 100644
index 000000000..7f0fbc7e9
--- /dev/null
+++ b/ChangeLog.d/add-aes-cbc-to-pkcs5-pbes2.txt
@@ -0,0 +1,3 @@
+Features
+   * Add support for using AES-CBC 128, 192, and 256 bit schemes
+     with PKCS#5 PBES2. Keys encrypted this way can now be parsed by PK parse.
diff --git a/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
new file mode 100644
index 000000000..10e2795bb
--- /dev/null
+++ b/ChangeLog.d/fix_kdf_incorrect_initial_capacity.txt
@@ -0,0 +1,3 @@
+Bugfix
+   * Correct initial capacities for key derivation algorithms:TLS12_PRF,
+     TLS12_PSK_TO_MS, PBKDF2-HMAC, PBKDF2-CMAC
diff --git a/ChangeLog.d/linux-aarch64-hwcap.txt b/ChangeLog.d/linux-aarch64-hwcap.txt
new file mode 100644
index 000000000..23af87824
--- /dev/null
+++ b/ChangeLog.d/linux-aarch64-hwcap.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * On Linux on ARMv8, fix a build error with SHA-256 and SHA-512
+     acceleration detection when the libc headers do not define the
+     corresponding constant. Reported by valord577.
diff --git a/docs/architecture/psa-migration/psa-legacy-bridges.md b/docs/architecture/psa-migration/psa-legacy-bridges.md
new file mode 100644
index 000000000..912344e31
--- /dev/null
+++ b/docs/architecture/psa-migration/psa-legacy-bridges.md
@@ -0,0 +1,344 @@
+Bridges between legacy and PSA crypto APIs
+==========================================
+
+## Introduction
+
+### Goal of this document
+
+This document explores the needs of applications that use both Mbed TLS legacy crypto interfaces and PSA crypto interfaces. Based on [requirements](#requirements), we [analyze gaps](#gap-analysis) and [API design](#api-design).
+
+This is a design document. The target audience is library maintainers. See the companion document [“Transitioning to the PSA API”](../../psa-transition.md) for a user focus on the same topic.
+
+### Keywords
+
+* [TODO] A part of the analysis that isn't finished.
+* [OPEN] Open question: a specific aspect of the design where there are several plausible decisions.
+* [ACTION] A finalized part of the design that will need to be carried out.
+
+### Context
+
+Mbed TLS 3.x supports two cryptographic APIs:
+
+* The legacy API `mbedtls_xxx` is inherited from PolarSSL.
+* The PSA API `psa_xxx` was introduced in Mbed TLS 2.17.
+
+Mbed TLS is gradually shifting from the legacy API to the PSA API. Mbed TLS 4.0 will be the first version where the PSA API is considered the main API, and large parts of the legacy API will be removed.
+
+In Mbed TLS 4.0, the cryptography will be provided by a separate project [TF-PSA-Crypto](https://github.com/Mbed-TLS/TF-PSA-Crypto). For simplicity, in this document, we just refer to the whole as “Mbed TLS”.
+
+### Document history
+
+This document was originally written when preparing Mbed TLS 3.6. Mbed TLS 3.6 includes both PSA and legacy APIs covering largely overlapping ground. Many legacy APIs will be removed in Mbed TLS 4.0.
+
+## Requirements
+
+### Why mix APIs?
+
+There is functionality that is tied to one API and is not directly available in the other API:
+
+* Only PSA fully supports PSA accelerators and secure element integration.
+* Only PSA supports isolating cryptographic material in a secure service.
+* The legacy API has features that are not present (yet) in PSA, notably parsing and formatting asymmetric keys.
+
+The legacy API can partially leverage PSA features via `MBEDTLS_USE_PSA_CRYPTO`, but this has limited scope.
+
+In addition, many applications cannot be migrated in a single go. For large projects, it is impractical to rewrite a significant part of the code all at once. (For example, Mbed TLS itself will have taken more than 6 years to transition.) Projects that use one or more library in addition to Mbed TLS must follow the evolution of these libraries, each of which might have its own pace.
+
+### Where mixing happens
+
+Mbed TLS can be, and normally is, built with support for both APIs. Therefore no special effort is necessary to allow an application to use both APIs.
+
+Special effort is necessary to use both APIs as part of the implementation of the same feature. From an informal analysis of typical application requirements, we identify four parts of the use of cryptography which can be provided by different APIs:
+
+* Metadata manipulation: parsing and producing encrypted or signed files, finding mutually supported algorithms in a network protocol negotiation, etc.
+* Key management: parsing, generating, deriving and formatting cryptographic keys.
+* Data manipulation other than keys. In practice, most data formats within the scope of the legacy crypto APIs are trivial (ciphertexts, hashes, MACs, shared secrets). The one exception is ECDSA signatures.
+* Cryptographic operations: hash, sign, encrypt, etc.
+
+From this, we deduce the following requirements:
+
+* Convert between PSA and legacy metadata.
+* Creating a key with the legacy API and consuming it in the PSA API.
+* Creating a key with the PSA API and consuming it in the legacy API.
+* Manipulating data formats, other than keys, where the PSA API is lacking.
+
+### Scope limitations
+
+The goal of this document is to bridge the legacy API and the PSA API. The goal is not to provide a PSA way to do everything that is currently possible with the legacy API. The PSA API is less flexible in some regards, and extending it is out of scope in the present study.
+
+With respect to the legacy API, we do not consider functionality of low-level modules for individual algorithms. Our focus is on applications that use high-level legacy crypto modules (md, cipher, pk) and need to combine that with uses of the PSA APIs.
+
+## Gap analysis
+
+The document [“Transitioning to the PSA API”](../../psa-transition.md) enumerates the public header files in Mbed TLS 3.4 and the API elements (especially enums and functions) that they provide, listing PSA equivalents where they exist. There are gaps in two cases:
+
+* Where the PSA equivalents do not provide the same functionality. A typical example is parsing and formatting asymmetric keys.
+* To convert between data representations used by legacy APIs and data representations used by PSA APIs.
+
+Based on “[Where mixing happens](#where-mixing-happens)”, we focus the gap analysis on two topics: metadata and keys. This chapter explores the gaps in each family of cryptographic mechanisms.
+
+### Generic metadata gaps
+
+#### Need for error code conversion
+
+Do we need public functions to convert between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` error codes? We have such functions for internal use.
+
+Mbed TLS needs these conversions because it has many functions that expose one API (legacy/API) but are implemented on top of the other API. Most applications would convert legacy and PSA error code to their own error codes, and converting between `MBEDTLS_ERR_xxx` error codes and `PSA_ERROR_xxx` is not particularly helpful for that. Application code might need such conversion functions when implementing an X.509 or TLS callback (returning `MBEDTLS_ERR_xxx`) on top of PSA functions, but this is a very limited use case.
+
+Conclusion: no need for public error code conversion functions.
+
+### Hash gap analysis
+
+Hashes do not involve keys, and involves no nontrivial data format. Therefore the only gap is with metadata, namely specifying a hash algorithm.
+
+Hashes are often used as building blocks for other mechanisms (HMAC, signatures, key derivation, etc.). Therefore metadata about hashes is relevant not only when calculating hashes, but also when performing many other cryptographic operations.
+
+Gap: functions to convert between `psa_algorithm_t` hash algorithms and `mbedtls_md_type_t`. Such functions exist in Mbed TLS 3.5 (`mbedtls_md_psa_alg_from_type`, `mbedtls_md_type_from_psa_alg`) but they are declared only in private headers.
+
+### MAC gap analysis
+
+[TODO]
+
+### Cipher and AEAD gap analysis
+
+[TODO]
+
+### Key derivation gap analysis
+
+[TODO]
+
+### Random generation gap analysis
+
+[TODO]
+
+### Asymmetric cryptography gap analysis
+
+#### Asymmetric cryptography metadata
+
+The legacy API only has generic support for two key types: RSA and ECC, via the pk module. ECC keys can also be further classified according to their curve. The legacy API also supports DHM (Diffie-Hellman-Merkle = FFDH: finite-field Diffie-Hellman) keys, but those are not integrated in the pk module.
+
+An RSA or ECC key can potentially be used for different algorithms in the scope of the pk module:
+
+* RSA: PKCS#1v1.5 signature, PSS signature, PKCS#1v1.5 encryption, OAEP encryption.
+* ECC: ECDSA signature (randomized or deterministic), ECDH key agreement (via `mbedtls_pk_ec`).
+
+ECC keys are also involved in EC-JPAKE, but this happens internally: the EC-JPAKE interface only needs one piece of metadata, namely, to identify a curve.
+
+Since there is no algorithm that can be used with multiple types, and PSA keys have a policy that (for the most part) limits them to one algorithm, there does not seem to be a need to convert between legacy and PSA asymmetric key types on their own. The useful metadata conversions are:
+
+* Selecting an **elliptic curve**.
+
+  This means converting between an `mbedtls_ecp_group_id` and a pair of `{psa_ecc_family_t; size_t}`.
+
+  This is fulfilled by `mbedtls_ecc_group_to_psa` and `mbedtls_ecc_group_from_psa`, which were introduced into the public API between Mbed TLS 3.5 and 3.6 ([#8664](https://github.com/Mbed-TLS/mbedtls/pull/8664)).
+
+* Selecting A **DHM group**.
+
+  PSA only supports predefined groups, whereas legacy only supports ad hoc groups. An existing application referring to `MBEDTLS_DHM_RFC7919_FFDHExxx` values would need to refer to `PSA_DH_FAMILY_RFC7919`; an existing application using arbitrary groups cannot migrate to PSA.
+
+* Simultaneously supporting **a key type and an algorithm**.
+
+  On the legacy side, this is an `mbedtls_pk_type_t` value and more. For ECDSA, the choice between randomized and deterministic is made at compile time. For RSA, the choice of encryption or signature algorithm is made either by configuring the underlying `mbedtls_rsa_context` or when calling the operation function.
+
+  On the PSA side, this is a `psa_key_type_t` value and an algorithm which is normally encoded as policy information in a `psa_key_attributes_t`. The algorithm is also needed in its own right when calling operation functions.
+
+#### Using a legacy key pair or public key with PSA
+
+There are several scenarios where an application has a legacy key pair or public key (`mbedtls_pk_context`) and needs to create a PSA key object (`psa_key_id_t`).
+
+Reasons for first creating a legacy key object, where it's impossible or impractical to directly create a PSA key:
+
+* A very common case where the input is a legacy key object is parsing. PSA does not (yet) have an equivalent of the `mbedtls_pk_parse_xxx` functions.
+* The PSA key creation interface is less flexible in some cases. In particular, PSA RSA key generation does not (yet) allow choosing the public exponent.
+* The pk object may be created by a part of the application (or a third-party library) that hasn't been migrated to the PSA API yet.
+
+Reasons for needing a PSA key object:
+
+* Using the key with third-party interface that takes a PSA key identifier as input. (Mbed TLS itself has a few TLS functions that take PSA key identifiers, but as of Mbed TLS 3.5, it is always possible to use a legacy key instead.)
+* Benefiting from a PSA accelerator, or from PSA's world separation, even without `MBEDTLS_USE_PSA_CRYPTO`. (Not a priority scenario: we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA.)
+
+Gap: a way to create a PSA key object from an `mbedtls_pk_context`. This partially exists in the form of `mbedtls_pk_wrap_as_opaque`, but it is not fully satisfactory, for reasons that are detailed in “[API to create a PSA key from a PK context](#api-to-create-a-psa-key-from-a-pk-context)” below.
+
+#### Using a PSA key as a PK context
+
+There are several scenarios where an application has a PSA key and needs to use it through an interface that wants an `mbedtls_pk_context` object. Typically, there is an existing key in the PSA key store (possibly in a secure element and non-exportable), and the key needs to be used in an interface that requires a `mbedtls_pk_context *` input, such as Mbed TLS's X.509 and TLS APIs or a similar third-party interface, or the `mbedtls_pk_write_xxx` interfaces which do not (yet) have PSA equivalents.
+
+There is a function `mbedtls_pk_setup_opaque` that mostly does this. However, it has several limitations:
+
+* It creates a PK key of type `MBEDTLS_PK_OPAQUE` that wraps the PSA key. This is good enough in some scenarios, but not others. For example, it's ok for pkwrite, because we've upgraded the pkwrite code to handle `MBEDTLS_PK_OPAQUE`. That doesn't help users of third-party libraries that haven't yet been upgraded.
+* It ties the lifetime of the PK object to the PSA key, which is error-prone: if the PSA key is destroyed but the PK object isn't, there is no way to reliably detect any subsequent misuse of the PK object.
+* It is only available under `MBEDTLS_USE_PSA_CRYPTO`. This is not a priority concern, since we generally expect people to activate `MBEDTLS_USE_PSA_CRYPTO` at an early stage of their migration to PSA. However, this function is useful to use specific PSA keys in X.509/TLS regardless of whether X.509/TLS use the PSA API for all cryptographic operations, so this is a wart in the current API.
+
+It therefore appears that we need two ways to “convert” a PSA key to PK:
+
+* Wrapping, which is what `mbedtls_pk_setup_opaque` does. This works for any PSA key but is limited by the key's lifetime and creates a PK object with limited functionality.
+* Copying, which requires a new function. This requires an exportable key but creates a fully independent, fully functional PK object.
+
+Gap: a way to copy a PSA key into a PK context. This can only be expected to work if the PSA key is exportable.
+
+After some discussion, have not identified anything we want to change in the behavior of `mbedtls_pk_setup_opaque`. We only want to generalize it to non-`MBEDTLS_USE_PSA_CRYPTO` and to document it better.
+
+#### Signature formats
+
+The pk module uses signature formats intended for X.509. The PSA module uses the simplest sensible signature format.
+
+* For RSA, the formats are the same.
+* For ECDSA, PSA uses a fixed-size concatenation of (r,s), whereas X.509 and pk use an ASN.1 DER encoding of the sequence (r,s).
+
+Gap: We need APIs to convert between these two formats. The conversion code already exists under the hood, but it's in pieces that can't be called directly.
+
+There is a design choice here: do we provide conversions functions for ECDSA specifically, or do we provide conversion functions that take an algorithm as argument and just happen to be a no-op with RSA? One factor is plausible extensions. These conversions functions will remain useful in Mbed TLS 4.x and perhaps beyond. We will at least add EdDSA support, and its signature encoding is the fixed-size concatenation (r,s) even in X.509. We may well also add support for some post-quantum signatures, and their concrete format is still uncertain.
+
+Given the uncertainty, it would be nice to provide a sufficiently generic interface to convert between the PSA and the pk signature format, parametrized by the algorithm. However, it is difficult to predict exactly what parameters are needed. For example, converting from an ASN.1 ECDSA signature to (r,s) requires the knowledge of the curve, or at least the curve's size. Therefore we are not going to add a generic function at this stage.
+
+For ECDSA, there are two plausible APIs: follow the ASN.1/X.509 write/parse APIs, or present an ordinary input/output API. The ASN.1 APIs are the way they are to accommodate nested TLV structures. But ECDSA signatures do not appear nested in TLV structures in either TLS (there's just a signature field) or X.509 (the signature is inside a BITSTRING, not directly in a SEQUENCE). So there does not seem to be a need for an ASN.1-like API for the ASN.1 format, just the format conversion itself in a buffer that just contains the signature.
+
+#### Asymmetric cryptography TODO
+
+[TODO] Other gaps?
+
+## New APIs
+
+This section presents new APIs to implement based on the [gap analysis](#gap-analysis).
+
+### General notes
+
+Each action to implement a function entails:
+
+* Implement the library function.
+* Document it precisely, including error conditions.
+* Unit-test it.
+* Mention it where relevant in the PSA transition guide.
+
+### Hash APIs
+
+Based on the [gap analysis](#hash-gap-analysis):
+
+[ACTION] [#8340](https://github.com/Mbed-TLS/mbedtls/issues/8340) Move `mbedtls_md_psa_alg_from_type` and `mbedtls_md_type_from_psa_alg` from `library/md_psa.h` to `include/mbedtls/md.h`.
+
+### MAC APIs
+
+[TODO]
+
+### Cipher and AEAD APIs
+
+[TODO]
+
+### Key derivation APIs
+
+[TODO]
+
+### Random generation APIs
+
+[TODO]
+
+### Asymmetric cryptography APIs
+
+#### Asymmetric cryptography metadata APIs
+
+Based on the [gap analysis](#asymmetric-cryptography-metadata):
+
+* No further work is needed about RSA specifically. The amount of metadata other than hashes is sufficiently small to be handled in ad hoc ways in applications, and hashes have [their own conversions](#hash-apis).
+* No further work is needed about ECC specifically. We have just added adequate functions.
+* No further work is needed about DHM specifically. There is no good way to translate the relevant information.
+* [OPEN] Is there a decent way to convert between `mbedtls_pk_type_t` plus extra information, and `psa_key_type_t` plus policy information? The two APIs are different in crucial ways, with different splits between key type, policy information and operation algorithm.
+  Thinking so far: there isn't really a nice way to present this conversion. For a specific key, `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_copy_from_psa` do the job.
+
+#### API to create a PSA key from a PK context
+
+Based on the [gap analysis](#using-a-legacy-key-pair-or-public-key-with-psa):
+
+Given an `mbedtls_pk_context`, we want a function that creates a PSA key with the same key material and algorithm. “Same key material” is straightforward, but “same algorithm” is not, because a PK context has incomplete algorithm information. For example, there is no way to distinguish between an RSA key that is intended for signature or for encryption. Between algorithms of the same nature, there is no way to distinguish a key intended for PKCS#1v1.5 and one intended for PKCS#1v2.1 (OAEP/PSS): this is indicated in the underlying RSA context, but the indication there is only a default that can be overridden by calling `mbedtls_pk_{sign,verify}_ext`. Also there is no way to distinguish between `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)` and `PSA_ALG_RSA_PKCS1V15_SIGN_RAW`: in the legacy interface, this is only determined when actually doing a signature/verification operation. Therefore the function that creates the PSA key needs extra information to indicate which algorithm to put in the key's policy.
+
+When creating a PSA key, apart from the key material, the key is determined by attributes, which fall under three categories:
+
+* Type and size. These are directly related to the key material and can be deduced from it if the key material is in a structured format, which is the case with an `mbedtls_pk_context` input.
+* Policy. This includes the chosen algorithm, which as discussed above cannot be fully deduced from the `mbedtls_pk_context` object. Just choosing one algorithm is problematic because it doesn't allow implementation-specific extensions, such as Mbed TLS's enrollment algorithm. The intended usage flags cannot be deduced from the PK context either, but the conversion function could sensibly just enable all the relevant usage flags. Users who want a more restrictive usage can call `psa_copy_key` and `psa_destroy_key` to obtain a PSA key object with a more restrictive usage.
+* Persistence and location. This is completely orthogonal to the information from the `mbedtls_pk_context` object. It is convenient, but not necessary, for the conversion function to allow customizing these aspects. If it doesn't, users can call the conversion function and then call `psa_copy_key` and `psa_destroy_key` to move the key to its desired location.
+
+To allow the full flexibility around policies, and make the creation of a persistent key more convenient, the conversion function shall take a `const psa_key_attributes_t *` input, like all other functions that create a PSA key. In addition, there shall be a helper function to populate a `psa_key_attributes_t` with a sensible default. This lets the caller choose a more flexible, or just different usage policy, unlike the default-then-copy approach which only allows restricting the policy.
+
+This is close to the existing function `mbedtls_pk_wrap_as_opaque`, but does not bake in the implementation-specific consideration that a PSA key has exactly two algorithms, and also allows the caller to benefit from default for the policy in more cases.
+
+[ACTION] [#8708](https://github.com/Mbed-TLS/mbedtls/issues/8708) Implement `mbedtls_pk_get_psa_attributes` and `mbedtls_pk_import_into_psa` as described below. These functions are available whenever `MBEDTLS_PK_C` and `MBEDTLS_PSA_CRYPTO_CLIENT` are both defined. Deprecate `mbedtls_pk_wrap_as_opaque`.
+
+```
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+                                  psa_key_usage_flags_t usage,
+                                  psa_key_attributes_t *attributes);
+int mbedtls_pk_import_into_psa(const mbedtls_pk_context *pk,
+                               const psa_key_attributes_t *attributes,
+                               mbedtls_svc_key_id_t *key_id);
+```
+
+* `mbedtls_pk_get_psa_attributes` does not change the id/lifetime fields of the attributes (which indicate a volatile key by default).
+    * [OPEN] Or should it reset them to 0? Resetting is more convenient for the case where the pk key is a `MBEDTLS_PK_OPAQUE`. But that's an uncommon use case. It's probably less surprising if this function leaves the lifetime-related alone, since its job is to set the type-related and policy-related attributes.
+* `mbedtls_pk_get_psa_attributes` sets the type and size based on what's in the pk context.
+    * The key type is a key pair if the context contains a private key and the indicated usage is a private-key usage. The key type is a public key if the context only contains a public key, in which case a private-key usage is an error.
+* `mbedtls_pk_get_psa_attributes` sets the usage flags based on the `usage` parameter. It extends the usage to other usage that is possible:
+    * `EXPORT` and `COPY` are always set.
+    * If `SIGN_{HASH,MESSAGE}` is set then so is `VERIFY_{HASH,MESSAGE}`.
+    * If `DECRYPT` is set then so is `ENCRYPT`.
+    * It is an error if `usage` has more than one flag set, or has a usage that is incompatible with the key type.
+* `mbedtls_pk_get_psa_attributes` sets the algorithm usage policy based on information in the key object and on `usage`.
+    * For an RSA key with the `MBEDTLS_RSA_PKCS_V15` padding mode, the algorithm policy is `PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_PKCS1V15_CRYPT` for an encrypt/decrypt usage.
+    * For an RSA key with the `MBEDTLS_RSA_PKCS_V21` padding mode, the algorithm policy is `PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)` for a sign/verify usage, and `PSA_ALG_RSA_OAEP(hash)` for an encrypt/decrypt usage where `hash` is from the RSA key's parameters. (Note that `PSA_ALG_ANY_HASH` is only allowed in signature algorithms.)
+    * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDSA` with a sign/verify usage, the algorithm policy is `PSA_ALG_DETERMINISTIC_ECDSA` if `MBEDTLS_ECDSA_DETERMINISTIC` is enabled and `PSA_ALG_ECDSA` otherwise. In either case, the hash policy is `PSA_ALG_ANY_HASH`.
+    * For an `MBEDTLS_PK_ECKEY` or `MBEDTLS_PK_ECDKEY_DH` with the usage `PSA_KEY_USAGE_DERIVE`, the algorithm is `PSA_ALG_ECDH`.
+    * For a `MBEDTLS_PK_OPAQUE`, this function reads the attributes of the existing PK key and copies them (without overriding the lifetime and key identifier in `attributes`), then applies a public-key restriction if needed.
+        * Public-key restriction: if `usage` is a public-key usage, change the type to the corresponding public-key type, and remove private-key usage flags from the usage flags read from the existing key.
+* `mbedtls_pk_import_into_psa` checks that the type field in the attributes is consistent with the content of the `mbedtls_pk_context` object (RSA/ECC, and availability of the private key).
+    * The key type can be a public key even if the private key is available.
+* `mbedtls_pk_import_into_psa` does not need to check the bit-size in the attributes: `psa_import_key` will do enough checks.
+* `mbedtls_pk_import_into_psa` does not check that the policy in the attributes is sensible. That's on the user.
+
+#### API to copy a PSA key to a PK context
+
+Based on the [gap analysis](#using-a-psa-key-as-a-pk-context):
+
+[ACTION] [#8709](https://github.com/Mbed-TLS/mbedtls/issues/8709) Implement `mbedtls_pk_copy_from_psa` as described below.
+
+```
+int mbedtls_pk_copy_from_psa(mbedtls_svc_key_id_t key_id,
+                             mbedtls_pk_context *pk);
+```
+
+* `pk` must be initialized, but not set up.
+* It is an error if the key is neither a key pair nor a public key.
+* It is an error if the key is not exportable.
+* The resulting pk object has a transparent type, not `MBEDTLS_PK_OPAQUE`. That's `MBEDTLS_PK_RSA` for RSA keys (since pk objects don't use `MBEDTLS_PK_RSASSA_PSS` as a type), and `MBEDTLS_PK_ECKEY` for ECC keys (following the example of pkparse).
+* Once this function returns, the pk object is completely independent of the PSA key.
+* Calling `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt` on the resulting pk context will perform an algorithm that is compatible with the PSA key's primary algorithm policy (`psa_get_key_algorithm`) if that is a matching operation type (sign/verify, encrypt/decrypt), but with no restriction on the hash (as if the policy had `PSA_ALG_ANY_HASH` instead of a specific hash, and with `PSA_ALG_RSA_PKCS1V15_SIGN_RAW` merged with `PSA_ALG_RSA_PKCS1V15_SIGN(hash_alg)`).
+    * For ECDSA, the choice of deterministic vs randomized will be based on the compile-time setting `MBEDTLS_ECDSA_DETERMINISTIC`, like `mbedtls_pk_sign` today.
+    * For an RSA key, the output key will allow both encrypt/decrypt and sign/verify regardless of the original key's policy. The original key's policy determines the output key's padding mode.
+    * The primary intent of this requirement is to allow an application to switch to PSA for creating the key material (for example to benefit from a PSA accelerator driver, or to start using a secure element), without modifying the code that consumes the key. For RSA keys, the PSA primary algorithm policy is how one conveys the same information as RSA key padding information in the legacy API. Convey this in the documentation.
+
+#### API to create a PK object that wraps a PSA key
+
+Based on the [gap analysis](#using-a-psa-key-as-a-pk-context):
+
+[ACTION] [#8712](https://github.com/Mbed-TLS/mbedtls/issues/8712) Clarify the documentation of `mbedtls_pk_setup_opaque` regarding which algorithms the resulting key will perform with `mbedtls_pk_sign`, `mbedtls_pk_verify`, `mbedtls_pk_encrypt`, `mbedtls_pk_decrypt`.
+
+[ACTION] [#8710](https://github.com/Mbed-TLS/mbedtls/issues/8710) Provide `mbedtls_pk_setup_opaque` whenever `MBEDTLS_PSA_CRYPTO_CLIENT` is enabled, not just when `MBEDTLS_USE_PSA_CRYPTO` is enabled. This is nice-to-have, not critical. Update `use-psa-crypto.md` accordingly.
+
+[OPEN] What about `mbedtls_pk_sign_ext` and  `mbedtls_pk_verify_ext`?
+
+#### API to convert between signature formats
+
+Based on the [gap analysis](#signature-formats):
+
+[ACTION] [#7765](https://github.com/Mbed-TLS/mbedtls/issues/7765) Implement `mbedtls_ecdsa_raw_to_der` and `mbedtls_ecdsa_der_to_raw` as described below.
+
+```
+int mbedtls_ecdsa_raw_to_der(size_t bits,
+                             const unsigned char *raw, size_t raw_len,
+                             unsigned char *der, size_t der_size, size_t *der_len);
+int mbedtls_ecdsa_der_to_raw(size_t bits,
+                             const unsigned char *der, size_t der_len,
+                             unsigned char *raw, size_t raw_size, size_t *raw_len);
+```
+
+* These functions convert between the signature format used by `mbedtls_pk_{sign,verify}{,_ext}` and the signature format used by `psa_{sign,verify}_{hash,message}`.
+* The input and output buffers can overlap.
+* The `bits` parameter is necessary in the DER-to-raw direction because the DER format lacks leading zeros, so something else needs to convey the size of (r,s). The `bits` parameter is redundant in the raw-to-DER direction, but we have it anyway because [it helps catch errors](https://github.com/Mbed-TLS/mbedtls/pull/8681#discussion_r1445980971), and it isn't a burden on the caller because the information is readily available in practice.
+* Should these functions rely on the ASN.1 module? We experimented [calling ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8681), [reimplementing simpler ASN.1 functions](https://github.com/Mbed-TLS/mbedtls/pull/8696), and [providing the functions from the ASN.1 module](https://github.com/Mbed-TLS/mbedtls/pull/8703). Providing the functions from the ASN.1 module [won on a compromise of code size and simplicity](https://github.com/Mbed-TLS/mbedtls/issues/7765#issuecomment-1893670015).
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index cbbb7597f..f2695a160 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -6,7 +6,7 @@ EXTRACT_ALL            = YES
 EXTRACT_PRIVATE        = YES
 EXTRACT_STATIC         = YES
 CASE_SENSE_NAMES       = NO
-INPUT                  = ../include input
+INPUT                  = ../include input ../tests/include/alt-dummy
 FILE_PATTERNS          = *.h
 RECURSIVE              = YES
 EXCLUDE_SYMLINKS       = YES
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 3c3bfad9d..ff019f432 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -197,7 +197,8 @@ typedef struct mbedtls_asn1_named_data {
 }
 mbedtls_asn1_named_data;
 
-#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 /**
  * \brief       Get the length of an ASN.1 element.
  *              Updates the pointer to immediately behind the length.
@@ -244,7 +245,7 @@ int mbedtls_asn1_get_len(unsigned char **p,
 int mbedtls_asn1_get_tag(unsigned char **p,
                          const unsigned char *end,
                          size_t *len, int tag);
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 /**
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 7af4aba41..0c5a85ac2 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -36,7 +36,8 @@
 extern "C" {
 #endif
 
-#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 /**
  * \brief           Write a length field in ASN.1 format.
  *
@@ -65,7 +66,7 @@ int mbedtls_asn1_write_len(unsigned char **p, const unsigned char *start,
  */
 int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start,
                            unsigned char tag);
-#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA*/
 
 #if defined(MBEDTLS_ASN1_WRITE_C)
 /**
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 815b5bb19..1dc31c9c2 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -678,7 +678,6 @@ int MBEDTLS_DEPRECATED mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
 static inline unsigned int mbedtls_cipher_get_block_size(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
     }
@@ -698,7 +697,6 @@ static inline unsigned int mbedtls_cipher_get_block_size(
 static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_MODE_NONE;
     }
@@ -719,7 +717,6 @@ static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
 static inline int mbedtls_cipher_get_iv_size(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
     }
@@ -743,8 +740,6 @@ static inline int mbedtls_cipher_get_iv_size(
 static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_CIPHER_NONE);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_CIPHER_NONE;
     }
@@ -764,7 +759,6 @@ static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
 static inline const char *mbedtls_cipher_get_name(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return 0;
     }
@@ -784,8 +778,6 @@ static inline const char *mbedtls_cipher_get_name(
 static inline int mbedtls_cipher_get_key_bitlen(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_KEY_LENGTH_NONE;
     }
@@ -805,8 +797,6 @@ static inline int mbedtls_cipher_get_key_bitlen(
 static inline mbedtls_operation_t mbedtls_cipher_get_operation(
     const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_OPERATION_NONE);
     if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL) {
         return MBEDTLS_OPERATION_NONE;
     }
diff --git a/include/mbedtls/config_adjust_legacy_crypto.h b/include/mbedtls/config_adjust_legacy_crypto.h
index 696266c6f..064699c12 100644
--- a/include/mbedtls/config_adjust_legacy_crypto.h
+++ b/include/mbedtls/config_adjust_legacy_crypto.h
@@ -324,15 +324,6 @@
 #define MBEDTLS_PSA_CRYPTO_CLIENT
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
-/* The PK wrappers need pk_write/pk_parse functions to format RSA key objects
- * when they are dispatching to the PSA API. This happens under MBEDTLS_USE_PSA_CRYPTO,
- * and even under just MBEDTLS_PSA_CRYPTO_C in psa_crypto_rsa.c. */
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_RSA_C)
-#define MBEDTLS_PK_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_PARSE_C
-#endif
-
 /* Helpers to state that each key is supported either on the builtin or PSA side. */
 #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
 #define MBEDTLS_ECP_HAVE_SECP521R1
@@ -400,6 +391,13 @@
 #define MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
 #endif
 
+/* psa_util file features some ECDSA conversion functions, to convert between
+ * legacy's ASN.1 DER format and PSA's raw one. */
+#if defined(MBEDTLS_ECDSA_C) || (defined(MBEDTLS_PSA_CRYPTO_C) && \
+    (defined(PSA_WANT_ALG_ECDSA) || defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)))
+#define MBEDTLS_PSA_UTIL_HAVE_ECDSA
+#endif
+
 /* Some internal helpers to determine which keys are availble. */
 #if (!defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_AES_C)) || \
     (defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_KEY_TYPE_AES))
diff --git a/include/mbedtls/config_adjust_legacy_from_psa.h b/include/mbedtls/config_adjust_legacy_from_psa.h
index 691fed6e5..0091e246b 100644
--- a/include/mbedtls/config_adjust_legacy_from_psa.h
+++ b/include/mbedtls/config_adjust_legacy_from_psa.h
@@ -47,139 +47,65 @@
  */
 
 /* ECC: curves: is acceleration complete? */
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#if (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) && \
+    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)) || \
+    (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
+    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)) || \
+    (defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
+    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)) || \
+    (defined(PSA_WANT_ECC_SECP_R1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)) || \
+    (defined(PSA_WANT_ECC_SECP_R1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)) || \
+    (defined(PSA_WANT_ECC_SECP_R1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)) || \
+    (defined(PSA_WANT_ECC_SECP_R1_384) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)) || \
+    (defined(PSA_WANT_ECC_SECP_R1_521) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)) || \
+    (defined(PSA_WANT_ECC_SECP_K1_192) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)) || \
+    (defined(PSA_WANT_ECC_SECP_K1_224) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)) || \
+    (defined(PSA_WANT_ECC_SECP_K1_256) && !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256))
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif
 
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#if (defined(PSA_WANT_ECC_MONTGOMERY_255) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)) || \
+    (defined(PSA_WANT_ECC_MONTGOMERY_448) && !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448))
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_192) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_224) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_256) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_384) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_521) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_192) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_224) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_256) && \
-    !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_WEIERSTRASS_CURVES
 #endif
 
 /* ECC: algs: is acceleration complete? */
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
-    !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_ECDH) && \
-    !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_ECDSA) && \
-    !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE) && \
-    !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
+#if (defined(PSA_WANT_ALG_ECDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)) || \
+    (defined(PSA_WANT_ALG_ECDSA) && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)) || \
+    (defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) && \
+    !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)) || \
+    (defined(PSA_WANT_ALG_JPAKE) && !defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE))
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS
 #endif
 
 /* ECC: key types: is acceleration complete? */
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
+#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC))
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
 #endif
 
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES_BASIC
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
-#endif
-
 /* Special case: we don't support cooked key derivation in drivers yet */
 #if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
 #undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
 #endif
 
-/* Note: the condition is always true as DERIVE can't be accelerated yet */
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
-    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+/* Note: the condition about key derivation is always true as DERIVE can't be
+ * accelerated yet */
+#if (defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)) || \
+    (defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE))
 #define MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_KEY_TYPES
 #endif
 
@@ -386,8 +312,6 @@
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
@@ -396,8 +320,6 @@
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_ALGS)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC */
 
@@ -405,8 +327,6 @@
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT */
 
@@ -414,8 +334,6 @@
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT */
 
@@ -423,8 +341,6 @@
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
 
@@ -433,20 +349,149 @@
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE) || \
     defined(MBEDTLS_PSA_ECC_ACCEL_INCOMPLETE_CURVES)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#define MBEDTLS_ECP_LIGHT
-#define MBEDTLS_BIGNUM_C
 #endif /* missing accel */
 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE */
 
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_BASIC) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
+#define MBEDTLS_ECP_LIGHT
+#define MBEDTLS_BIGNUM_C
+#endif
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
+    defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+#define MBEDTLS_ECP_C
+#define MBEDTLS_BIGNUM_C
+#endif
+
 /* End of ECC section */
 
+/*
+ * DH key types follow the same pattern used above for EC keys. They are defined
+ * by a triplet (group, key_type, alg). A triplet is accelerated if all its
+ * component are accelerated, otherwise each component needs to be builtin.
+ */
+
+/* DH: groups: is acceleration complete? */
+#if (defined(PSA_WANT_DH_RFC7919_2048) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)) || \
+    (defined(PSA_WANT_DH_RFC7919_3072) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)) || \
+    (defined(PSA_WANT_DH_RFC7919_4096) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)) || \
+    (defined(PSA_WANT_DH_RFC7919_6144) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)) || \
+    (defined(PSA_WANT_DH_RFC7919_8192) && !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192))
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS
+#endif
+
+/* DH: algs: is acceleration complete? */
+#if defined(PSA_WANT_ALG_FFDH) && !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS
+#endif
+
+/* DH: key types: is acceleration complete? */
+#if (defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)) || \
+    (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)) || \
+    (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)) || \
+    (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)) || \
+    (defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE) && \
+    !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE))
+#define MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_2048)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+
+#if defined(PSA_WANT_DH_RFC7919_3072)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+
+#if defined(PSA_WANT_DH_RFC7919_4096)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+
+#if defined(PSA_WANT_DH_RFC7919_6144)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+
+#if defined(PSA_WANT_DH_RFC7919_8192)
+#if !defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1
+#endif /* !MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+
 #if defined(PSA_WANT_ALG_FFDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
+#if !defined(MBEDTLS_PSA_ACCEL_ALG_FFDH) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_KEY_TYPES)
 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
 #define MBEDTLS_BIGNUM_C
 #endif /* !MBEDTLS_PSA_ACCEL_ALG_FFDH */
 #endif /* PSA_WANT_ALG_FFDH */
 
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
+#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
+
+#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
+#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_GROUPS) || \
+    defined(MBEDTLS_PSA_DH_ACCEL_INCOMPLETE_ALGS)
+#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_BIGNUM_C
+#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
+#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
+
+/* End of DH section */
+
 #if defined(PSA_WANT_ALG_HKDF)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
 /*
@@ -634,46 +679,12 @@
 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC */
 #endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC */
 
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC */
-#endif /* PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC */
-
-#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY */
-
 #if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
 #if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
 #define MBEDTLS_RSA_C
 #define MBEDTLS_BIGNUM_C
 #define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
 #define MBEDTLS_ASN1_PARSE_C
 #define MBEDTLS_ASN1_WRITE_C
 #endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
diff --git a/include/mbedtls/config_adjust_psa_from_legacy.h b/include/mbedtls/config_adjust_psa_from_legacy.h
index b841875cf..345661594 100644
--- a/include/mbedtls/config_adjust_psa_from_legacy.h
+++ b/include/mbedtls/config_adjust_psa_from_legacy.h
@@ -81,13 +81,22 @@
 #define PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
 #define PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY 1
 #define PSA_WANT_ALG_FFDH 1
-#define PSA_WANT_DH_FAMILY_RFC7919 1
+#define PSA_WANT_DH_RFC7919_2048 1
+#define PSA_WANT_DH_RFC7919_3072 1
+#define PSA_WANT_DH_RFC7919_4096 1
+#define PSA_WANT_DH_RFC7919_6144 1
+#define PSA_WANT_DH_RFC7919_8192 1
 #define MBEDTLS_PSA_BUILTIN_ALG_FFDH 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_BASIC 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
 #define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 1
+#define MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 1
 #endif /* MBEDTLS_DHM_C */
 
 #if defined(MBEDTLS_GCM_C)
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 922e5bec5..424ed4b3f 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -149,165 +149,8 @@ extern "C" {
  */
 void mbedtls_debug_set_threshold(int threshold);
 
-/**
- * \brief    Print a message to the debug output. This function is always used
- *          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
- *          context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the message has occurred in
- * \param line      line number the message has occurred at
- * \param format    format specifier, in printf format
- * \param ...       variables used by the format specifier
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
-
-/**
- * \brief   Print the return value of a function to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      the name of the function that returned the error
- * \param ret       the return code value
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, int ret);
-
-/**
- * \brief   Output a buffer of size len bytes to the debug output. This function
- *          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the buffer being dumped. Normally the
- *                  variable or buffer name
- * \param buf       the buffer to be outputted
- * \param len       length of the buffer
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line, const char *text,
-                             const unsigned char *buf, size_t len);
-
-#if defined(MBEDTLS_BIGNUM_C)
-/**
- * \brief   Print a MPI variable to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the MPI being output. Normally the
- *                  variable name
- * \param X         the MPI variable
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, const mbedtls_mpi *X);
-#endif
-
-#if defined(MBEDTLS_ECP_LIGHT)
-/**
- * \brief   Print an ECP point to the debug output. This function is always
- *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
- *          ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the ECP point being output. Normally the
- *                  variable name
- * \param X         the ECP point
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, const mbedtls_ecp_point *X);
-#endif
-
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
-/**
- * \brief   Print a X.509 certificate structure to the debug output. This
- *          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
- *          which supplies the ssl context, file and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param text      a name or label for the certificate being output
- * \param crt       X.509 certificate structure
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
-                             const char *file, int line,
-                             const char *text, const mbedtls_x509_crt *crt);
-#endif
-
-/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
-         only works for the built-in implementation. */
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
-    defined(MBEDTLS_ECDH_C)
-typedef enum {
-    MBEDTLS_DEBUG_ECDH_Q,
-    MBEDTLS_DEBUG_ECDH_QP,
-    MBEDTLS_DEBUG_ECDH_Z,
-} mbedtls_debug_ecdh_attr;
-
-/**
- * \brief   Print a field of the ECDH structure in the SSL context to the debug
- *          output. This function is always used through the
- *          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
- *          and line number parameters.
- *
- * \param ssl       SSL context
- * \param level     error level of the debug message
- * \param file      file the error has occurred in
- * \param line      line number the error has occurred in
- * \param ecdh      the ECDH context
- * \param attr      the identifier of the attribute being output
- *
- * \attention       This function is intended for INTERNAL usage within the
- *                  library only.
- */
-void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
-                               const char *file, int line,
-                               const mbedtls_ecdh_context *ecdh,
-                               mbedtls_debug_ecdh_attr attr);
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
-          MBEDTLS_ECDH_C */
-
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* debug.h */
+#endif /* MBEDTLS_DEBUG_H */
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 8a67486bb..fdc25ebf8 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -288,12 +288,17 @@
 #define MBEDTLS_OID_HMAC_RIPEMD160              MBEDTLS_OID_INTERNET "\x05\x05\x08\x01\x04" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= {iso(1) iso-identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) ipsec(8) isakmpOakley(1) hmacRIPEMD160(4)} */
 
 /*
- * Encryption algorithms
+ * Encryption algorithms,
+ * the following standardized object identifiers are specified at
+ * https://datatracker.ietf.org/doc/html/rfc8018#appendix-C.
  */
 #define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG \
         MBEDTLS_OID_OIW_SECSIG_ALG "\x07"                                                                        /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
 #define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
 #define MBEDTLS_OID_AES                         MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
+#define MBEDTLS_OID_AES_128_CBC                 MBEDTLS_OID_AES "\x02" /** aes128-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes128-CBC-PAD(2) } */
+#define MBEDTLS_OID_AES_192_CBC                 MBEDTLS_OID_AES "\x16" /** aes192-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes192-CBC-PAD(22) } */
+#define MBEDTLS_OID_AES_256_CBC                 MBEDTLS_OID_AES "\x2a" /** aes256-cbc-pad OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithms(4) aes(1) aes256-CBC-PAD(42) } */
 
 /*
  * Key Wrapping algorithms
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 27768bd35..66f39015f 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -28,7 +28,7 @@
 #include "mbedtls/ecdsa.h"
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #include "psa/crypto.h"
 #endif
 
@@ -253,6 +253,8 @@ typedef struct mbedtls_pk_context {
      *   inside the ecp_keypair structure
      * - the following fields are used for all public key operations: signature
      *   verify, key pair check and key write.
+     * - For a key pair, priv_id contains the private key. For a public key,
+     *   priv_id is null.
      * Of course, when MBEDTLS_PK_USE_PSA_EC_DATA is not enabled, the legacy
      * ecp_keypair structure is used for storing the public key and performing
      * all the operations.
@@ -484,6 +486,121 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
                           psa_key_usage_t usage);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+/**
+ * \brief           Determine valid PSA attributes that can be used to
+ *                  import a key into PSA.
+ *
+ *                  The attributes determined by this function are suitable
+ *                  for calling mbedtls_pk_import_into_psa() to create
+ *                  a PSA key with the same key material.
+ *
+ *                  The typical flow of operations involving this function is
+ *                  ```
+ *                  psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ *                  int ret = mbedtls_pk_get_psa_attributes(pk, &attributes);
+ *                  if (ret != 0) ...; // error handling omitted
+ *                  // Tweak attributes if desired
+ *                  psa_key_id_t key_id = 0;
+ *                  ret = mbedtls_pk_import_into_psa(pk, &attributes, &key_id);
+ *                  if (ret != 0) ...; // error handling omitted
+ *                  ```
+ *
+ * \note            This function does not support RSA-alt contexts
+ *                  (set up with mbedtls_pk_setup_rsa_alt()).
+ *
+ * \param[in] pk    The PK context to use. It must have been set up.
+ *                  It can either contain a key pair or just a public key.
+ * \param usage     A single `PSA_KEY_USAGE_xxx` flag among the following:
+ *                  - #PSA_KEY_USAGE_DECRYPT: \p pk must contain a
+ *                    key pair. The output \p attributes will contain a
+ *                    key pair type, and the usage policy will allow
+ *                    #PSA_KEY_USAGE_ENCRYPT as well as
+ *                    #PSA_KEY_USAGE_DECRYPT.
+ *                  - #PSA_KEY_USAGE_DERIVE: \p pk must contain a
+ *                    key pair. The output \p attributes will contain a
+ *                    key pair type.
+ *                  - #PSA_KEY_USAGE_ENCRYPT: The output
+ *                    \p attributes will contain a public key type.
+ *                  - #PSA_KEY_USAGE_SIGN_HASH: \p pk must contain a
+ *                    key pair. The output \p attributes will contain a
+ *                    key pair type, and the usage policy will allow
+ *                    #PSA_KEY_USAGE_VERIFY_HASH as well as
+ *                    #PSA_KEY_USAGE_SIGN_HASH.
+ *                  - #PSA_KEY_USAGE_SIGN_MESSAGE: \p pk must contain a
+ *                    key pair. The output \p attributes will contain a
+ *                    key pair type, and the usage policy will allow
+ *                    #PSA_KEY_USAGE_VERIFY_MESSAGE as well as
+ *                    #PSA_KEY_USAGE_SIGN_MESSAGE.
+ *                  - #PSA_KEY_USAGE_VERIFY_HASH: The output
+ *                    \p attributes will contain a public key type.
+ *                  - #PSA_KEY_USAGE_VERIFY_MESSAGE: The output
+ *                    \p attributes will contain a public key type.
+ * \param[out] attributes
+ *                  On success, valid attributes to import the key into PSA.
+ *                  - The lifetime and key identifier are unchanged. If the
+ *                    attribute structure was initialized or reset before
+ *                    calling this function, this will result in a volatile
+ *                    key. Call psa_set_key_identifier() before or after this
+ *                    function if you wish to create a persistent key. Call
+ *                    psa_set_key_lifetime() before or after this function if
+ *                    you wish to import the key in a secure element.
+ *                  - The key type and bit-size are determined by the contents
+ *                    of the PK context. If the PK context contains a key
+ *                    pair, the key type can be either a key pair type or
+ *                    the corresponding public key type, depending on
+ *                    \p usage. If the PK context contains a public key,
+ *                    the key type is a public key type.
+ *                  - The key's policy is determined by the key type and
+ *                    the \p usage parameter. The usage always allows
+ *                    \p usage, exporting and copying the key, and
+ *                    possibly other permissions as documented for the
+ *                    \p usage parameter.
+ *                    The permitted algorithm policy is determined as follows
+ *                    based on the #mbedtls_pk_type_t type of \p pk,
+ *                    the chosen \p usage and other factors:
+ *                      - #MBEDTLS_PK_RSA whose underlying
+ *                        #mbedtls_rsa_context has the padding mode
+ *                        #MBEDTLS_RSA_PKCS_V15:
+ *                        #PSA_ALG_RSA_PKCS1V15_SIGN(#PSA_ALG_ANY_HASH)
+ *                        if \p usage is SIGN/VERIFY, and
+ *                        #PSA_ALG_RSA_PKCS1V15_CRYPT
+ *                        if \p usage is ENCRYPT/DECRYPT.
+ *                      - #MBEDTLS_PK_RSA whose underlying
+ *                        #mbedtls_rsa_context has the padding mode
+ *                        #MBEDTLS_RSA_PKCS_V21 and the digest type
+ *                        corresponding to the PSA algorithm \c hash:
+ *                        #PSA_ALG_RSA_PSS_ANY_SALT(#PSA_ALG_ANY_HASH)
+ *                        if \p usage is SIGN/VERIFY, and
+ *                        #PSA_ALG_RSA_OAEP(\c hash)
+ *                        if \p usage is ENCRYPT/DECRYPT.
+ *                      - #MBEDTLS_PK_RSA_ALT: not supported.
+ *                      - #MBEDTLS_PK_ECDSA or #MBEDTLS_PK_ECKEY
+ *                        if \p usage is SIGN/VERIFY:
+ *                        #PSA_ALG_DETERMINISTIC_ECDSA(#PSA_ALG_ANY_HASH)
+ *                        if #MBEDTLS_ECDSA_DETERMINISTIC is enabled,
+ *                        otherwise #PSA_ALG_ECDSA(#PSA_ALG_ANY_HASH).
+ *                      - #MBEDTLS_PK_ECKEY_DH or #MBEDTLS_PK_ECKEY
+ *                        if \p usage is DERIVE:
+ *                        #PSA_ALG_ECDH.
+ *                      - #MBEDTLS_PK_OPAQUE: same as the primary algorithm
+ *                        set for the underlying PSA key, except that
+ *                        sign/decrypt flags are removed if the type is
+ *                        set to a public key type.
+ *                        The underlying key must allow \p usage.
+ *                        Note that the enrollment algorithm set with
+ *                        psa_set_key_enrollment_algorithm() is not copied.
+ *
+ * \return          0 on success.
+ *                  #MBEDTLS_ERR_PK_TYPE_MISMATCH if \p pk does not contain
+ *                  a key of the type identified in \p attributes.
+ *                  Another error code on other failures.
+ */
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+                                  psa_key_usage_t usage,
+                                  psa_key_attributes_t *attributes);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
 /**
  * \brief           Verify signature (including padding if relevant).
  *
@@ -1042,14 +1159,6 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
                             const mbedtls_pk_context *key);
 #endif /* MBEDTLS_PK_WRITE_C */
 
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-#if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
-#endif
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
  * \brief           Turn an EC or RSA key into an opaque one.
diff --git a/include/mbedtls/pkcs7.h b/include/mbedtls/pkcs7.h
index 70b25a9c6..e9b482208 100644
--- a/include/mbedtls/pkcs7.h
+++ b/include/mbedtls/pkcs7.h
@@ -41,7 +41,6 @@
 #include "mbedtls/build_info.h"
 
 #include "mbedtls/asn1.h"
-#include "mbedtls/x509.h"
 #include "mbedtls/x509_crt.h"
 
 /**
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index cba02ab3d..1b371ef3f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -23,10 +23,6 @@
 extern "C" {
 #endif
 
-/* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret)  do { } while (0)
-#define MBEDTLS_INTERNAL_VALIDATE(cond)           do { } while (0)
-
 /* Internal helper macros for deprecating API constants. */
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 47724c633..984f03154 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -16,6 +16,11 @@
 
 #include "psa/crypto.h"
 
+/* ASN1 defines used in the ECDSA conversion functions.
+ * Note: intentionally not adding MBEDTLS_ASN1_[PARSE|WRITE]_C guards here
+ * otherwise error codes would be unknown in test_suite_psa_crypto_util.data.*/
+#include <mbedtls/asn1write.h>
+
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
 /* Expose whatever RNG the PSA subsystem uses to applications using the
@@ -175,8 +180,50 @@ static inline mbedtls_md_type_t mbedtls_md_type_from_psa_alg(psa_algorithm_t psa
 {
     return (mbedtls_md_type_t) (psa_alg & PSA_ALG_HASH_MASK);
 }
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
+
+/** Convert an ECDSA signature from raw format to DER ASN.1 format.
+ *
+ * \param       bits        Size of each coordinate in bits.
+ * \param       raw         Buffer that contains the signature in raw format.
+ * \param       raw_len     Length of \p raw in bytes. This must be
+ *                          PSA_BITS_TO_BYTES(bits) bytes.
+ * \param[out]  der         Buffer that will be filled with the converted DER
+ *                          output. It can overlap with raw buffer.
+ * \param       der_size    Size of \p der in bytes. It is enough if \p der_size
+ *                          is at least the size of the actual output. (The size
+ *                          of the output can vary depending on the presence of
+ *                          leading zeros in the data.) You can use
+ *                          #MBEDTLS_ECDSA_MAX_SIG_LEN(\p bits) to determine a
+ *                          size that is large enough for all signatures for a
+ *                          given value of \p bits.
+ * \param[out]  der_len     On success it contains the amount of valid data
+ *                          (in bytes) written to \p der. It's undefined
+ *                          in case of failure.
+ */
+int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
+                             unsigned char *der, size_t der_size, size_t *der_len);
+
+/** Convert an ECDSA signature from DER ASN.1 format to raw format.
+ *
+ * \param       bits        Size of each coordinate in bits.
+ * \param       der         Buffer that contains the signature in DER format.
+ * \param       der_len     Size of \p der in bytes.
+ * \param[out]  raw         Buffer that will be filled with the converted raw
+ *                          signature. It can overlap with der buffer.
+ * \param       raw_size    Size of \p raw in bytes. Must be at least
+ *                          2 * PSA_BITS_TO_BYTES(bits) bytes.
+ * \param[out]  raw_len     On success it is updated with the amount of valid
+ *                          data (in bytes) written to \p raw. It's undefined
+ *                          in case of failure.
+ */
+int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
+                             unsigned char *raw, size_t raw_size, size_t *raw_len);
+
+#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
 /**@}*/
 
-#endif /* MBEDTLS_PSA_CRYPTO_C */
 #endif /* MBEDTLS_PSA_UTIL_H */
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 36295269a..e0cd79d02 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -90,8 +90,18 @@
 #define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET       -0x7B00
 /** Not possible to read early data */
 #define MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA            -0x7B80
+/**
+ * Early data has been received as part of an on-going handshake.
+ * This error code can be returned only on server side if and only if early
+ * data has been enabled by means of the mbedtls_ssl_conf_early_data() API.
+ * This error code can then be returned by mbedtls_ssl_handshake(),
+ * mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write() if
+ * early data has been received as part of the handshake sequence they
+ * triggered. To read the early data, call mbedtls_ssl_read_early_data().
+ */
+#define MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA               -0x7C00
 /** Not possible to write early data */
-#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA           -0x7C00
+#define MBEDTLS_ERR_SSL_CANNOT_WRITE_EARLY_DATA           -0x7C80
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
@@ -343,6 +353,26 @@
 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
 #define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
 
+/*
+ * Whether early data record should be discarded or not and how.
+ *
+ * The client has indicated early data and the server has rejected them.
+ * The server has then to skip past early data by either:
+ * - attempting to deprotect received records using the handshake traffic
+ *   key, discarding records which fail deprotection (up to the configured
+ *   max_early_data_size). Once a record is deprotected successfully,
+ *   it is treated as the start of the client's second flight and the
+ *   server proceeds as with an ordinary 1-RTT handshake.
+ * - skipping all records with an external content type of
+ *   "application_data" (indicating that they are encrypted), up to the
+ *   configured max_early_data_size. This is the expected behavior if the
+ *   server has sent an HelloRetryRequest message. The server ignores
+ *   application data message before 2nd ClientHello.
+ */
+#define MBEDTLS_SSL_EARLY_DATA_NO_DISCARD 0
+#define MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD 1
+#define MBEDTLS_SSL_EARLY_DATA_DISCARD 2
+
 /**
  * \name SECTION: Module settings
  *
@@ -1644,6 +1674,18 @@ struct mbedtls_ssl_context {
      */
     mbedtls_ssl_protocol_version MBEDTLS_PRIVATE(tls_version);
 
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C)
+    /**
+     *  Status of the negotiation of the use of early data.
+     *  See the documentation of mbedtls_ssl_get_early_data_status() for more
+     *  information.
+     *
+     *  Reset to #MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT when the context is
+     *  reset.
+     */
+    int MBEDTLS_PRIVATE(early_data_status);
+#endif
+
     unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1760,6 +1802,16 @@ struct mbedtls_ssl_context {
                                                          *   within a single datagram.  */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C)
+    /*
+     * One of:
+     * MBEDTLS_SSL_EARLY_DATA_NO_DISCARD
+     * MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD
+     * MBEDTLS_SSL_EARLY_DATA_DISCARD
+     */
+    uint8_t MBEDTLS_PRIVATE(discard_early_data_record);
+#endif
+
     /*
      * Record layer (outgoing data)
      */
@@ -1841,10 +1893,6 @@ struct mbedtls_ssl_context {
                                              *   and #MBEDTLS_SSL_CID_DISABLED. */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
-    int MBEDTLS_PRIVATE(early_data_status);
-#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_CLI_C */
-
     /** Callback to export key block and master secret                      */
     mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
     void *MBEDTLS_PRIVATE(p_export_keys);            /*!< context for key export callback    */
@@ -1993,7 +2041,7 @@ void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
  */
 void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_EARLY_DATA)
 /**
  * \brief    Set the early data mode
  *           Default: disabled on server and client
@@ -2001,14 +2049,24 @@ void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
  * \param conf   The SSL configuration to use.
  * \param early_data_enabled can be:
  *
- *  MBEDTLS_SSL_EARLY_DATA_DISABLED:  early data functionality is disabled
- *                                    This is the default on client and server.
+ *  MBEDTLS_SSL_EARLY_DATA_DISABLED:
+ *  Early data functionality is disabled. This is the default on client and
+ *  server.
  *
- *  MBEDTLS_SSL_EARLY_DATA_ENABLED:  early data functionality is enabled and
- *                        may be negotiated in the handshake. Application using
- *                        early data functionality needs to be aware of the
- *                        lack of replay protection of the early data application
- *                        payloads.
+ *  MBEDTLS_SSL_EARLY_DATA_ENABLED:
+ *  Early data functionality is enabled and may be negotiated in the handshake.
+ *  Application using early data functionality needs to be aware that the
+ *  security properties for early data (also refered to as 0-RTT data) are
+ *  weaker than those for other kinds of TLS data. See the documentation of
+ *  mbedtls_ssl_write_early_data() and mbedtls_ssl_read_early_data() for more
+ *  information.
+ *  When early data functionality is enabled on server and only in that case,
+ *  the call to one of the APIs that trigger or resume an handshake sequence,
+ *  namely mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
+ *  mbedtls_ssl_read() or mbedtls_ssl_write() may return with the error code
+ *  MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA indicating that some early data have
+ *  been received. To read the early data, call mbedtls_ssl_read_early_data()
+ *  before calling the original function again.
  *
  * \warning This interface is experimental and may change without notice.
  *
@@ -2048,7 +2106,7 @@ void mbedtls_ssl_conf_max_early_data_size(
     mbedtls_ssl_config *conf, uint32_t max_early_data_size);
 #endif /* MBEDTLS_SSL_SRV_C */
 
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_EARLY_DATA */
+#endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
@@ -4733,6 +4791,13 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  * \return         #MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED if DTLS is in use
  *                 and the client did not demonstrate reachability yet - in
  *                 this case you must stop using the context (see below).
+ * \return         #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ *                 defined in RFC 8446 (TLS 1.3 specification), has been
+ *                 received as part of the handshake. This is server specific
+ *                 and may occur only if the early data feature has been
+ *                 enabled on server (see mbedtls_ssl_conf_early_data()
+ *                 documentation). You must call mbedtls_ssl_read_early_data()
+ *                 to read the early data before resuming the handshake.
  * \return         Another SSL error code - in this case you must stop using
  *                 the context (see below).
  *
@@ -4741,7 +4806,8 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
  *                 #MBEDTLS_ERR_SSL_WANT_READ,
  *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
  *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
  *                 you must stop using the SSL context for reading or writing,
  *                 and either free it or call \c mbedtls_ssl_session_reset()
  *                 on it before re-using it for a new connection; the current
@@ -4810,8 +4876,9 @@ static inline int mbedtls_ssl_is_handshake_over(mbedtls_ssl_context *ssl)
  *
  * \warning        If this function returns something other than \c 0,
  *                 #MBEDTLS_ERR_SSL_WANT_READ, #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS, you must stop using
+ *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+ *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA, you must stop using
  *                 the SSL context for reading or writing, and either free it
  *                 or call \c mbedtls_ssl_session_reset() on it before
  *                 re-using it for a new connection; the current connection
@@ -4879,6 +4946,13 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
  * \return         #MBEDTLS_ERR_SSL_CLIENT_RECONNECT if we're at the server
  *                 side of a DTLS connection and the client is initiating a
  *                 new connection using the same source port. See below.
+ * \return         #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ *                 defined in RFC 8446 (TLS 1.3 specification), has been
+ *                 received as part of the handshake. This is server specific
+ *                 and may occur only if the early data feature has been
+ *                 enabled on server (see mbedtls_ssl_conf_early_data()
+ *                 documentation). You must call mbedtls_ssl_read_early_data()
+ *                 to read the early data before resuming the handshake.
  * \return         Another SSL error code - in this case you must stop using
  *                 the context (see below).
  *
@@ -4887,8 +4961,9 @@ int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
  *                 #MBEDTLS_ERR_SSL_WANT_READ,
  *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
  *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT,
+ *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ *                 #MBEDTLS_ERR_SSL_CLIENT_RECONNECT or
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
  *                 you must stop using the SSL context for reading or writing,
  *                 and either free it or call \c mbedtls_ssl_session_reset()
  *                 on it before re-using it for a new connection; the current
@@ -4953,6 +5028,13 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
  *                 operation is in progress (see mbedtls_ecp_set_max_ops()) -
  *                 in this case you must call this function again to complete
  *                 the handshake when you're done attending other tasks.
+ * \return         #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA if early data, as
+ *                 defined in RFC 8446 (TLS 1.3 specification), has been
+ *                 received as part of the handshake. This is server specific
+ *                 and may occur only if the early data feature has been
+ *                 enabled on server (see mbedtls_ssl_conf_early_data()
+ *                 documentation). You must call mbedtls_ssl_read_early_data()
+ *                 to read the early data before resuming the handshake.
  * \return         Another SSL error code - in this case you must stop using
  *                 the context (see below).
  *
@@ -4960,8 +5042,9 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
  *                 a non-negative value,
  *                 #MBEDTLS_ERR_SSL_WANT_READ,
  *                 #MBEDTLS_ERR_SSL_WANT_WRITE,
- *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS or
- *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS,
+ *                 #MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS,
+ *                 #MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS or
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA,
  *                 you must stop using the SSL context for reading or writing,
  *                 and either free it or call \c mbedtls_ssl_session_reset()
  *                 on it before re-using it for a new connection; the current
@@ -5029,48 +5112,46 @@ int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_SRV_C)
 /**
- * \brief          Read at most 'len' application data bytes while performing
- *                 the handshake (early data).
+ * \brief          Read at most 'len' bytes of early data
  *
- * \note           This function behaves mainly as mbedtls_ssl_read(). The
- *                 specification of mbedtls_ssl_read() relevant to TLS 1.3
- *                 (thus not the parts specific to (D)TLS 1.2) applies to this
- *                 function and the present documentation is restricted to the
- *                 differences with mbedtls_ssl_read().
+ * \note           This API is server specific.
  *
- * \param ssl      SSL context
+ * \warning        Early data is defined in the TLS 1.3 specification, RFC 8446.
+ *                 IMPORTANT NOTE from section 2.3 of the specification:
+ *
+ *                 The security properties for 0-RTT data are weaker than
+ *                 those for other kinds of TLS data. Specifically:
+ *                 - This data is not forward secret, as it is encrypted
+ *                   solely under keys derived using the offered PSK.
+ *                 - There are no guarantees of non-replay between connections.
+ *                   Protection against replay for ordinary TLS 1.3 1-RTT data
+ *                   is provided via the server's Random value, but 0-RTT data
+ *                   does not depend on the ServerHello and therefore has
+ *                   weaker guarantees. This is especially relevant if the
+ *                   data is authenticated either with TLS client
+ *                   authentication or inside the application protocol. The
+ *                   same warnings apply to any use of the
+ *                   early_exporter_master_secret.
+ *
+ * \note           This function is used in conjunction with
+ *                 mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(),
+ *                 mbedtls_ssl_read() and mbedtls_ssl_write() to read early
+ *                 data when these functions return
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA.
+ *
+ * \param ssl      SSL context, it must have been initialized and set up.
  * \param buf      buffer that will hold the data
  * \param len      maximum number of bytes to read
  *
- * \return         One additional specific return value:
- *                 #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA.
- *
- *                 #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA is returned when it
- *                 is not possible to read early data for the SSL context
- *                 \p ssl.
- *
- *                 It may have been possible and it is not possible
- *                 anymore because the server received the End of Early Data
- *                 message or the maximum number of allowed early data for the
- *                 PSK in use has been reached.
- *
- *                 It may never have been possible and will never be possible
- *                 for the SSL context \p ssl because the use of early data
- *                 is disabled for that context or more generally the context
- *                 is not suitably configured to enable early data or the
- *                 client does not use early data or the first call to the
- *                 function was done while the handshake was already too
- *                 advanced to gather and accept early data.
- *
- *                 It is not possible to read early data for the SSL context
- *                 \p ssl but this does not preclude for using it with
- *                 mbedtls_ssl_write(), mbedtls_ssl_read() or
- *                 mbedtls_ssl_handshake().
- *
- * \note           When a server wants to retrieve early data, it is expected
- *                 that this function starts the handshake for the SSL context
- *                 \p ssl. But this is not mandatory.
- *
+ * \return         The (positive) number of bytes read if successful.
+ * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
+ * \return         #MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA if it is not
+ *                 possible to read early data for the SSL context \p ssl. Note
+ *                 that this function is intended to be called for an SSL
+ *                 context \p ssl only after a call to mbedtls_ssl_handshake(),
+ *                 mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or
+ *                 mbedtls_ssl_write() for \p ssl that has returned
+ *                 #MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA.
  */
 int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
                                 unsigned char *buf, size_t len);
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 8cecbb625..f755ef304 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -463,18 +463,6 @@ const int *mbedtls_ssl_list_ciphersuites(void);
 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
 const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
 
-#if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
-psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
-#endif
-
-int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
-int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
-
 static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_ciphersuite_t *info)
 {
     return info->MBEDTLS_PRIVATE(name);
@@ -482,133 +470,6 @@ static inline const char *mbedtls_ssl_ciphersuite_get_name(const mbedtls_ssl_cip
 
 size_t mbedtls_ssl_ciphersuite_get_cipher_key_bitlen(const mbedtls_ssl_ciphersuite_t *info);
 
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_PSK:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
-
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
-    const mbedtls_ssl_ciphersuite_t *info)
-{
-    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
-        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
-        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1;
-
-        default:
-            return 0;
-    }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
-
 #ifdef __cplusplus
 }
 #endif
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index e2e06679b..be6361285 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -307,6 +307,7 @@ typedef struct mbedtls_x509_san_list {
 mbedtls_x509_san_list;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
+/** \} addtogroup x509_module */
 
 /**
  * \brief          Store the certificate DN in printable form into buf;
@@ -321,201 +322,7 @@ mbedtls_x509_san_list;
  */
 int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
 
-/**
- * \brief          Return the next relative DN in an X509 name.
- *
- * \note           Intended use is to compare function result to dn->next
- *                 in order to detect boundaries of multi-valued RDNs.
- *
- * \param dn       Current node in the X509 name
- *
- * \return         Pointer to the first attribute-value pair of the
- *                 next RDN in sequence, or NULL if end is reached.
- */
-static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
-    mbedtls_x509_name *dn)
-{
-    while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
-        dn = dn->next;
-    }
-    return dn->next;
-}
-
-/**
- * \brief          Store the certificate serial in printable form into buf;
- *                 no more than size characters will be written.
- *
- * \param buf      Buffer to write to
- * \param size     Maximum size of buffer
- * \param serial   The X509 serial to represent
- *
- * \return         The length of the string written (not including the
- *                 terminated nul byte), or a negative error code.
- */
-int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
-
-/**
- * \brief          Compare pair of mbedtls_x509_time.
- *
- * \param t1       mbedtls_x509_time to compare
- * \param t2       mbedtls_x509_time to compare
- *
- * \return         < 0 if t1 is before t2
- *                   0 if t1 equals t2
- *                 > 0 if t1 is after t2
- */
-int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
-
-#if defined(MBEDTLS_HAVE_TIME_DATE)
-/**
- * \brief          Fill mbedtls_x509_time with provided mbedtls_time_t.
- *
- * \param tt       mbedtls_time_t to convert
- * \param now      mbedtls_x509_time to fill with converted mbedtls_time_t
- *
- * \return         \c 0 on success
- * \return         A non-zero return value on failure.
- */
-int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now);
-#endif /* MBEDTLS_HAVE_TIME_DATE */
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the past.
- *
- * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param to       mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the past or an error occurred,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
-
-/**
- * \brief          Check a given mbedtls_x509_time against the system time
- *                 and tell if it's in the future.
- *
- * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
- *                 Hence the return value of 1 if on internal errors.
- *
- * \param from     mbedtls_x509_time to check
- *
- * \return         1 if the given time is in the future or an error occurred,
- *                 0 otherwise.
- */
-int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
-
-/**
- * \brief          This function parses an item in the SubjectAlternativeNames
- *                 extension. Please note that this function might allocate
- *                 additional memory for a subject alternative name, thus
- *                 mbedtls_x509_free_subject_alt_name has to be called
- *                 to dispose of this additional memory afterwards.
- *
- * \param san_buf  The buffer holding the raw data item of the subject
- *                 alternative name.
- * \param san      The target structure to populate with the parsed presentation
- *                 of the subject alternative name encoded in \p san_buf.
- *
- * \note           Supported GeneralName types, as defined in RFC 5280:
- *                 "rfc822Name", "dnsName", "directoryName",
- *                 "uniformResourceIdentifier" and "hardware_module_name"
- *                 of type "otherName", as defined in RFC 4108.
- *
- * \note           This function should be called on a single raw data of
- *                 subject alternative name. For example, after successful
- *                 certificate parsing, one must iterate on every item in the
- *                 \c crt->subject_alt_names sequence, and pass it to
- *                 this function.
- *
- * \warning        The target structure contains pointers to the raw data of the
- *                 parsed certificate, and its lifetime is restricted by the
- *                 lifetime of the certificate.
- *
- * \return         \c 0 on success
- * \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
- *                 SAN type.
- * \return         Another negative value for any other failure.
- */
-int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
-                                        mbedtls_x509_subject_alternative_name *san);
-/**
- * \brief          Unallocate all data related to subject alternative name
- *
- * \param san      SAN structure - extra memory owned by this structure will be freed
- */
-void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
-
-/** \} addtogroup x509_module */
-
-/*
- * Internal module functions. You probably do not want to use these unless you
- * know you do.
- */
-int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
-                          mbedtls_x509_name *cur);
-int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
-                              mbedtls_x509_buf *alg);
-int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
-                         mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
-                                       mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                       int *salt_len);
-#endif
-int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
-int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                             void **sig_opts);
-int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
-                          mbedtls_x509_time *t);
-int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
-                            mbedtls_x509_buf *serial);
-int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
-                         mbedtls_x509_buf *ext, int tag);
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                              mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                              const void *sig_opts);
-#endif
-int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
 int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name);
-int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                               int critical, const unsigned char *val,
-                               size_t val_len);
-int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
-                                  mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
-                             mbedtls_asn1_named_data *first);
-int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
-                           const char *oid, size_t oid_len,
-                           unsigned char *sig, size_t size,
-                           mbedtls_pk_type_t pk_alg);
-int mbedtls_x509_get_ns_cert_type(unsigned char **p,
-                                  const unsigned char *end,
-                                  unsigned char *ns_cert_type);
-int mbedtls_x509_get_key_usage(unsigned char **p,
-                               const unsigned char *end,
-                               unsigned int *key_usage);
-int mbedtls_x509_get_subject_alt_name(unsigned char **p,
-                                      const unsigned char *end,
-                                      mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
-                                          const unsigned char *end,
-                                          mbedtls_x509_sequence *subject_alt_name);
-int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
-                                       const mbedtls_x509_sequence
-                                       *subject_alt_name,
-                                       const char *prefix);
-int mbedtls_x509_info_cert_type(char **buf, size_t *size,
-                                unsigned char ns_cert_type);
-int mbedtls_x509_info_key_usage(char **buf, size_t *size,
-                                unsigned int key_usage);
-
-int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
-                                      const mbedtls_x509_san_list *san_list);
 
 /**
  * \brief          This function parses a CN string as an IP address.
@@ -547,4 +354,4 @@ size_t mbedtls_x509_crt_parse_cn_inet_pton(const char *cn, void *dst);
 }
 #endif
 
-#endif /* x509.h */
+#endif /* MBEDTLS_X509_H */
diff --git a/include/psa/crypto_config.h b/include/psa/crypto_config.h
index 5bf00f402..36e937ad3 100644
--- a/include/psa/crypto_config.h
+++ b/include/psa/crypto_config.h
@@ -109,6 +109,12 @@
 #define PSA_WANT_ECC_SECP_R1_384                1
 #define PSA_WANT_ECC_SECP_R1_521                1
 
+#define PSA_WANT_DH_RFC7919_2048                1
+#define PSA_WANT_DH_RFC7919_3072                1
+#define PSA_WANT_DH_RFC7919_4096                1
+#define PSA_WANT_DH_RFC7919_6144                1
+#define PSA_WANT_DH_RFC7919_8192                1
+
 #define PSA_WANT_KEY_TYPE_DERIVE                1
 #define PSA_WANT_KEY_TYPE_PASSWORD              1
 #define PSA_WANT_KEY_TYPE_PASSWORD_HASH         1
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index fc9bf4f0f..c67345bd2 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -1828,8 +1828,12 @@ psa_status_t psa_pake_abort(psa_pake_operation_t *operation);
 /** Returns a suitable initializer for a PAKE operation object of type
  * psa_pake_operation_t.
  */
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_PAKE_OPERATION_INIT { 0 }
+#else
 #define PSA_PAKE_OPERATION_INIT { 0, PSA_ALG_NONE, 0, PSA_PAKE_OPERATION_STAGE_SETUP, \
                                   { 0 }, { { 0 } } }
+#endif
 
 struct psa_pake_cipher_suite_s {
     psa_algorithm_t algorithm;
@@ -1957,6 +1961,9 @@ struct psa_jpake_computation_stage_s {
                                            ((round) == PSA_JPAKE_FIRST ? 2 : 1))
 
 struct psa_pake_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -1982,6 +1989,7 @@ struct psa_pake_operation_s {
         psa_driver_pake_context_t MBEDTLS_PRIVATE(ctx);
         psa_crypto_driver_pake_inputs_t MBEDTLS_PRIVATE(inputs);
     } MBEDTLS_PRIVATE(data);
+#endif
 };
 
 static inline struct psa_pake_cipher_suite_s psa_pake_cipher_suite_init(void)
diff --git a/include/psa/crypto_platform.h b/include/psa/crypto_platform.h
index 4d0343547..a871ee124 100644
--- a/include/psa/crypto_platform.h
+++ b/include/psa/crypto_platform.h
@@ -89,4 +89,14 @@ typedef struct {
 } mbedtls_psa_external_random_context_t;
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+/** The type of the client handle used in context structures
+ *
+ * When a client view of the multipart context structures is required,
+ * this handle is used to keep a mapping with the service side of the
+ * context which contains the actual data.
+ */
+typedef uint32_t mbedtls_psa_client_handle_t;
+#endif
+
 #endif /* PSA_CRYPTO_PLATFORM_H */
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 836c28cc2..635ee98f8 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -224,10 +224,20 @@
 #endif
 
 /* The maximum size of an DH key on this implementation, in bits.
- *
- * Note that an implementation may set different size limits for different
- * operations, and does not need to accept all key sizes up to the limit. */
+ * This is a vendor-specific macro.*/
+#if defined(PSA_WANT_DH_RFC7919_8192)
 #define PSA_VENDOR_FFDH_MAX_KEY_BITS 8192u
+#elif defined(PSA_WANT_DH_RFC7919_6144)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 6144u
+#elif defined(PSA_WANT_DH_RFC7919_4096)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 4096u
+#elif defined(PSA_WANT_DH_RFC7919_3072)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 3072u
+#elif defined(PSA_WANT_DH_RFC7919_2048)
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 2048u
+#else
+#define PSA_VENDOR_FFDH_MAX_KEY_BITS 0u
+#endif
 
 /* The maximum size of an ECC key on this implementation, in bits.
  * This is a vendor-specific macro. */
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 3a196182a..34d072ba8 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -68,6 +68,9 @@ extern "C" {
 #include "psa/crypto_driver_contexts_primitives.h"
 
 struct psa_hash_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -76,9 +79,13 @@ struct psa_hash_operation_s {
      * any driver (i.e. the driver context is not active, in use). */
     unsigned int MBEDTLS_PRIVATE(id);
     psa_driver_hash_context_t MBEDTLS_PRIVATE(ctx);
+#endif
 };
-
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_HASH_OPERATION_INIT { 0 }
+#else
 #define PSA_HASH_OPERATION_INIT { 0, { 0 } }
+#endif
 static inline struct psa_hash_operation_s psa_hash_operation_init(void)
 {
     const struct psa_hash_operation_s v = PSA_HASH_OPERATION_INIT;
@@ -86,6 +93,9 @@ static inline struct psa_hash_operation_s psa_hash_operation_init(void)
 }
 
 struct psa_cipher_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -100,9 +110,14 @@ struct psa_cipher_operation_s {
     uint8_t MBEDTLS_PRIVATE(default_iv_length);
 
     psa_driver_cipher_context_t MBEDTLS_PRIVATE(ctx);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_CIPHER_OPERATION_INIT { 0 }
+#else
 #define PSA_CIPHER_OPERATION_INIT { 0, 0, 0, 0, { 0 } }
+#endif
 static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
 {
     const struct psa_cipher_operation_s v = PSA_CIPHER_OPERATION_INIT;
@@ -114,6 +129,9 @@ static inline struct psa_cipher_operation_s psa_cipher_operation_init(void)
 #include "psa/crypto_driver_contexts_composites.h"
 
 struct psa_mac_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -124,9 +142,14 @@ struct psa_mac_operation_s {
     uint8_t MBEDTLS_PRIVATE(mac_size);
     unsigned int MBEDTLS_PRIVATE(is_sign) : 1;
     psa_driver_mac_context_t MBEDTLS_PRIVATE(ctx);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_MAC_OPERATION_INIT { 0 }
+#else
 #define PSA_MAC_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
 static inline struct psa_mac_operation_s psa_mac_operation_init(void)
 {
     const struct psa_mac_operation_s v = PSA_MAC_OPERATION_INIT;
@@ -134,7 +157,9 @@ static inline struct psa_mac_operation_s psa_mac_operation_init(void)
 }
 
 struct psa_aead_operation_s {
-
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -156,9 +181,14 @@ struct psa_aead_operation_s {
     unsigned int MBEDTLS_PRIVATE(is_encrypt) : 1;
 
     psa_driver_aead_context_t MBEDTLS_PRIVATE(ctx);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_AEAD_OPERATION_INIT { 0 }
+#else
 #define PSA_AEAD_OPERATION_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, { 0 } }
+#endif
 static inline struct psa_aead_operation_s psa_aead_operation_init(void)
 {
     const struct psa_aead_operation_s v = PSA_AEAD_OPERATION_INIT;
@@ -170,14 +200,22 @@ static inline struct psa_aead_operation_s psa_aead_operation_init(void)
 #include "psa/crypto_driver_contexts_key_derivation.h"
 
 struct psa_key_derivation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     psa_algorithm_t MBEDTLS_PRIVATE(alg);
     unsigned int MBEDTLS_PRIVATE(can_output_key) : 1;
     size_t MBEDTLS_PRIVATE(capacity);
     psa_driver_key_derivation_context_t MBEDTLS_PRIVATE(ctx);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_KEY_DERIVATION_OPERATION_INIT { 0 }
+#else
 /* This only zeroes out the first byte in the union, the rest is unspecified. */
 #define PSA_KEY_DERIVATION_OPERATION_INIT { 0, 0, 0, { 0 } }
+#endif
 static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
     void)
 {
@@ -239,18 +277,28 @@ typedef struct {
     psa_key_type_t MBEDTLS_PRIVATE(type);
     psa_key_bits_t MBEDTLS_PRIVATE(bits);
     psa_key_lifetime_t MBEDTLS_PRIVATE(lifetime);
-    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
     psa_key_policy_t MBEDTLS_PRIVATE(policy);
     psa_key_attributes_flag_t MBEDTLS_PRIVATE(flags);
+    /* This type has a different layout in the client view wrt the
+     * service view of the key id, i.e. in service view usually is
+     * expected to have MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined
+     * thus adding an owner field to the standard psa_key_id_t. For
+     * implementations with client/service separation, this means the
+     * object will be marshalled through a transport channel and
+     * interpreted differently at each side of the transport. Placing
+     * it at the end of structures allows to interpret the structure
+     * at the client without reorganizing the memory layout of the
+     * struct
+     */
+    mbedtls_svc_key_id_t MBEDTLS_PRIVATE(id);
 } psa_core_key_attributes_t;
 
 #define PSA_CORE_KEY_ATTRIBUTES_INIT { PSA_KEY_TYPE_NONE, 0,            \
                                        PSA_KEY_LIFETIME_VOLATILE,       \
-                                       MBEDTLS_SVC_KEY_ID_INIT,         \
-                                       PSA_KEY_POLICY_INIT, 0 }
+                                       PSA_KEY_POLICY_INIT, 0,          \
+                                       MBEDTLS_SVC_KEY_ID_INIT }
 
 struct psa_key_attributes_s {
-    psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
     psa_key_slot_number_t MBEDTLS_PRIVATE(slot_number);
 #endif /* MBEDTLS_PSA_CRYPTO_SE_C */
@@ -268,12 +316,19 @@ struct psa_key_attributes_s {
      */
     void *MBEDTLS_PRIVATE(domain_parameters);
     size_t MBEDTLS_PRIVATE(domain_parameters_size);
+    /* With client/service separation, struct psa_key_attributes_s is
+     * marshalled through a transport channel between the client and
+     * service side implementation of the PSA Crypto APIs, thus having
+     * the mbedtls_svc_key_id_t id as the last field of this structure
+     * allows for a more efficient marshalling/unmarshalling of parameters
+     */
+    psa_core_key_attributes_t MBEDTLS_PRIVATE(core);
 };
 
 #if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, 0, NULL, 0 }
+#define PSA_KEY_ATTRIBUTES_INIT { 0, NULL, 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
 #else
-#define PSA_KEY_ATTRIBUTES_INIT { PSA_CORE_KEY_ATTRIBUTES_INIT, NULL, 0 }
+#define PSA_KEY_ATTRIBUTES_INIT { NULL, 0, PSA_CORE_KEY_ATTRIBUTES_INIT }
 #endif
 
 static inline struct psa_key_attributes_s psa_key_attributes_init(void)
@@ -417,6 +472,9 @@ static inline size_t psa_get_key_bits(
  * \brief The context for PSA interruptible hash signing.
  */
 struct psa_sign_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -430,9 +488,14 @@ struct psa_sign_hash_interruptible_operation_s {
     unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
 
     uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
 #define PSA_SIGN_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
 
 static inline struct psa_sign_hash_interruptible_operation_s
 psa_sign_hash_interruptible_operation_init(void)
@@ -447,6 +510,9 @@ psa_sign_hash_interruptible_operation_init(void)
  * \brief The context for PSA interruptible hash verification.
  */
 struct psa_verify_hash_interruptible_operation_s {
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+    mbedtls_psa_client_handle_t handle;
+#else
     /** Unique ID indicating which driver got assigned to do the
      * operation. Since driver contexts are driver-specific, swapping
      * drivers halfway through the operation is not supported.
@@ -460,9 +526,14 @@ struct psa_verify_hash_interruptible_operation_s {
     unsigned int MBEDTLS_PRIVATE(error_occurred) : 1;
 
     uint32_t MBEDTLS_PRIVATE(num_ops);
+#endif
 };
 
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0 }
+#else
 #define PSA_VERIFY_HASH_INTERRUPTIBLE_OPERATION_INIT { 0, { 0 }, 0, 0 }
+#endif
 
 static inline struct psa_verify_hash_interruptible_operation_s
 psa_verify_hash_interruptible_operation_init(void)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index b6ea73e90..47ecf17be 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -231,7 +231,7 @@ if(HAIKU)
 endif(HAIKU)
 
 if(LINK_WITH_PTHREAD)
-    set(libs ${libs} pthread)
+    set(libs ${libs} ${CMAKE_THREAD_LIBS_INIT})
 endif()
 
 if(LINK_WITH_TRUSTED_STORAGE)
diff --git a/library/alignment.h b/library/alignment.h
index 248f29bc7..a17001dd9 100644
--- a/library/alignment.h
+++ b/library/alignment.h
@@ -53,28 +53,45 @@ typedef uint16_t __packed mbedtls_uint16_unaligned_t;
 typedef uint32_t __packed mbedtls_uint32_unaligned_t;
 typedef uint64_t __packed mbedtls_uint64_unaligned_t;
 #elif defined(MBEDTLS_COMPILER_IS_GCC) && (MBEDTLS_GCC_VERSION >= 40504) && \
-    ((MBEDTLS_GCC_VERSION < 90300) || (!defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)))
+    ((MBEDTLS_GCC_VERSION < 60300) || (!defined(MBEDTLS_EFFICIENT_UNALIGNED_ACCESS)))
 /*
- * Old versions of gcc, depending on how the target is specified, may generate a branch to memcpy
- * for calls like `memcpy(dest, src, 4)` rather than generating some LDR or LDRB instructions
- * (similar for stores).
- * Recent versions where unaligned access is not enabled also do this.
+ * gcc may generate a branch to memcpy for calls like `memcpy(dest, src, 4)` rather than
+ * generating some LDR or LDRB instructions (similar for stores).
+ *
+ * This is architecture dependent: x86-64 seems fine even with old gcc; 32-bit Arm
+ * is affected. To keep it simple, we enable for all architectures.
+ *
+ * For versions of gcc < 5.4.0 this issue always happens.
+ * For gcc < 6.3.0, this issue happens at -O0
+ * For all versions, this issue happens iff unaligned access is not supported.
+ *
+ * For gcc 4.x, this implementation will generate byte-by-byte loads even if unaligned access is
+ * supported, which is correct but not optimal.
  *
  * For performance (and code size, in some cases), we want to avoid the branch and just generate
  * some inline load/store instructions since the access is small and constant-size.
  *
  * The manual states:
- * "The aligned attribute specifies a minimum alignment for the variable or structure field,
- * measured in bytes."
- * https://gcc.gnu.org/onlinedocs/gcc/Common-Variable-Attributes.html
+ * "The packed attribute specifies that a variable or structure field should have the smallest
+ *  possible alignment—one byte for a variable"
+ * https://gcc.gnu.org/onlinedocs/gcc-4.5.4/gcc/Variable-Attributes.html
  *
- * Tested with several versions of GCC from 4.5.0 up to 9.3.0
+ * Previous implementations used __attribute__((__aligned__(1)), but had issues with a gcc bug:
+ * https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662
+ *
+ * Tested with several versions of GCC from 4.5.0 up to 13.2.0
  * We don't enable for older than 4.5.0 as this has not been tested.
  */
- #define UINT_UNALIGNED
-typedef uint16_t __attribute__((__aligned__(1))) mbedtls_uint16_unaligned_t;
-typedef uint32_t __attribute__((__aligned__(1))) mbedtls_uint32_unaligned_t;
-typedef uint64_t __attribute__((__aligned__(1))) mbedtls_uint64_unaligned_t;
+ #define UINT_UNALIGNED_STRUCT
+typedef struct {
+    uint16_t x;
+} __attribute__((packed)) mbedtls_uint16_unaligned_t;
+typedef struct {
+    uint32_t x;
+} __attribute__((packed)) mbedtls_uint32_unaligned_t;
+typedef struct {
+    uint64_t x;
+} __attribute__((packed)) mbedtls_uint64_unaligned_t;
  #endif
 
 /*
@@ -101,6 +118,9 @@ static inline uint16_t mbedtls_get_unaligned_uint16(const void *p)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p;
     r = *p16;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p;
+    r = p16->x;
 #else
     memcpy(&r, p, sizeof(r));
 #endif
@@ -124,6 +144,9 @@ static inline void mbedtls_put_unaligned_uint16(void *p, uint16_t x)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p;
     *p16 = x;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint16_unaligned_t *p16 = (mbedtls_uint16_unaligned_t *) p;
+    p16->x = x;
 #else
     memcpy(p, &x, sizeof(x));
 #endif
@@ -147,6 +170,9 @@ static inline uint32_t mbedtls_get_unaligned_uint32(const void *p)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p;
     r = *p32;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p;
+    r = p32->x;
 #else
     memcpy(&r, p, sizeof(r));
 #endif
@@ -170,6 +196,9 @@ static inline void mbedtls_put_unaligned_uint32(void *p, uint32_t x)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p;
     *p32 = x;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint32_unaligned_t *p32 = (mbedtls_uint32_unaligned_t *) p;
+    p32->x = x;
 #else
     memcpy(p, &x, sizeof(x));
 #endif
@@ -193,6 +222,9 @@ static inline uint64_t mbedtls_get_unaligned_uint64(const void *p)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p;
     r = *p64;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p;
+    r = p64->x;
 #else
     memcpy(&r, p, sizeof(r));
 #endif
@@ -216,6 +248,9 @@ static inline void mbedtls_put_unaligned_uint64(void *p, uint64_t x)
 #if defined(UINT_UNALIGNED)
     mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p;
     *p64 = x;
+#elif defined(UINT_UNALIGNED_STRUCT)
+    mbedtls_uint64_unaligned_t *p64 = (mbedtls_uint64_unaligned_t *) p;
+    p64->x = x;
 #else
     memcpy(p, &x, sizeof(x));
 #endif
diff --git a/library/aria.c b/library/aria.c
index ba1257875..d9f84cc59 100644
--- a/library/aria.c
+++ b/library/aria.c
@@ -25,12 +25,6 @@
 
 #include "mbedtls/platform_util.h"
 
-/* Parameter validation macros */
-#define ARIA_VALIDATE_RET(cond)                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ARIA_BAD_INPUT_DATA)
-#define ARIA_VALIDATE(cond)                                           \
-    MBEDTLS_INTERNAL_VALIDATE(cond)
-
 /*
  * modify byte order: ( A B C D ) -> ( B A D C ), i.e. swap pairs of bytes
  *
@@ -363,8 +357,6 @@ int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
 
     int i;
     uint32_t w[4][4], *w2;
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(key != NULL);
 
     if (keybits != 128 && keybits != 192 && keybits != 256) {
         return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
@@ -418,8 +410,6 @@ int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
                             const unsigned char *key, unsigned int keybits)
 {
     int i, j, k, ret;
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(key != NULL);
 
     ret = mbedtls_aria_setkey_enc(ctx, key, keybits);
     if (ret != 0) {
@@ -455,9 +445,6 @@ int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
     int i;
 
     uint32_t a, b, c, d;
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(input != NULL);
-    ARIA_VALIDATE_RET(output != NULL);
 
     a = MBEDTLS_GET_UINT32_LE(input,  0);
     b = MBEDTLS_GET_UINT32_LE(input,  4);
@@ -505,7 +492,6 @@ int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
 /* Initialize context */
 void mbedtls_aria_init(mbedtls_aria_context *ctx)
 {
-    ARIA_VALIDATE(ctx != NULL);
     memset(ctx, 0, sizeof(mbedtls_aria_context));
 }
 
@@ -532,12 +518,9 @@ int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
 {
     unsigned char temp[MBEDTLS_ARIA_BLOCKSIZE];
 
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
-                      mode == MBEDTLS_ARIA_DECRYPT);
-    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
-    ARIA_VALIDATE_RET(length == 0 || output != NULL);
-    ARIA_VALIDATE_RET(iv != NULL);
+    if ((mode != MBEDTLS_ARIA_ENCRYPT) && (mode != MBEDTLS_ARIA_DECRYPT)) {
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
     if (length % MBEDTLS_ARIA_BLOCKSIZE) {
         return MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH;
@@ -588,19 +571,14 @@ int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
     unsigned char c;
     size_t n;
 
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(mode == MBEDTLS_ARIA_ENCRYPT ||
-                      mode == MBEDTLS_ARIA_DECRYPT);
-    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
-    ARIA_VALIDATE_RET(length == 0 || output != NULL);
-    ARIA_VALIDATE_RET(iv != NULL);
-    ARIA_VALIDATE_RET(iv_off != NULL);
+    if ((mode != MBEDTLS_ARIA_ENCRYPT) && (mode != MBEDTLS_ARIA_DECRYPT)) {
+        return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
+    }
 
     n = *iv_off;
 
     /* An overly large value of n can lead to an unlimited
-     * buffer overflow. Therefore, guard against this
-     * outside of parameter validation. */
+     * buffer overflow. */
     if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
         return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
     }
@@ -650,17 +628,9 @@ int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
     int c, i;
     size_t n;
 
-    ARIA_VALIDATE_RET(ctx != NULL);
-    ARIA_VALIDATE_RET(length == 0 || input  != NULL);
-    ARIA_VALIDATE_RET(length == 0 || output != NULL);
-    ARIA_VALIDATE_RET(nonce_counter != NULL);
-    ARIA_VALIDATE_RET(stream_block  != NULL);
-    ARIA_VALIDATE_RET(nc_off != NULL);
-
     n = *nc_off;
     /* An overly large value of n can lead to an unlimited
-     * buffer overflow. Therefore, guard against this
-     * outside of parameter validation. */
+     * buffer overflow. */
     if (n >= MBEDTLS_ARIA_BLOCKSIZE) {
         return MBEDTLS_ERR_ARIA_BAD_INPUT_DATA;
     }
diff --git a/library/asn1parse.c b/library/asn1parse.c
index c02b233ec..e33fdf71d 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@@ -7,7 +7,8 @@
 
 #include "common.h"
 
-#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C) || defined(MBEDTLS_X509_CREATE_C) || \
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 
 #include "mbedtls/asn1.h"
 #include "mbedtls/platform_util.h"
@@ -73,7 +74,7 @@ int mbedtls_asn1_get_tag(unsigned char **p,
 
     return mbedtls_asn1_get_len(p, end, len);
 }
-#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C */
+#endif /* MBEDTLS_ASN1_PARSE_C || MBEDTLS_X509_CREATE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 int mbedtls_asn1_get_bool(unsigned char **p,
diff --git a/library/asn1write.c b/library/asn1write.c
index 114091d63..775a9ef53 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -7,7 +7,8 @@
 
 #include "common.h"
 
-#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C)
+#if defined(MBEDTLS_ASN1_WRITE_C) || defined(MBEDTLS_X509_USE_C) || \
+    defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
 
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
@@ -62,7 +63,7 @@ int mbedtls_asn1_write_tag(unsigned char **p, const unsigned char *start, unsign
 
     return 1;
 }
-#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C */
+#endif /* MBEDTLS_ASN1_WRITE_C || MBEDTLS_X509_USE_C || MBEDTLS_PSA_UTIL_HAVE_ECDSA */
 
 #if defined(MBEDTLS_ASN1_WRITE_C)
 static int mbedtls_asn1_write_len_and_tag(unsigned char **p,
diff --git a/library/bignum.c b/library/bignum.c
index 1869137c4..d3d72ab74 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -37,11 +37,6 @@
 
 #include "mbedtls/platform.h"
 
-#define MPI_VALIDATE_RET(cond)                                       \
-    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_MPI_BAD_INPUT_DATA)
-#define MPI_VALIDATE(cond)                                           \
-    MBEDTLS_INTERNAL_VALIDATE(cond)
-
 /*
  * Compare signed values in constant time
  */
@@ -51,10 +46,6 @@ int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
 {
     mbedtls_ct_condition_t different_sign, X_is_negative, Y_is_negative, result;
 
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
-    MPI_VALIDATE_RET(ret != NULL);
-
     if (X->n != Y->n) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
@@ -115,8 +106,6 @@ int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
                                  unsigned char assign)
 {
     int ret = 0;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
 
@@ -149,8 +138,6 @@ int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
 {
     int ret = 0;
     int s;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
 
     if (X == Y) {
         return 0;
@@ -179,8 +166,6 @@ cleanup:
  */
 void mbedtls_mpi_init(mbedtls_mpi *X)
 {
-    MPI_VALIDATE(X != NULL);
-
     X->s = 1;
     X->n = 0;
     X->p = NULL;
@@ -210,7 +195,6 @@ void mbedtls_mpi_free(mbedtls_mpi *X)
 int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs)
 {
     mbedtls_mpi_uint *p;
-    MPI_VALIDATE_RET(X != NULL);
 
     if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
         return MBEDTLS_ERR_MPI_ALLOC_FAILED;
@@ -243,7 +227,6 @@ int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs)
 {
     mbedtls_mpi_uint *p;
     size_t i;
-    MPI_VALIDATE_RET(X != NULL);
 
     if (nblimbs > MBEDTLS_MPI_MAX_LIMBS) {
         return MBEDTLS_ERR_MPI_ALLOC_FAILED;
@@ -312,8 +295,6 @@ int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     int ret = 0;
     size_t i;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
 
     if (X == Y) {
         return 0;
@@ -355,8 +336,6 @@ cleanup:
 void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y)
 {
     mbedtls_mpi T;
-    MPI_VALIDATE(X != NULL);
-    MPI_VALIDATE(Y != NULL);
 
     memcpy(&T,  X, sizeof(mbedtls_mpi));
     memcpy(X,  Y, sizeof(mbedtls_mpi));
@@ -385,7 +364,6 @@ static inline mbedtls_mpi_uint mpi_sint_abs(mbedtls_mpi_sint z)
 int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET(X != NULL);
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, 1));
     memset(X->p, 0, X->n * ciL);
@@ -403,8 +381,6 @@ cleanup:
  */
 int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos)
 {
-    MPI_VALIDATE_RET(X != NULL);
-
     if (X->n * biL <= pos) {
         return 0;
     }
@@ -420,7 +396,6 @@ int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val)
     int ret = 0;
     size_t off = pos / biL;
     size_t idx = pos % biL;
-    MPI_VALIDATE_RET(X != NULL);
 
     if (val != 0 && val != 1) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -448,7 +423,6 @@ cleanup:
 size_t mbedtls_mpi_lsb(const mbedtls_mpi *X)
 {
     size_t i;
-    MBEDTLS_INTERNAL_VALIDATE_RET(X != NULL, 0);
 
 #if defined(__has_builtin)
 #if (MBEDTLS_MPI_UINT_MAX == UINT_MAX) && __has_builtin(__builtin_ctz)
@@ -530,8 +504,6 @@ int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s)
     int sign = 1;
     mbedtls_mpi_uint d;
     mbedtls_mpi T;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(s != NULL);
 
     if (radix < 2 || radix > 16) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -634,9 +606,6 @@ int mbedtls_mpi_write_string(const mbedtls_mpi *X, int radix,
     size_t n;
     char *p;
     mbedtls_mpi T;
-    MPI_VALIDATE_RET(X    != NULL);
-    MPI_VALIDATE_RET(olen != NULL);
-    MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
 
     if (radix < 2 || radix > 16) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -726,9 +695,6 @@ int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin)
      */
     char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
 
-    MPI_VALIDATE_RET(X   != NULL);
-    MPI_VALIDATE_RET(fin != NULL);
-
     if (radix < 2 || radix > 16) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
@@ -772,7 +738,6 @@ int mbedtls_mpi_write_file(const char *p, const mbedtls_mpi *X, int radix, FILE
      * newline characters and '\0'
      */
     char s[MBEDTLS_MPI_RW_BUFFER_SIZE];
-    MPI_VALIDATE_RET(X != NULL);
 
     if (radix < 2 || radix > 16) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -844,9 +809,6 @@ int mbedtls_mpi_read_binary(mbedtls_mpi *X, const unsigned char *buf, size_t buf
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t limbs = CHARS_TO_LIMBS(buflen);
 
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(buflen == 0 || buf != NULL);
-
     /* Ensure that target MPI has exactly the necessary number of limbs */
     MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
 
@@ -887,7 +849,6 @@ int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t i;
-    MPI_VALIDATE_RET(X != NULL);
 
     i = mbedtls_mpi_bitlen(X) + count;
 
@@ -908,7 +869,6 @@ cleanup:
  */
 int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)
 {
-    MPI_VALIDATE_RET(X != NULL);
     if (X->n != 0) {
         mbedtls_mpi_core_shift_r(X->p, X->n, count);
     }
@@ -921,8 +881,6 @@ int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count)
 int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     size_t i, j;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
 
     for (i = X->n; i > 0; i--) {
         if (X->p[i - 1] != 0) {
@@ -964,8 +922,6 @@ int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y)
 int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y)
 {
     size_t i, j;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(Y != NULL);
 
     for (i = X->n; i > 0; i--) {
         if (X->p[i - 1] != 0) {
@@ -1016,7 +972,6 @@ int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z)
 {
     mbedtls_mpi Y;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET(X != NULL);
 
     *p  = mpi_sint_abs(z);
     Y.s = TO_SIGN(z);
@@ -1035,9 +990,6 @@ int mbedtls_mpi_add_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
     size_t j;
     mbedtls_mpi_uint *p;
     mbedtls_mpi_uint c;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     if (X == B) {
         const mbedtls_mpi *T = A; A = X; B = T;
@@ -1098,9 +1050,6 @@ int mbedtls_mpi_sub_abs(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     size_t n;
     mbedtls_mpi_uint carry;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     for (n = B->n; n > 0; n--) {
         if (B->p[n - 1] != 0) {
@@ -1152,9 +1101,6 @@ static int add_sub_mpi(mbedtls_mpi *X,
                        int flip_B)
 {
     int ret, s;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     s = A->s;
     if (A->s * B->s * flip_B < 0) {
@@ -1203,8 +1149,6 @@ int mbedtls_mpi_add_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
 
     p[0] = mpi_sint_abs(b);
     B.s = TO_SIGN(b);
@@ -1221,8 +1165,6 @@ int mbedtls_mpi_sub_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
 
     p[0] = mpi_sint_abs(b);
     B.s = TO_SIGN(b);
@@ -1241,9 +1183,6 @@ int mbedtls_mpi_mul_mpi(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
     size_t i, j;
     mbedtls_mpi TA, TB;
     int result_is_zero = 0;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     mbedtls_mpi_init(&TA);
     mbedtls_mpi_init(&TB);
@@ -1300,9 +1239,6 @@ cleanup:
  */
 int mbedtls_mpi_mul_int(mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b)
 {
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-
     size_t n = A->n;
     while (n > 0 && A->p[n - 1] == 0) {
         --n;
@@ -1448,8 +1384,6 @@ int mbedtls_mpi_div_mpi(mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
     size_t i, n, t, k;
     mbedtls_mpi X, Y, Z, T1, T2;
     mbedtls_mpi_uint TP2[3];
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     if (mbedtls_mpi_cmp_int(B, 0) == 0) {
         return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
@@ -1572,7 +1506,6 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R,
 {
     mbedtls_mpi B;
     mbedtls_mpi_uint p[1];
-    MPI_VALIDATE_RET(A != NULL);
 
     p[0] = mpi_sint_abs(b);
     B.s = TO_SIGN(b);
@@ -1588,9 +1521,6 @@ int mbedtls_mpi_div_int(mbedtls_mpi *Q, mbedtls_mpi *R,
 int mbedtls_mpi_mod_mpi(mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    MPI_VALIDATE_RET(R != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
 
     if (mbedtls_mpi_cmp_int(B, 0) < 0) {
         return MBEDTLS_ERR_MPI_NEGATIVE_VALUE;
@@ -1618,8 +1548,6 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s
 {
     size_t i;
     mbedtls_mpi_uint x, y, z;
-    MPI_VALIDATE_RET(r != NULL);
-    MPI_VALIDATE_RET(A != NULL);
 
     if (b == 0) {
         return MBEDTLS_ERR_MPI_DIVISION_BY_ZERO;
@@ -1763,11 +1691,6 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
     mbedtls_mpi RR, T, W[(size_t) 1 << MBEDTLS_MPI_WINDOW_SIZE], WW, Apos;
     int neg;
 
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(E != NULL);
-    MPI_VALIDATE_RET(N != NULL);
-
     if (mbedtls_mpi_cmp_int(N, 0) <= 0 || (N->p[0] & 1) == 0) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
@@ -2054,10 +1977,6 @@ int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B)
     size_t lz, lzt;
     mbedtls_mpi TA, TB;
 
-    MPI_VALIDATE_RET(G != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(B != NULL);
-
     mbedtls_mpi_init(&TA); mbedtls_mpi_init(&TB);
 
     MBEDTLS_MPI_CHK(mbedtls_mpi_copy(&TA, A));
@@ -2168,9 +2087,6 @@ int mbedtls_mpi_fill_random(mbedtls_mpi *X, size_t size,
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     const size_t limbs = CHARS_TO_LIMBS(size);
 
-    MPI_VALIDATE_RET(X     != NULL);
-    MPI_VALIDATE_RET(f_rng != NULL);
-
     /* Ensure that target MPI has exactly the necessary number of limbs */
     MBEDTLS_MPI_CHK(mbedtls_mpi_resize_clear(X, limbs));
     if (size == 0) {
@@ -2214,9 +2130,6 @@ int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi G, TA, TU, U1, U2, TB, TV, V1, V2;
-    MPI_VALIDATE_RET(X != NULL);
-    MPI_VALIDATE_RET(A != NULL);
-    MPI_VALIDATE_RET(N != NULL);
 
     if (mbedtls_mpi_cmp_int(N, 1) <= 0) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
@@ -2372,9 +2285,6 @@ static int mpi_miller_rabin(const mbedtls_mpi *X, size_t rounds,
     size_t i, j, k, s;
     mbedtls_mpi W, R, T, A, RR;
 
-    MPI_VALIDATE_RET(X     != NULL);
-    MPI_VALIDATE_RET(f_rng != NULL);
-
     mbedtls_mpi_init(&W); mbedtls_mpi_init(&R);
     mbedtls_mpi_init(&T); mbedtls_mpi_init(&A);
     mbedtls_mpi_init(&RR);
@@ -2462,8 +2372,6 @@ int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X, int rounds,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_mpi XX;
-    MPI_VALIDATE_RET(X     != NULL);
-    MPI_VALIDATE_RET(f_rng != NULL);
 
     XX.s = 1;
     XX.n = X->n;
@@ -2513,9 +2421,6 @@ int mbedtls_mpi_gen_prime(mbedtls_mpi *X, size_t nbits, int flags,
     mbedtls_mpi_uint r;
     mbedtls_mpi Y;
 
-    MPI_VALIDATE_RET(X     != NULL);
-    MPI_VALIDATE_RET(f_rng != NULL);
-
     if (nbits < 3 || nbits > MBEDTLS_MPI_MAX_BITS) {
         return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
     }
diff --git a/library/debug.c b/library/debug.c
index a9d58e55b..c36ed3c5c 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -11,7 +11,7 @@
 
 #include "mbedtls/platform.h"
 
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 
 #include <stdarg.h>
diff --git a/library/debug_internal.h b/library/debug_internal.h
new file mode 100644
index 000000000..4523b4633
--- /dev/null
+++ b/library/debug_internal.h
@@ -0,0 +1,172 @@
+/**
+ * \file debug_internal.h
+ *
+ * \brief Internal part of the public "debug.h".
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_DEBUG_INTERNAL_H
+#define MBEDTLS_DEBUG_INTERNAL_H
+
+#include "mbedtls/debug.h"
+
+/**
+ * \brief    Print a message to the debug output. This function is always used
+ *          through the MBEDTLS_SSL_DEBUG_MSG() macro, which supplies the ssl
+ *          context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the message has occurred in
+ * \param line      line number the message has occurred at
+ * \param format    format specifier, in printf format
+ * \param ...       variables used by the format specifier
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *format, ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
+
+/**
+ * \brief   Print the return value of a function to the debug output. This
+ *          function is always used through the MBEDTLS_SSL_DEBUG_RET() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      the name of the function that returned the error
+ * \param ret       the return code value
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, int ret);
+
+/**
+ * \brief   Output a buffer of size len bytes to the debug output. This function
+ *          is always used through the MBEDTLS_SSL_DEBUG_BUF() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the buffer being dumped. Normally the
+ *                  variable or buffer name
+ * \param buf       the buffer to be outputted
+ * \param len       length of the buffer
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line, const char *text,
+                             const unsigned char *buf, size_t len);
+
+#if defined(MBEDTLS_BIGNUM_C)
+/**
+ * \brief   Print a MPI variable to the debug output. This function is always
+ *          used through the MBEDTLS_SSL_DEBUG_MPI() macro, which supplies the
+ *          ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the MPI being output. Normally the
+ *                  variable name
+ * \param X         the MPI variable
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_mpi *X);
+#endif
+
+#if defined(MBEDTLS_ECP_LIGHT)
+/**
+ * \brief   Print an ECP point to the debug output. This function is always
+ *          used through the MBEDTLS_SSL_DEBUG_ECP() macro, which supplies the
+ *          ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the ECP point being output. Normally the
+ *                  variable name
+ * \param X         the ECP point
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_ecp_point *X);
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
+/**
+ * \brief   Print a X.509 certificate structure to the debug output. This
+ *          function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,
+ *          which supplies the ssl context, file and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param text      a name or label for the certificate being output
+ * \param crt       X.509 certificate structure
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl, int level,
+                             const char *file, int line,
+                             const char *text, const mbedtls_x509_crt *crt);
+#endif
+
+/* Note: the MBEDTLS_ECDH_C guard here is mandatory because this debug function
+         only works for the built-in implementation. */
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) && \
+    defined(MBEDTLS_ECDH_C)
+typedef enum {
+    MBEDTLS_DEBUG_ECDH_Q,
+    MBEDTLS_DEBUG_ECDH_QP,
+    MBEDTLS_DEBUG_ECDH_Z,
+} mbedtls_debug_ecdh_attr;
+
+/**
+ * \brief   Print a field of the ECDH structure in the SSL context to the debug
+ *          output. This function is always used through the
+ *          MBEDTLS_SSL_DEBUG_ECDH() macro, which supplies the ssl context, file
+ *          and line number parameters.
+ *
+ * \param ssl       SSL context
+ * \param level     error level of the debug message
+ * \param file      file the error has occurred in
+ * \param line      line number the error has occurred in
+ * \param ecdh      the ECDH context
+ * \param attr      the identifier of the attribute being output
+ *
+ * \attention       This function is intended for INTERNAL usage within the
+ *                  library only.
+ */
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl, int level,
+                               const char *file, int line,
+                               const mbedtls_ecdh_context *ecdh,
+                               mbedtls_debug_ecdh_attr attr);
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED &&
+          MBEDTLS_ECDH_C */
+
+#endif /* MBEDTLS_DEBUG_INTERNAL_H */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index 577e23b7a..c3cd33f47 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -23,12 +23,6 @@
 
 #if !defined(MBEDTLS_ECP_ALT)
 
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET(cond)    \
-    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
-#define ECP_VALIDATE(cond)        \
-    MBEDTLS_INTERNAL_VALIDATE(cond)
-
 #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) }
 
 #define ECP_MPI_INIT_ARRAY(x)   \
@@ -52,7 +46,7 @@
     defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
 /* For these curves, we build the group parameters dynamically. */
 #define ECP_LOAD_GROUP
-static mbedtls_mpi_uint mpi_one[] = { 1 };
+static const mbedtls_mpi_uint mpi_one[] = { 1 };
 #endif
 
 /*
@@ -4511,7 +4505,7 @@ static inline void ecp_mpi_set1(mbedtls_mpi *X)
 {
     X->s = 1;
     X->n = 1;
-    X->p = mpi_one;
+    X->p = (mbedtls_mpi_uint *) mpi_one; /* X->p will not be modified so the cast is safe */
 }
 
 /*
@@ -4722,7 +4716,6 @@ cleanup:
  */
 int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
 {
-    ECP_VALIDATE_RET(grp != NULL);
     mbedtls_ecp_group_free(grp);
 
     mbedtls_ecp_group_init(grp);
@@ -5318,7 +5311,7 @@ cleanup:
  */
 #define P_KOBLITZ_MAX   (256 / 8 / sizeof(mbedtls_mpi_uint))      // Max limbs in P
 #define P_KOBLITZ_R     (8 / sizeof(mbedtls_mpi_uint))            // Limbs in R
-static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p_limbs,
+static inline int ecp_mod_koblitz(mbedtls_mpi *N, const mbedtls_mpi_uint *Rp, size_t p_limbs,
                                   size_t adjust, size_t shift, mbedtls_mpi_uint mask)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -5332,7 +5325,7 @@ static inline int ecp_mod_koblitz(mbedtls_mpi *N, mbedtls_mpi_uint *Rp, size_t p
 
     /* Init R */
     R.s = 1;
-    R.p = Rp;
+    R.p = (mbedtls_mpi_uint *) Rp; /* R.p will not be modified so the cast is safe */
     R.n = P_KOBLITZ_R;
 
     /* Common setup for M */
@@ -5403,7 +5396,7 @@ cleanup:
  */
 static int ecp_mod_p192k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0xC9, 0x11, 0x00, 0x00, 0x01, 0x00, 0x00,
                                   0x00)
     };
@@ -5420,7 +5413,7 @@ static int ecp_mod_p192k1(mbedtls_mpi *N)
  */
 static int ecp_mod_p224k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0x93, 0x1A, 0x00, 0x00, 0x01, 0x00, 0x00,
                                   0x00)
     };
@@ -5442,7 +5435,7 @@ static int ecp_mod_p224k1(mbedtls_mpi *N)
  */
 static int ecp_mod_p256k1(mbedtls_mpi *N)
 {
-    static mbedtls_mpi_uint Rp[] = {
+    static const mbedtls_mpi_uint Rp[] = {
         MBEDTLS_BYTES_TO_T_UINT_8(0xD1, 0x03, 0x00, 0x00, 0x01, 0x00, 0x00,
                                   0x00)
     };
diff --git a/library/ecp_curves_new.c b/library/ecp_curves_new.c
index 4ee0f5800..035b23a1b 100644
--- a/library/ecp_curves_new.c
+++ b/library/ecp_curves_new.c
@@ -28,12 +28,6 @@
 
 #if !defined(MBEDTLS_ECP_ALT)
 
-/* Parameter validation macros based on platform_util.h */
-#define ECP_VALIDATE_RET(cond)    \
-    MBEDTLS_INTERNAL_VALIDATE_RET(cond, MBEDTLS_ERR_ECP_BAD_INPUT_DATA)
-#define ECP_VALIDATE(cond)        \
-    MBEDTLS_INTERNAL_VALIDATE(cond)
-
 #define ECP_MPI_INIT(_p, _n) { .p = (mbedtls_mpi_uint *) (_p), .s = 1, .n = (_n) }
 
 #define ECP_MPI_INIT_ARRAY(x)   \
@@ -4764,7 +4758,6 @@ cleanup:
  */
 int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id)
 {
-    ECP_VALIDATE_RET(grp != NULL);
     mbedtls_ecp_group_free(grp);
 
     mbedtls_ecp_group_init(grp);
diff --git a/library/entropy_poll.c b/library/entropy_poll.c
index bd21e2d22..794ee03a8 100644
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@@ -5,7 +5,7 @@
  *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
  */
 
-#if defined(__linux__) && !defined(_GNU_SOURCE)
+#if defined(__linux__) || defined(__midipix__) && !defined(_GNU_SOURCE)
 /* Ensure that syscall() is available even when compiling with -std=c99 */
 #define _GNU_SOURCE
 #endif
diff --git a/library/gcm.c b/library/gcm.c
index c677ca4d7..033cb5901 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -354,9 +354,17 @@ int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
 {
     const unsigned char *p;
     size_t use_len, offset;
+    uint64_t new_add_len;
 
-    /* IV is limited to 2^64 bits, so 2^61 bytes */
-    if ((uint64_t) add_len >> 61 != 0) {
+    /* AD is limited to 2^64 bits, ie 2^61 bytes
+     * Also check for possible overflow */
+#if SIZE_MAX > 0xFFFFFFFFFFFFFFFFULL
+    if (add_len > 0xFFFFFFFFFFFFFFFFULL) {
+        return MBEDTLS_ERR_GCM_BAD_INPUT;
+    }
+#endif
+    new_add_len = ctx->add_len + (uint64_t) add_len;
+    if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) {
         return MBEDTLS_ERR_GCM_BAD_INPUT;
     }
 
@@ -539,6 +547,9 @@ int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
     (void) output_size;
     *output_length = 0;
 
+    /* Total length is restricted to 2^39 - 256 bits, ie 2^36 - 2^5 bytes
+     * and AD length is restricted to 2^64 bits, ie 2^61 bytes so neither of
+     * the two multiplications would overflow. */
     orig_len = ctx->len * 8;
     orig_add_len = ctx->add_len * 8;
 
diff --git a/library/oid.c b/library/oid.c
index d30a46405..1d6b1eb86 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -683,6 +683,18 @@ static const oid_cipher_alg_t oid_cipher_alg[] =
         OID_DESCRIPTOR(MBEDTLS_OID_DES_EDE3_CBC,         "des-ede3-cbc", "DES-EDE3-CBC"),
         MBEDTLS_CIPHER_DES_EDE3_CBC,
     },
+    {
+        OID_DESCRIPTOR(MBEDTLS_OID_AES_128_CBC,          "aes128-cbc", "AES128-CBC"),
+        MBEDTLS_CIPHER_AES_128_CBC,
+    },
+    {
+        OID_DESCRIPTOR(MBEDTLS_OID_AES_192_CBC,          "aes192-cbc", "AES192-CBC"),
+        MBEDTLS_CIPHER_AES_192_CBC,
+    },
+    {
+        OID_DESCRIPTOR(MBEDTLS_OID_AES_256_CBC,          "aes256-cbc", "AES256-CBC"),
+        MBEDTLS_CIPHER_AES_256_CBC,
+    },
     {
         NULL_OID_DESCRIPTOR,
         MBEDTLS_CIPHER_NONE,
diff --git a/library/pk.c b/library/pk.c
index 926183701..1b481e1a2 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -29,7 +29,7 @@
 #include "mbedtls/ecdsa.h"
 #endif
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #include "psa_util_internal.h"
 #include "mbedtls/psa_util.h"
 #endif
@@ -378,6 +378,209 @@ int mbedtls_pk_can_do_ext(const mbedtls_pk_context *ctx, psa_algorithm_t alg,
 }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_RSA_C)
+static psa_algorithm_t psa_algorithm_for_rsa(const mbedtls_rsa_context *rsa,
+                                             int want_crypt)
+{
+    if (mbedtls_rsa_get_padding_mode(rsa) == MBEDTLS_RSA_PKCS_V21) {
+        if (want_crypt) {
+            mbedtls_md_type_t md_type = mbedtls_rsa_get_md_alg(rsa);
+            return PSA_ALG_RSA_OAEP(mbedtls_md_psa_alg_from_type(md_type));
+        } else {
+            return PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH);
+        }
+    } else {
+        if (want_crypt) {
+            return PSA_ALG_RSA_PKCS1V15_CRYPT;
+        } else {
+            return PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH);
+        }
+    }
+}
+#endif /* MBEDTLS_RSA_C */
+
+int mbedtls_pk_get_psa_attributes(const mbedtls_pk_context *pk,
+                                  psa_key_usage_t usage,
+                                  psa_key_attributes_t *attributes)
+{
+    mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
+
+    psa_key_usage_t more_usage = usage;
+    if (usage == PSA_KEY_USAGE_SIGN_MESSAGE) {
+        more_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+    } else if (usage == PSA_KEY_USAGE_SIGN_HASH) {
+        more_usage |= PSA_KEY_USAGE_VERIFY_HASH;
+    } else if (usage == PSA_KEY_USAGE_DECRYPT) {
+        more_usage |= PSA_KEY_USAGE_ENCRYPT;
+    }
+    more_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
+
+    int want_private = !(usage == PSA_KEY_USAGE_VERIFY_MESSAGE ||
+                         usage == PSA_KEY_USAGE_VERIFY_HASH ||
+                         usage == PSA_KEY_USAGE_ENCRYPT);
+
+    switch (pk_type) {
+#if defined(MBEDTLS_RSA_C)
+        case MBEDTLS_PK_RSA:
+        {
+            int want_crypt = 0; /* 0: sign/verify; 1: encrypt/decrypt */
+            switch (usage) {
+                case PSA_KEY_USAGE_SIGN_MESSAGE:
+                case PSA_KEY_USAGE_SIGN_HASH:
+                case PSA_KEY_USAGE_VERIFY_MESSAGE:
+                case PSA_KEY_USAGE_VERIFY_HASH:
+                    /* Nothing to do. */
+                    break;
+                case PSA_KEY_USAGE_DECRYPT:
+                case PSA_KEY_USAGE_ENCRYPT:
+                    want_crypt = 1;
+                    break;
+                default:
+                    return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            /* Detect the presence of a private key in a way that works both
+             * in CRT and non-CRT configurations. */
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
+            int has_private = (mbedtls_rsa_check_privkey(rsa) == 0);
+            if (want_private && !has_private) {
+                return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            psa_set_key_type(attributes, (want_private ?
+                                          PSA_KEY_TYPE_RSA_KEY_PAIR :
+                                          PSA_KEY_TYPE_RSA_PUBLIC_KEY));
+            psa_set_key_bits(attributes, mbedtls_pk_get_bitlen(pk));
+            psa_set_key_algorithm(attributes,
+                                  psa_algorithm_for_rsa(rsa, want_crypt));
+            break;
+        }
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+        {
+            int sign_ok = (pk_type != MBEDTLS_PK_ECKEY_DH);
+            int derive_ok = (pk_type != MBEDTLS_PK_ECDSA);
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+            psa_ecc_family_t family = pk->ec_family;
+            size_t bits = pk->ec_bits;
+            int has_private = 0;
+            if (pk->priv_id != MBEDTLS_SVC_KEY_ID_INIT) {
+                has_private = 1;
+            }
+#else
+            const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
+            int has_private = (ec->d.n != 0);
+            size_t bits = 0;
+            psa_ecc_family_t family =
+                mbedtls_ecc_group_to_psa(ec->grp.id, &bits);
+#endif
+            psa_algorithm_t alg = 0;
+            switch (usage) {
+                case PSA_KEY_USAGE_SIGN_MESSAGE:
+                case PSA_KEY_USAGE_SIGN_HASH:
+                case PSA_KEY_USAGE_VERIFY_MESSAGE:
+                case PSA_KEY_USAGE_VERIFY_HASH:
+                    if (!sign_ok) {
+                        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+                    }
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+                    alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH);
+#else
+                    alg = PSA_ALG_ECDSA(PSA_ALG_ANY_HASH);
+#endif
+                    break;
+                case PSA_KEY_USAGE_DERIVE:
+                    alg = PSA_ALG_ECDH;
+                    if (!derive_ok) {
+                        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+                    }
+                    break;
+                default:
+                    return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            if (want_private && !has_private) {
+                return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            psa_set_key_type(attributes, (want_private ?
+                                          PSA_KEY_TYPE_ECC_KEY_PAIR(family) :
+                                          PSA_KEY_TYPE_ECC_PUBLIC_KEY(family)));
+            psa_set_key_bits(attributes, bits);
+            psa_set_key_algorithm(attributes, alg);
+            break;
+        }
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+        case MBEDTLS_PK_RSA_ALT:
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+        case MBEDTLS_PK_OPAQUE:
+        {
+            psa_key_attributes_t old_attributes = PSA_KEY_ATTRIBUTES_INIT;
+            psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+            status = psa_get_key_attributes(pk->priv_id, &old_attributes);
+            if (status != PSA_SUCCESS) {
+                return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+            }
+            psa_key_type_t old_type = psa_get_key_type(&old_attributes);
+            switch (usage) {
+                case PSA_KEY_USAGE_SIGN_MESSAGE:
+                case PSA_KEY_USAGE_SIGN_HASH:
+                case PSA_KEY_USAGE_VERIFY_MESSAGE:
+                case PSA_KEY_USAGE_VERIFY_HASH:
+                    if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type) ||
+                          old_type == PSA_KEY_TYPE_RSA_KEY_PAIR)) {
+                        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+                    }
+                    break;
+                case PSA_KEY_USAGE_DECRYPT:
+                case PSA_KEY_USAGE_ENCRYPT:
+                    if (old_type != PSA_KEY_TYPE_RSA_KEY_PAIR) {
+                        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+                    }
+                    break;
+                case PSA_KEY_USAGE_DERIVE:
+                    if (!(PSA_KEY_TYPE_IS_ECC_KEY_PAIR(old_type))) {
+                        return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+                    }
+                    break;
+                default:
+                    return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            psa_key_type_t new_type = old_type;
+            /* Opaque keys are always key pairs, so we don't need a check
+             * on the input if the required usage is private. We just need
+             * to adjust the type correctly if the required usage is public. */
+            if (!want_private) {
+                new_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(new_type);
+            }
+            more_usage = psa_get_key_usage_flags(&old_attributes);
+            if ((usage & more_usage) == 0) {
+                return MBEDTLS_ERR_PK_TYPE_MISMATCH;
+            }
+            psa_set_key_type(attributes, new_type);
+            psa_set_key_bits(attributes, psa_get_key_bits(&old_attributes));
+            psa_set_key_algorithm(attributes, psa_get_key_algorithm(&old_attributes));
+            break;
+        }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
+        default:
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
+    }
+
+    psa_set_key_usage_flags(attributes, more_usage);
+    psa_set_key_enrollment_algorithm(attributes, PSA_ALG_NONE);
+
+    return 0;
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
 /*
  * Helper for mbedtls_pk_sign and mbedtls_pk_verify
  */
diff --git a/library/pk_internal.h b/library/pk_internal.h
index 3d5adf8de..da6c7f1b4 100644
--- a/library/pk_internal.h
+++ b/library/pk_internal.h
@@ -144,4 +144,8 @@ MBEDTLS_STATIC_TESTABLE int mbedtls_pk_parse_key_pkcs8_encrypted_der(
     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng);
 #endif
 
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
+#endif
+
 #endif /* MBEDTLS_PK_INTERNAL_H */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index c23265022..2e00d4a25 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -29,9 +29,11 @@
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa_util_internal.h"
 #include "psa/crypto.h"
+#include "mbedtls/psa_util.h"
 
 #if defined(MBEDTLS_RSA_C)
 #include "pkwrite.h"
+#include "rsa_internal.h"
 #endif
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_SOME)
@@ -69,9 +71,9 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
-    mbedtls_pk_context key;
     int key_len;
     unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
+    unsigned char *p = buf + sizeof(buf);
     psa_algorithm_t psa_alg_md =
         PSA_ALG_RSA_PKCS1V15_SIGN(mbedtls_md_psa_alg_from_type(md_alg));
     size_t rsa_len = mbedtls_rsa_get_len(rsa);
@@ -86,11 +88,7 @@ static int rsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
         return MBEDTLS_ERR_RSA_VERIFY_FAILED;
     }
 
-    /* mbedtls_pk_write_pubkey_der() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &mbedtls_rsa_info;
-    key.pk_ctx = rsa;
-    key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
+    key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p);
     if (key_len <= 0) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
@@ -172,14 +170,15 @@ int  mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
-    mbedtls_pk_context key;
     int key_len;
     unsigned char *buf = NULL;
+    unsigned char *p;
+
     buf = mbedtls_calloc(1, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
     if (buf == NULL) {
         return MBEDTLS_ERR_PK_ALLOC_FAILED;
     }
-    mbedtls_pk_info_t pk_info = mbedtls_rsa_info;
+    p = buf + MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES;
 
     *sig_len = mbedtls_rsa_get_len(rsa_ctx);
     if (sig_size < *sig_len) {
@@ -187,11 +186,7 @@ int  mbedtls_pk_psa_rsa_sign_ext(psa_algorithm_t alg,
         return MBEDTLS_ERR_PK_BUFFER_TOO_SMALL;
     }
 
-    /* mbedtls_pk_write_key_der() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &pk_info;
-    key.pk_ctx = rsa_ctx;
-    key_len = mbedtls_pk_write_key_der(&key, buf, MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES);
+    key_len = mbedtls_rsa_write_key(rsa_ctx, buf, &p);
     if (key_len <= 0) {
         mbedtls_free(buf);
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -282,9 +277,9 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
-    mbedtls_pk_context key;
     int key_len;
     unsigned char buf[MBEDTLS_PK_RSA_PRV_DER_MAX_BYTES];
+    unsigned char *p = buf + sizeof(buf);
 
     ((void) f_rng);
     ((void) p_rng);
@@ -299,11 +294,7 @@ static int rsa_decrypt_wrap(mbedtls_pk_context *pk,
         return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
     }
 
-    /* mbedtls_pk_write_key_der() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &mbedtls_rsa_info;
-    key.pk_ctx = rsa;
-    key_len = mbedtls_pk_write_key_der(&key, buf, sizeof(buf));
+    key_len = mbedtls_rsa_write_key(rsa, buf, &p);
     if (key_len <= 0) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
@@ -368,9 +359,9 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_status_t status;
-    mbedtls_pk_context key;
     int key_len;
     unsigned char buf[MBEDTLS_PK_RSA_PUB_DER_MAX_BYTES];
+    unsigned char *p = buf + sizeof(buf);
 
     ((void) f_rng);
     ((void) p_rng);
@@ -385,11 +376,7 @@ static int rsa_encrypt_wrap(mbedtls_pk_context *pk,
         return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
     }
 
-    /* mbedtls_pk_write_pubkey_der() expects a full PK context;
-     * re-construct one to make it happy */
-    key.pk_info = &mbedtls_rsa_info;
-    key.pk_ctx = rsa;
-    key_len = mbedtls_pk_write_pubkey_der(&key, buf, sizeof(buf));
+    key_len = mbedtls_rsa_write_pubkey(rsa, buf, &p);
     if (key_len <= 0) {
         return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
     }
@@ -536,66 +523,6 @@ static size_t eckey_get_bitlen(mbedtls_pk_context *pk)
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_VERIFY)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * An ASN.1 encoded signature is a sequence of two ASN.1 integers. Parse one of
- * those integers and convert it to the fixed-length encoding expected by PSA.
- */
-static int extract_ecdsa_sig_int(unsigned char **from, const unsigned char *end,
-                                 unsigned char *to, size_t to_len)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t unpadded_len, padding_len;
-
-    if ((ret = mbedtls_asn1_get_tag(from, end, &unpadded_len,
-                                    MBEDTLS_ASN1_INTEGER)) != 0) {
-        return ret;
-    }
-
-    while (unpadded_len > 0 && **from == 0x00) {
-        (*from)++;
-        unpadded_len--;
-    }
-
-    if (unpadded_len > to_len || unpadded_len == 0) {
-        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
-    }
-
-    padding_len = to_len - unpadded_len;
-    memset(to, 0x00, padding_len);
-    memcpy(to + padding_len, *from, unpadded_len);
-    (*from) += unpadded_len;
-
-    return 0;
-}
-
-/*
- * Convert a signature from an ASN.1 sequence of two integers
- * to a raw {r,s} buffer. Note: the provided sig buffer must be at least
- * twice as big as int_size.
- */
-static int extract_ecdsa_sig(unsigned char **p, const unsigned char *end,
-                             unsigned char *sig, size_t int_size)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t tmp_size;
-
-    if ((ret = mbedtls_asn1_get_tag(p, end, &tmp_size,
-                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-        return ret;
-    }
-
-    /* Extract r */
-    if ((ret = extract_ecdsa_sig_int(p, end, sig, int_size)) != 0) {
-        return ret;
-    }
-    /* Extract s */
-    if ((ret = extract_ecdsa_sig_int(p, end, sig + int_size, int_size)) != 0) {
-        return ret;
-    }
-
-    return 0;
-}
-
 /* Common helper for ECDSA verify using PSA functions. */
 static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
                             psa_ecc_family_t curve, size_t curve_bits,
@@ -607,6 +534,7 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     psa_algorithm_t psa_sig_md = PSA_ALG_ECDSA_ANY;
     size_t signature_len = PSA_ECDSA_SIGNATURE_SIZE(curve_bits);
+    size_t converted_sig_len;
     unsigned char extracted_sig[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE];
     unsigned char *p;
     psa_status_t status;
@@ -631,11 +559,14 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
     }
 
     p = (unsigned char *) sig;
-    /* extract_ecdsa_sig's last parameter is the size
-     * of each integer to be parsed, so it's actually half
-     * the size of the signature. */
-    if ((ret = extract_ecdsa_sig(&p, sig + sig_len, extracted_sig,
-                                 signature_len/2)) != 0) {
+    ret = mbedtls_ecdsa_der_to_raw(curve_bits, p, sig_len, extracted_sig,
+                                   sizeof(extracted_sig), &converted_sig_len);
+    if (ret != 0) {
+        goto cleanup;
+    }
+
+    if (converted_sig_len != signature_len) {
+        ret = MBEDTLS_ERR_PK_BAD_INPUT_DATA;
         goto cleanup;
     }
 
@@ -646,10 +577,6 @@ static int ecdsa_verify_psa(unsigned char *key, size_t key_len,
         goto cleanup;
     }
 
-    if (p != sig + sig_len) {
-        ret = MBEDTLS_ERR_PK_SIG_LEN_MISMATCH;
-        goto cleanup;
-    }
     ret = 0;
 
 cleanup:
@@ -751,90 +678,6 @@ static int ecdsa_verify_wrap(mbedtls_pk_context *pk, mbedtls_md_type_t md_alg,
 
 #if defined(MBEDTLS_PK_CAN_ECDSA_SIGN)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-/*
- * Simultaneously convert and move raw MPI from the beginning of a buffer
- * to an ASN.1 MPI at the end of the buffer.
- * See also mbedtls_asn1_write_mpi().
- *
- * p: pointer to the end of the output buffer
- * start: start of the output buffer, and also of the mpi to write at the end
- * n_len: length of the mpi to read from start
- */
-static int asn1_write_mpibuf(unsigned char **p, unsigned char *start,
-                             size_t n_len)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-
-    if ((size_t) (*p - start) < n_len) {
-        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-    }
-
-    len = n_len;
-    *p -= len;
-    memmove(*p, start, len);
-
-    /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
-     * Neither r nor s should be 0, but as a failsafe measure, still detect
-     * that rather than overflowing the buffer in case of a PSA error. */
-    while (len > 0 && **p == 0x00) {
-        ++(*p);
-        --len;
-    }
-
-    /* this is only reached if the signature was invalid */
-    if (len == 0) {
-        return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
-    }
-
-    /* if the msb is 1, ASN.1 requires that we prepend a 0.
-     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
-    if (**p & 0x80) {
-        if (*p - start < 1) {
-            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
-        }
-
-        *--(*p) = 0x00;
-        len += 1;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
-                                                     MBEDTLS_ASN1_INTEGER));
-
-    return (int) len;
-}
-
-/* Transcode signature from PSA format to ASN.1 sequence.
- * See ecdsa_signature_to_asn1 in ecdsa.c, but with byte buffers instead of
- * MPIs, and in-place.
- *
- * [in/out] sig: the signature pre- and post-transcoding
- * [in/out] sig_len: signature length pre- and post-transcoding
- * [int] buf_len: the available size the in/out buffer
- */
-static int pk_ecdsa_sig_asn1_from_psa(unsigned char *sig, size_t *sig_len,
-                                      size_t buf_len)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    const size_t rs_len = *sig_len / 2;
-    unsigned char *p = sig + buf_len;
-
-    MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig + rs_len, rs_len));
-    MBEDTLS_ASN1_CHK_ADD(len, asn1_write_mpibuf(&p, sig, rs_len));
-
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, sig, len));
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, sig,
-                                                     MBEDTLS_ASN1_CONSTRUCTED |
-                                                     MBEDTLS_ASN1_SEQUENCE));
-
-    memmove(sig, p, len);
-    *sig_len = len;
-
-    return 0;
-}
-
 /* Common helper for ECDSA sign using PSA functions.
  * Instead of extracting key's properties in order to check which kind of ECDSA
  * signature it supports, we try both deterministic and non-deterministic.
@@ -845,6 +688,15 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     psa_status_t status;
+    psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+    size_t key_bits = 0;
+
+    status = psa_get_key_attributes(key_id, &key_attr);
+    if (status != PSA_SUCCESS) {
+        return PSA_PK_ECDSA_TO_MBEDTLS_ERR(status);
+    }
+    key_bits = psa_get_key_bits(&key_attr);
+    psa_reset_key_attributes(&key_attr);
 
     status = psa_sign_hash(key_id,
                            PSA_ALG_DETERMINISTIC_ECDSA(mbedtls_md_psa_alg_from_type(md_alg)),
@@ -863,7 +715,7 @@ static int ecdsa_sign_psa(mbedtls_svc_key_id_t key_id, mbedtls_md_type_t md_alg,
     }
 
 done:
-    ret = pk_ecdsa_sig_asn1_from_psa(sig, sig_len, sig_size);
+    ret = mbedtls_ecdsa_raw_to_der(key_bits, sig, *sig_len, sig, sig_size, sig_len);
 
     return ret;
 }
diff --git a/library/pkcs7.c b/library/pkcs7.c
index 0869c2e07..3aac662ba 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c
@@ -7,7 +7,7 @@
 #include "mbedtls/build_info.h"
 #if defined(MBEDTLS_PKCS7_C)
 #include "mbedtls/pkcs7.h"
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
diff --git a/library/pkparse.c b/library/pkparse.c
index 5f95545af..5a3d3b259 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -28,6 +28,7 @@
 /* Key types */
 #if defined(MBEDTLS_RSA_C)
 #include "mbedtls/rsa.h"
+#include "rsa_internal.h"
 #endif
 
 /* Extended formats */
@@ -757,68 +758,6 @@ static int pk_parse_key_rfc8410_der(mbedtls_pk_context *pk,
 
 #endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
 
-#if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_get_rsapubkey(unsigned char **p,
-                            const unsigned char *end,
-                            mbedtls_rsa_context *rsa)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len;
-
-    if ((ret = mbedtls_asn1_get_tag(p, end, &len,
-                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
-    }
-
-    if (*p + len != end) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
-    }
-
-    /* Import N */
-    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
-    }
-
-    if ((ret = mbedtls_rsa_import_raw(rsa, *p, len, NULL, 0, NULL, 0,
-                                      NULL, 0, NULL, 0)) != 0) {
-        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
-    }
-
-    *p += len;
-
-    /* Import E */
-    if ((ret = mbedtls_asn1_get_tag(p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
-    }
-
-    if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
-                                      NULL, 0, *p, len)) != 0) {
-        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
-    }
-
-    *p += len;
-
-    if (mbedtls_rsa_complete(rsa) != 0 ||
-        mbedtls_rsa_check_pubkey(rsa) != 0) {
-        return MBEDTLS_ERR_PK_INVALID_PUBKEY;
-    }
-
-    if (*p != end) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                                 MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
-    }
-
-    return 0;
-}
-#endif /* MBEDTLS_RSA_C */
-
 /* Get a PK algorithm identifier
  *
  *  AlgorithmIdentifier  ::=  SEQUENCE  {
@@ -911,7 +850,17 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
 
 #if defined(MBEDTLS_RSA_C)
     if (pk_alg == MBEDTLS_PK_RSA) {
-        ret = pk_get_rsapubkey(p, end, mbedtls_pk_rsa(*pk));
+        ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*pk), *p, (size_t) (end - *p));
+        if (ret == 0) {
+            /* On success all the input has been consumed by the parsing function. */
+            *p += end - *p;
+        } else if ((ret <= MBEDTLS_ERR_ASN1_OUT_OF_DATA) &&
+                   (ret >= MBEDTLS_ERR_ASN1_BUF_TOO_SMALL)) {
+            /* In case of ASN1 error codes add MBEDTLS_ERR_PK_INVALID_PUBKEY. */
+            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY, ret);
+        } else {
+            ret = MBEDTLS_ERR_PK_INVALID_PUBKEY;
+        }
     } else
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
@@ -944,195 +893,6 @@ int mbedtls_pk_parse_subpubkey(unsigned char **p, const unsigned char *end,
     return ret;
 }
 
-#if defined(MBEDTLS_RSA_C)
-/*
- * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
- *
- * The value zero is:
- * - never a valid value for an RSA parameter
- * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
- *
- * Since values can't be omitted in PKCS#1, passing a zero value to
- * rsa_complete() would be incorrect, so reject zero values early.
- */
-static int asn1_get_nonzero_mpi(unsigned char **p,
-                                const unsigned char *end,
-                                mbedtls_mpi *X)
-{
-    int ret;
-
-    ret = mbedtls_asn1_get_mpi(p, end, X);
-    if (ret != 0) {
-        return ret;
-    }
-
-    if (mbedtls_mpi_cmp_int(X, 0) == 0) {
-        return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
-    }
-
-    return 0;
-}
-
-/*
- * Parse a PKCS#1 encoded private RSA key
- */
-static int pk_parse_key_pkcs1_der(mbedtls_rsa_context *rsa,
-                                  const unsigned char *key,
-                                  size_t keylen)
-{
-    int ret, version;
-    size_t len;
-    unsigned char *p, *end;
-
-    mbedtls_mpi T;
-    mbedtls_mpi_init(&T);
-
-    p = (unsigned char *) key;
-    end = p + keylen;
-
-    /*
-     * This function parses the RSAPrivateKey (PKCS#1)
-     *
-     *  RSAPrivateKey ::= SEQUENCE {
-     *      version           Version,
-     *      modulus           INTEGER,  -- n
-     *      publicExponent    INTEGER,  -- e
-     *      privateExponent   INTEGER,  -- d
-     *      prime1            INTEGER,  -- p
-     *      prime2            INTEGER,  -- q
-     *      exponent1         INTEGER,  -- d mod (p-1)
-     *      exponent2         INTEGER,  -- d mod (q-1)
-     *      coefficient       INTEGER,  -- (inverse of q) mod p
-     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
-     *  }
-     */
-    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
-                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
-    }
-
-    end = p + len;
-
-    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
-        return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
-    }
-
-    if (version != 0) {
-        return MBEDTLS_ERR_PK_KEY_INVALID_VERSION;
-    }
-
-    /* Import N */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL,
-                                  NULL, NULL)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import E */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
-                                  NULL, &T)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import D */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
-                                  &T, NULL)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import P */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL,
-                                  NULL, NULL)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import Q */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T,
-                                  NULL, NULL)) != 0) {
-        goto cleanup;
-    }
-
-#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
-    /*
-     * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
-     * that they can be easily recomputed from D, P and Q. However by
-     * parsing them from the PKCS1 structure it is possible to avoid
-     * recalculating them which both reduces the overhead of loading
-     * RSA private keys into memory and also avoids side channels which
-     * can arise when computing those values, since all of D, P, and Q
-     * are secret. See https://eprint.iacr.org/2020/055 for a
-     * description of one such attack.
-     */
-
-    /* Import DP */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import DQ */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) {
-        goto cleanup;
-    }
-
-    /* Import QP */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) {
-        goto cleanup;
-    }
-
-#else
-    /* Verify existence of the CRT params */
-    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
-        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) {
-        goto cleanup;
-    }
-#endif
-
-    /* rsa_complete() doesn't complete anything with the default
-     * implementation but is still called:
-     * - for the benefit of alternative implementation that may want to
-     *   pre-compute stuff beyond what's provided (eg Montgomery factors)
-     * - as is also sanity-checks the key
-     *
-     * Furthermore, we also check the public part for consistency with
-     * mbedtls_pk_parse_pubkey(), as it includes size minima for example.
-     */
-    if ((ret = mbedtls_rsa_complete(rsa)) != 0 ||
-        (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) {
-        goto cleanup;
-    }
-
-    if (p != end) {
-        ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
-                                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
-    }
-
-cleanup:
-
-    mbedtls_mpi_free(&T);
-
-    if (ret != 0) {
-        /* Wrap error code if it's coming from a lower level */
-        if ((ret & 0xff80) == 0) {
-            ret = MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret);
-        } else {
-            ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
-        }
-
-        mbedtls_rsa_free(rsa);
-    }
-
-    return ret;
-}
-#endif /* MBEDTLS_RSA_C */
-
 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
 /*
  * Parse a SEC1 encoded private EC key
@@ -1348,7 +1108,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
 
 #if defined(MBEDTLS_RSA_C)
     if (pk_alg == MBEDTLS_PK_RSA) {
-        if ((ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), p, len)) != 0) {
+        if ((ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), p, len)) != 0) {
             mbedtls_pk_free(pk);
             return ret;
         }
@@ -1538,8 +1298,8 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
     if (ret == 0) {
         pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
         if ((ret = mbedtls_pk_setup(pk, pk_info)) != 0 ||
-            (ret = pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk),
-                                          pem.buf, pem.buflen)) != 0) {
+            (ret = mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk),
+                                         pem.buf, pem.buflen)) != 0) {
             mbedtls_pk_free(pk);
         }
 
@@ -1679,7 +1439,7 @@ int mbedtls_pk_parse_key(mbedtls_pk_context *pk,
 
     pk_info = mbedtls_pk_info_from_type(MBEDTLS_PK_RSA);
     if (mbedtls_pk_setup(pk, pk_info) == 0 &&
-        pk_parse_key_pkcs1_der(mbedtls_pk_rsa(*pk), key, keylen) == 0) {
+        mbedtls_rsa_parse_key(mbedtls_pk_rsa(*pk), key, keylen) == 0) {
         return 0;
     }
 
@@ -1754,7 +1514,7 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
             return ret;
         }
 
-        if ((ret = pk_get_rsapubkey(&p, p + pem.buflen, mbedtls_pk_rsa(*ctx))) != 0) {
+        if ((ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, pem.buflen)) != 0) {
             mbedtls_pk_free(ctx);
         }
 
@@ -1801,13 +1561,12 @@ int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
     }
 
     p = (unsigned char *) key;
-    ret = pk_get_rsapubkey(&p, p + keylen, mbedtls_pk_rsa(*ctx));
+    ret = mbedtls_rsa_parse_pubkey(mbedtls_pk_rsa(*ctx), p, keylen);
     if (ret == 0) {
         return ret;
     }
     mbedtls_pk_free(ctx);
-    if (ret != (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_PK_INVALID_PUBKEY,
-                                  MBEDTLS_ERR_ASN1_UNEXPECTED_TAG))) {
+    if (ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG) {
         return ret;
     }
 #endif /* MBEDTLS_RSA_C */
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 1f0d3990e..b9ddcf1d8 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -32,6 +32,9 @@
 #if defined(MBEDTLS_PEM_WRITE_C)
 #include "mbedtls/pem.h"
 #endif
+#if defined(MBEDTLS_RSA_C)
+#include "rsa_internal.h"
+#endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 #include "psa/crypto.h"
@@ -56,60 +59,13 @@
  * Internal functions for RSA keys.
  ******************************************************************************/
 #if defined(MBEDTLS_RSA_C)
-/*
- *  RSAPublicKey ::= SEQUENCE {
- *      modulus           INTEGER,  -- n
- *      publicExponent    INTEGER   -- e
- *  }
- */
-static int pk_write_rsa_pubkey(unsigned char **p, unsigned char *start,
-                               const mbedtls_pk_context *pk)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t len = 0;
-    mbedtls_mpi T;
-    mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
-
-    mbedtls_mpi_init(&T);
-
-    /* Export E */
-    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
-        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
-        goto end_of_export;
-    }
-    len += ret;
-
-    /* Export N */
-    if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
-        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
-        goto end_of_export;
-    }
-    len += ret;
-
-end_of_export:
-
-    mbedtls_mpi_free(&T);
-    if (ret < 0) {
-        return ret;
-    }
-
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
-    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
-                                                     MBEDTLS_ASN1_SEQUENCE));
-
-    return (int) len;
-}
-
 static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
                             const mbedtls_pk_context *pk)
 {
-    size_t len = 0;
-    int ret;
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
         uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
-        size_t tmp_len = 0;
+        size_t len = 0, tmp_len = 0;
 
         if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
             return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
@@ -118,94 +74,11 @@ static int pk_write_rsa_der(unsigned char **p, unsigned char *buf,
         memcpy(*p, tmp, tmp_len);
         len += tmp_len;
         mbedtls_platform_zeroize(tmp, sizeof(tmp));
-    } else
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-    {
-        mbedtls_mpi T; /* Temporary holding the exported parameters */
-        mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
 
-        /*
-         * Export the parameters one after another to avoid simultaneous copies.
-         */
-
-        mbedtls_mpi_init(&T);
-
-        /* Export QP */
-        if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export DQ */
-        if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export DP */
-        if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export Q */
-        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
-                                      &T, NULL, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export P */
-        if ((ret = mbedtls_rsa_export(rsa, NULL, &T,
-                                      NULL, NULL, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export D */
-        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
-                                      NULL, &T, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export E */
-        if ((ret = mbedtls_rsa_export(rsa, NULL, NULL,
-                                      NULL, NULL, &T)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-        /* Export N */
-        if ((ret = mbedtls_rsa_export(rsa, &T, NULL,
-                                      NULL, NULL, NULL)) != 0 ||
-            (ret = mbedtls_asn1_write_mpi(p, buf, &T)) < 0) {
-            goto end_of_export;
-        }
-        len += ret;
-
-end_of_export:
-
-        mbedtls_mpi_free(&T);
-        if (ret < 0) {
-            return ret;
-        }
-
-        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, buf, 0));
-        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, buf, len));
-        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p,
-                                                         buf, MBEDTLS_ASN1_CONSTRUCTED |
-                                                         MBEDTLS_ASN1_SEQUENCE));
+        return (int) len;
     }
-
-    return (int) len;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+    return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
 }
 #endif /* MBEDTLS_RSA_C */
 
@@ -543,7 +416,7 @@ int mbedtls_pk_write_pubkey(unsigned char **p, unsigned char *start,
 
 #if defined(MBEDTLS_RSA_C)
     if (mbedtls_pk_get_type(key) == MBEDTLS_PK_RSA) {
-        MBEDTLS_ASN1_CHK_ADD(len, pk_write_rsa_pubkey(p, start, key));
+        MBEDTLS_ASN1_CHK_ADD(len, mbedtls_rsa_write_pubkey(mbedtls_pk_rsa(*key), start, p));
     } else
 #endif
 #if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
diff --git a/library/platform_util.c b/library/platform_util.c
index 9f5dcb874..0741bf575 100644
--- a/library/platform_util.c
+++ b/library/platform_util.c
@@ -93,8 +93,6 @@ static void *(*const volatile memset_func)(void *, int, size_t) = memset;
 
 void mbedtls_platform_zeroize(void *buf, size_t len)
 {
-    MBEDTLS_INTERNAL_VALIDATE(len == 0 || buf != NULL);
-
     if (len > 0) {
 #if defined(MBEDTLS_PLATFORM_HAS_EXPLICIT_BZERO)
         explicit_bzero(buf, len);
@@ -151,10 +149,10 @@ void mbedtls_zeroize_and_free(void *buf, size_t len)
 #include <time.h>
 #if !defined(_WIN32) && (defined(unix) || \
     defined(__unix) || defined(__unix__) || (defined(__APPLE__) && \
-    defined(__MACH__)))
+    defined(__MACH__)) || defined__midipix__)
 #include <unistd.h>
 #endif /* !_WIN32 && (unix || __unix || __unix__ ||
-        * (__APPLE__ && __MACH__)) */
+        * (__APPLE__ && __MACH__) || __midipix__) */
 
 #if !((defined(_POSIX_VERSION) && _POSIX_VERSION >= 200809L) ||     \
     (defined(_POSIX_THREAD_SAFE_FUNCTIONS) &&                     \
@@ -222,9 +220,10 @@ void (*mbedtls_test_hook_test_fail)(const char *, int, const char *);
 #include <time.h>
 #if !defined(_WIN32) && \
     (defined(unix) || defined(__unix) || defined(__unix__) || \
-    (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__))
+    (defined(__APPLE__) && defined(__MACH__)) || defined(__HAIKU__) || defined(__midipix__))
 #include <unistd.h>
-#endif /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__) */
+#endif \
+    /* !_WIN32 && (unix || __unix || __unix__ || (__APPLE__ && __MACH__) || __HAIKU__ || __midipix__) */
 #if (defined(_POSIX_VERSION) && _POSIX_VERSION >= 199309L) || defined(__HAIKU__)
 mbedtls_ms_time_t mbedtls_ms_time(void)
 {
@@ -232,7 +231,7 @@ mbedtls_ms_time_t mbedtls_ms_time(void)
     struct timespec tv;
     mbedtls_ms_time_t current_ms;
 
-#if defined(__linux__) && defined(CLOCK_BOOTTIME)
+#if defined(__linux__) && defined(CLOCK_BOOTTIME) || defined(__midipix__)
     ret = clock_gettime(CLOCK_BOOTTIME, &tv);
 #else
     ret = clock_gettime(CLOCK_MONOTONIC, &tv);
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 5e35fac4b..43b597c38 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -129,12 +129,30 @@ int psa_can_do_cipher(psa_key_type_t key_type, psa_algorithm_t cipher_alg)
     defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
 static int psa_is_dh_key_size_valid(size_t bits)
 {
-    if (bits != 2048 && bits != 3072 && bits != 4096 &&
-        bits != 6144 && bits != 8192) {
-        return 0;
+    switch (bits) {
+#if defined(PSA_WANT_DH_RFC7919_2048)
+        case 2048:
+            return 1;
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+#if defined(PSA_WANT_DH_RFC7919_3072)
+        case 3072:
+            return 1;
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+#if defined(PSA_WANT_DH_RFC7919_4096)
+        case 4096:
+            return 1;
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+#if defined(PSA_WANT_DH_RFC7919_6144)
+        case 6144:
+            return 1;
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+#if defined(PSA_WANT_DH_RFC7919_8192)
+        case 8192:
+            return 1;
+#endif /* PSA_WANT_DH_RFC7919_8192 */
+        default:
+            return 0;
     }
-
-    return 1;
 }
 #endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_IMPORT ||
           MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY ||
@@ -577,7 +595,7 @@ psa_status_t psa_import_key_into_slot(
         defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
         if (PSA_KEY_TYPE_IS_DH(type)) {
             if (psa_is_dh_key_size_valid(PSA_BYTES_TO_BITS(data_length)) == 0) {
-                return PSA_ERROR_INVALID_ARGUMENT;
+                return PSA_ERROR_NOT_SUPPORTED;
             }
             return mbedtls_psa_ffdh_import_key(attributes,
                                                data, data_length,
@@ -6096,6 +6114,91 @@ static psa_status_t psa_hash_try_support(psa_algorithm_t alg)
     return status;
 }
 
+static psa_status_t psa_key_derivation_set_maximum_capacity(
+    psa_key_derivation_operation_t *operation,
+    psa_algorithm_t kdf_alg)
+{
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        operation->capacity = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
+        return PSA_SUCCESS;
+    }
+#endif
+#if defined(PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128)
+    if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
+#if (SIZE_MAX > UINT32_MAX)
+        operation->capacity = UINT32_MAX * (size_t) PSA_MAC_LENGTH(
+            PSA_KEY_TYPE_AES,
+            128U,
+            PSA_ALG_CMAC);
+#else
+        operation->capacity = SIZE_MAX;
+#endif
+        return PSA_SUCCESS;
+    }
+#endif /* PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128 */
+
+    /* After this point, if kdf_alg is not valid then value of hash_alg may be
+     * invalid or meaningless but it does not affect this function */
+    psa_algorithm_t hash_alg = PSA_ALG_GET_HASH(kdf_alg);
+    size_t hash_size = PSA_HASH_LENGTH(hash_alg);
+    if (hash_size == 0) {
+        return PSA_ERROR_NOT_SUPPORTED;
+    }
+
+    /* Make sure that hash_alg is a supported hash algorithm. Otherwise
+     * we might fail later, which is somewhat unfriendly and potentially
+     * risk-prone. */
+    psa_status_t status = psa_hash_try_support(hash_alg);
+    if (status != PSA_SUCCESS) {
+        return status;
+    }
+
+#if defined(PSA_WANT_ALG_HKDF)
+    if (PSA_ALG_IS_HKDF(kdf_alg)) {
+        operation->capacity = 255 * hash_size;
+    } else
+#endif
+#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
+    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
+        operation->capacity = hash_size;
+    } else
+#endif
+#if defined(PSA_WANT_ALG_HKDF_EXPAND)
+    if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
+        operation->capacity = 255 * hash_size;
+    } else
+#endif
+#if defined(PSA_WANT_ALG_TLS12_PRF)
+    if (PSA_ALG_IS_TLS12_PRF(kdf_alg) &&
+        (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
+        operation->capacity = SIZE_MAX;
+    } else
+#endif
+#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+    if (PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg) &&
+        (hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
+        /* Master Secret is always 48 bytes
+         * https://datatracker.ietf.org/doc/html/rfc5246.html#section-8.1 */
+        operation->capacity = 48U;
+    } else
+#endif
+#if defined(PSA_WANT_ALG_PBKDF2_HMAC)
+    if (PSA_ALG_IS_PBKDF2_HMAC(kdf_alg)) {
+#if (SIZE_MAX > UINT32_MAX)
+        operation->capacity = UINT32_MAX * hash_size;
+#else
+        operation->capacity = SIZE_MAX;
+#endif
+    } else
+#endif /* PSA_WANT_ALG_PBKDF2_HMAC */
+    {
+        (void) hash_size;
+        status = PSA_ERROR_NOT_SUPPORTED;
+    }
+    return status;
+}
+
 static psa_status_t psa_key_derivation_setup_kdf(
     psa_key_derivation_operation_t *operation,
     psa_algorithm_t kdf_alg)
@@ -6109,43 +6212,9 @@ static psa_status_t psa_key_derivation_setup_kdf(
         return PSA_ERROR_NOT_SUPPORTED;
     }
 
-    /* All currently supported key derivation algorithms (apart from
-     * ecjpake to pms and pbkdf2_aes_cmac_128) are based on a hash algorithm. */
-    psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
-    size_t hash_size = PSA_HASH_LENGTH(hash_alg);
-    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
-        hash_size = PSA_HASH_LENGTH(PSA_ALG_SHA_256);
-    } else if (kdf_alg == PSA_ALG_PBKDF2_AES_CMAC_PRF_128) {
-        hash_size = PSA_MAC_LENGTH(PSA_KEY_TYPE_AES, 128U, PSA_ALG_CMAC);
-    } else {
-        if (hash_size == 0) {
-            return PSA_ERROR_NOT_SUPPORTED;
-        }
-
-        /* Make sure that hash_alg is a supported hash algorithm. Otherwise
-         * we might fail later, which is somewhat unfriendly and potentially
-         * risk-prone. */
-        psa_status_t status = psa_hash_try_support(hash_alg);
-        if (status != PSA_SUCCESS) {
-            return status;
-        }
-    }
-
-    if ((PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
-         PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) &&
-        !(hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384)) {
-        return PSA_ERROR_NOT_SUPPORTED;
-    }
-#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \
-    defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS)
-    if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg) ||
-        (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS)) {
-        operation->capacity = hash_size;
-    } else
-#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT ||
-          MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS */
-    operation->capacity = 255 * hash_size;
-    return PSA_SUCCESS;
+    psa_status_t status = psa_key_derivation_set_maximum_capacity(operation,
+                                                                  kdf_alg);
+    return status;
 }
 
 static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)
diff --git a/library/psa_crypto_ffdh.c b/library/psa_crypto_ffdh.c
index a57f02e5e..0099d5f97 100644
--- a/library/psa_crypto_ffdh.c
+++ b/library/psa_crypto_ffdh.c
@@ -10,6 +10,12 @@
 
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
+/* This header is only needed because it defines
+ * MBEDTLS_DHM_RFC7919_FFDHEXXXX_[P|G]_BIN symbols that are used in
+ * mbedtls_psa_ffdh_set_prime_generator(). Apart from that, this module
+ * only uses bignum functions for arithmetic. */
+#include <mbedtls/dhm.h>
+
 #include <psa/crypto.h>
 #include "psa_crypto_core.h"
 #include "psa_crypto_ffdh.h"
@@ -35,58 +41,78 @@ static psa_status_t mbedtls_psa_ffdh_set_prime_generator(size_t key_size,
         return PSA_ERROR_INVALID_ARGUMENT;
     }
 
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048)
     static const unsigned char dhm_P_2048[] =
         MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN;
-    static const unsigned char dhm_P_3072[] =
-        MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN;
-    static const unsigned char dhm_P_4096[] =
-        MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN;
-    static const unsigned char dhm_P_6144[] =
-        MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN;
-    static const unsigned char dhm_P_8192[] =
-        MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN;
     static const unsigned char dhm_G_2048[] =
         MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072)
+    static const unsigned char dhm_P_3072[] =
+        MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN;
     static const unsigned char dhm_G_3072[] =
         MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096)
+    static const unsigned char dhm_P_4096[] =
+        MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN;
     static const unsigned char dhm_G_4096[] =
         MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144)
+    static const unsigned char dhm_P_6144[] =
+        MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN;
     static const unsigned char dhm_G_6144[] =
         MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192)
+    static const unsigned char dhm_P_8192[] =
+        MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN;
     static const unsigned char dhm_G_8192[] =
         MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */
 
     switch (key_size) {
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048)
         case sizeof(dhm_P_2048):
             dhm_P = dhm_P_2048;
             dhm_G = dhm_G_2048;
             dhm_size_P = sizeof(dhm_P_2048);
             dhm_size_G = sizeof(dhm_G_2048);
             break;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_2048 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072)
         case sizeof(dhm_P_3072):
             dhm_P = dhm_P_3072;
             dhm_G = dhm_G_3072;
             dhm_size_P = sizeof(dhm_P_3072);
             dhm_size_G = sizeof(dhm_G_3072);
             break;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_3072 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096)
         case sizeof(dhm_P_4096):
             dhm_P = dhm_P_4096;
             dhm_G = dhm_G_4096;
             dhm_size_P = sizeof(dhm_P_4096);
             dhm_size_G = sizeof(dhm_G_4096);
             break;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_4096 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144)
         case sizeof(dhm_P_6144):
             dhm_P = dhm_P_6144;
             dhm_G = dhm_G_6144;
             dhm_size_P = sizeof(dhm_P_6144);
             dhm_size_G = sizeof(dhm_G_6144);
             break;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_6144 */
+#if defined(MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192)
         case sizeof(dhm_P_8192):
             dhm_P = dhm_P_8192;
             dhm_G = dhm_G_8192;
             dhm_size_P = sizeof(dhm_P_8192);
             dhm_size_G = sizeof(dhm_G_8192);
             break;
+#endif /* MBEDTLS_PSA_BUILTIN_DH_RFC7919_8192 */
         default:
             return PSA_ERROR_INVALID_ARGUMENT;
     }
diff --git a/library/psa_crypto_ffdh.h b/library/psa_crypto_ffdh.h
index baeb9286c..79accd15a 100644
--- a/library/psa_crypto_ffdh.h
+++ b/library/psa_crypto_ffdh.h
@@ -10,7 +10,6 @@
 #define PSA_CRYPTO_FFDH_H
 
 #include <psa/crypto.h>
-#include <mbedtls/dhm.h>
 
 /** Perform a key agreement and return the FFDH shared secret.
  *
diff --git a/library/psa_crypto_rsa.c b/library/psa_crypto_rsa.c
index 7b58ea22a..4a574d1c7 100644
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@@ -24,8 +24,7 @@
 
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>
-#include <mbedtls/pk.h>
-#include "pk_wrap.h"
+#include "rsa_internal.h"
 
 #if defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) || \
     defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP) || \
@@ -62,50 +61,38 @@ psa_status_t mbedtls_psa_rsa_load_representation(
     mbedtls_rsa_context **p_rsa)
 {
     psa_status_t status;
-    mbedtls_pk_context ctx;
     size_t bits;
-    mbedtls_pk_init(&ctx);
+
+    *p_rsa = mbedtls_calloc(1, sizeof(mbedtls_rsa_context));
+    if (*p_rsa == NULL) {
+        return PSA_ERROR_INSUFFICIENT_MEMORY;
+    }
+    mbedtls_rsa_init(*p_rsa);
 
     /* Parse the data. */
     if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
-        status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_key(&ctx, data, data_length, NULL, 0,
-                                 mbedtls_psa_get_random, MBEDTLS_PSA_RANDOM_STATE));
+        status = mbedtls_to_psa_error(mbedtls_rsa_parse_key(*p_rsa, data, data_length));
     } else {
-        status = mbedtls_to_psa_error(
-            mbedtls_pk_parse_public_key(&ctx, data, data_length));
+        status = mbedtls_to_psa_error(mbedtls_rsa_parse_pubkey(*p_rsa, data, data_length));
     }
     if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    /* We have something that the pkparse module recognizes. If it is a
-     * valid RSA key, store it. */
-    if (mbedtls_pk_get_type(&ctx) != MBEDTLS_PK_RSA) {
-        status = PSA_ERROR_INVALID_ARGUMENT;
-        goto exit;
-    }
-
     /* The size of an RSA key doesn't have to be a multiple of 8. Mbed TLS
      * supports non-byte-aligned key sizes, but not well. For example,
      * mbedtls_rsa_get_len() returns the key size in bytes, not in bits. */
-    bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(mbedtls_pk_rsa(ctx)));
+    bits = PSA_BYTES_TO_BITS(mbedtls_rsa_get_len(*p_rsa));
     if (bits > PSA_VENDOR_RSA_MAX_KEY_BITS) {
         status = PSA_ERROR_NOT_SUPPORTED;
         goto exit;
     }
-    status = psa_check_rsa_key_byte_aligned(mbedtls_pk_rsa(ctx));
+    status = psa_check_rsa_key_byte_aligned(*p_rsa);
     if (status != PSA_SUCCESS) {
         goto exit;
     }
 
-    /* Copy out the pointer to the RSA context, and reset the PK context
-     * such that pk_free doesn't free the RSA context we just grabbed. */
-    *p_rsa = mbedtls_pk_rsa(ctx);
-    ctx.pk_info = NULL;
-
 exit:
-    mbedtls_pk_free(&ctx);
     return status;
 }
 #endif /* defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT) ||
@@ -168,20 +155,15 @@ psa_status_t mbedtls_psa_rsa_export_key(psa_key_type_t type,
                                         size_t *data_length)
 {
     int ret;
-    mbedtls_pk_context pk;
-    uint8_t *pos = data + data_size;
-
-    mbedtls_pk_init(&pk);
-    pk.pk_info = &mbedtls_rsa_info;
-    pk.pk_ctx = rsa;
+    uint8_t *end = data + data_size;
 
     /* PSA Crypto API defines the format of an RSA key as a DER-encoded
      * representation of the non-encrypted PKCS#1 RSAPrivateKey for a
      * private key and of the RFC3279 RSAPublicKey for a public key. */
     if (PSA_KEY_TYPE_IS_KEY_PAIR(type)) {
-        ret = mbedtls_pk_write_key_der(&pk, data, data_size);
+        ret = mbedtls_rsa_write_key(rsa, data, &end);
     } else {
-        ret = mbedtls_pk_write_pubkey(&pos, data, &pk);
+        ret = mbedtls_rsa_write_pubkey(rsa, data, &end);
     }
 
     if (ret < 0) {
diff --git a/library/psa_util.c b/library/psa_util.c
index 41586e262..fd119bf3d 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -8,14 +8,20 @@
 
 #include "common.h"
 
+/* This is needed for MBEDTLS_ERR_XXX macros */
+#include <mbedtls/error.h>
+
+#if defined(MBEDTLS_ASN1_WRITE_C)
+#include <mbedtls/asn1write.h>
+#include <psa/crypto_sizes.h>
+#endif
+
+#include "psa_util_internal.h"
+
 #if defined(MBEDTLS_PSA_CRYPTO_C)
 
 #include <psa/crypto.h>
 
-#include "psa_util_internal.h"
-
-/* The following includes are needed for MBEDTLS_ERR_XXX macros */
-#include <mbedtls/error.h>
 #if defined(MBEDTLS_MD_LIGHT)
 #include <mbedtls/md.h>
 #endif
@@ -331,3 +337,239 @@ mbedtls_ecp_group_id mbedtls_ecc_group_from_psa(psa_ecc_family_t family,
 #endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
+
+#if defined(MBEDTLS_PSA_UTIL_HAVE_ECDSA)
+
+/**
+ * \brief  Convert a single raw coordinate to DER ASN.1 format. The output der
+ *         buffer is filled backward (i.e. starting from its end).
+ *
+ * \param raw_buf           Buffer containing the raw coordinate to be
+ *                          converted.
+ * \param raw_len           Length of raw_buf in bytes. This must be > 0.
+ * \param der_buf_start     Pointer to the beginning of the buffer which
+ *                          will be filled with the DER converted data.
+ * \param der_buf_end       End of the buffer used to store the DER output.
+ *
+ * \return                  On success, the amount of data (in bytes) written to
+ *                          the DER buffer.
+ * \return                  MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if the provided der
+ *                          buffer is too small to contain all the converted data.
+ * \return                  MBEDTLS_ERR_ASN1_INVALID_DATA if the input raw
+ *                          coordinate is null (i.e. all zeros).
+ *
+ * \warning                 Raw and der buffer must not be overlapping.
+ */
+static int convert_raw_to_der_single_int(const unsigned char *raw_buf, size_t raw_len,
+                                         unsigned char *der_buf_start,
+                                         unsigned char *der_buf_end)
+{
+    unsigned char *p = der_buf_end;
+    int len;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    /* ASN.1 DER encoding requires minimal length, so skip leading 0s.
+     * Provided input MPIs should not be 0, but as a failsafe measure, still
+     * detect that and return error in case. */
+    while (*raw_buf == 0x00) {
+        ++raw_buf;
+        --raw_len;
+        if (raw_len == 0) {
+            return MBEDTLS_ERR_ASN1_INVALID_DATA;
+        }
+    }
+    len = (int) raw_len;
+
+    /* Copy the raw coordinate to the end of der_buf. */
+    if ((p - der_buf_start) < len) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
+    p -= len;
+    memcpy(p, raw_buf, len);
+
+    /* If MSb is 1, ASN.1 requires that we prepend a 0. */
+    if (*p & 0x80) {
+        if ((p - der_buf_start) < 1) {
+            return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+        }
+        --p;
+        *p = 0x00;
+        ++len;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der_buf_start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der_buf_start, MBEDTLS_ASN1_INTEGER));
+
+    return len;
+}
+
+int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
+                             unsigned char *der, size_t der_size, size_t *der_len)
+{
+    unsigned char r[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+    unsigned char s[PSA_BITS_TO_BYTES(PSA_VENDOR_ECC_MAX_CURVE_BITS)];
+    const size_t coordinate_len = PSA_BITS_TO_BYTES(bits);
+    size_t len = 0;
+    unsigned char *p = der + der_size;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+    if (raw_len != (2 * coordinate_len)) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
+
+    /* Since raw and der buffers might overlap, dump r and s before starting
+     * the conversion. */
+    memcpy(r, raw, coordinate_len);
+    memcpy(s, raw + coordinate_len, coordinate_len);
+
+    /* der buffer will initially be written starting from its end so we pick s
+     * first and then r. */
+    ret = convert_raw_to_der_single_int(s, coordinate_len, der, p);
+    if (ret < 0) {
+        return ret;
+    }
+    p -= ret;
+    len += ret;
+
+    ret = convert_raw_to_der_single_int(r, coordinate_len, der, p);
+    if (ret < 0) {
+        return ret;
+    }
+    p -= ret;
+    len += ret;
+
+    /* Add ASN.1 header (len + tag). */
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(&p, der, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(&p, der,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
+
+    /* memmove the content of der buffer to its beginnig. */
+    memmove(der, p, len);
+    *der_len = len;
+
+    return 0;
+}
+
+/**
+ * \brief Convert a single integer from ASN.1 DER format to raw.
+ *
+ * \param der               Buffer containing the DER integer value to be
+ *                          converted.
+ * \param der_len           Length of the der buffer in bytes.
+ * \param raw               Output buffer that will be filled with the
+ *                          converted data. This should be at least
+ *                          coordinate_size bytes and it must be zeroed before
+ *                          calling this function.
+ * \param coordinate_size   Size (in bytes) of a single coordinate in raw
+ *                          format.
+ *
+ * \return                  On success, the amount of DER data parsed from the
+ *                          provided der buffer.
+ * \return                  MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if the integer tag
+ *                          is missing in the der buffer.
+ * \return                  MBEDTLS_ERR_ASN1_LENGTH_MISMATCH if the integer
+ *                          is null (i.e. all zeros) or if the output raw buffer
+ *                          is too small to contain the converted raw value.
+ *
+ * \warning                 Der and raw buffers must not be overlapping.
+ */
+static int convert_der_to_raw_single_int(unsigned char *der, size_t der_len,
+                                         unsigned char *raw, size_t coordinate_size)
+{
+    unsigned char *p = der;
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t unpadded_len, padding_len = 0;
+
+    /* Get the length of ASN.1 element (i.e. the integer we need to parse). */
+    ret = mbedtls_asn1_get_tag(&p, p + der_len, &unpadded_len,
+                               MBEDTLS_ASN1_INTEGER);
+    if (ret != 0) {
+        return ret;
+    }
+
+    /* It's invalid to have:
+     * - unpadded_len == 0.
+     * - MSb set without a leading 0x00 (leading 0x00 is checked below). */
+    if (((unpadded_len == 0) || (*p & 0x80) != 0)) {
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
+
+    /* Skip possible leading zero */
+    if (*p == 0x00) {
+        p++;
+        unpadded_len--;
+        /* It is not allowed to have more than 1 leading zero.
+         * Ignore the case in which unpadded_len = 0 because that's a 0 encoded
+         * in ASN.1 format (i.e. 020100). */
+        if ((unpadded_len > 0) && (*p == 0x00)) {
+            return MBEDTLS_ERR_ASN1_INVALID_DATA;
+        }
+    }
+
+    if (unpadded_len > coordinate_size) {
+        /* Parsed number is longer than the maximum expected value. */
+        return MBEDTLS_ERR_ASN1_INVALID_DATA;
+    }
+    padding_len = coordinate_size - unpadded_len;
+    /* raw buffer was already zeroed by the calling function so zero-padding
+     * operation is skipped here. */
+    memcpy(raw + padding_len, p, unpadded_len);
+    p += unpadded_len;
+
+    return (int) (p - der);
+}
+
+int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
+                             unsigned char *raw, size_t raw_size, size_t *raw_len)
+{
+    unsigned char raw_tmp[PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE];
+    unsigned char *p = (unsigned char *) der;
+    size_t data_len;
+    size_t coordinate_size = PSA_BITS_TO_BYTES(bits);
+    int ret;
+
+    /* The output raw buffer should be at least twice the size of a raw
+     * coordinate in order to store r and s. */
+    if (raw_size < coordinate_size * 2) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
+
+    /* Check that the provided input DER buffer has the right header. */
+    ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len,
+                               MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+    if (ret != 0) {
+        return ret;
+    }
+
+    memset(raw_tmp, 0, 2 * coordinate_size);
+
+    /* Extract r */
+    ret = convert_der_to_raw_single_int(p, data_len, raw_tmp, coordinate_size);
+    if (ret < 0) {
+        return ret;
+    }
+    p += ret;
+    data_len -= ret;
+
+    /* Extract s */
+    ret = convert_der_to_raw_single_int(p, data_len, raw_tmp + coordinate_size,
+                                        coordinate_size);
+    if (ret < 0) {
+        return ret;
+    }
+    p += ret;
+    data_len -= ret;
+
+    /* Check that we consumed all the input der data. */
+    if ((size_t) (p - der) != der_len) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
+    memcpy(raw, raw_tmp, 2 * coordinate_size);
+    *raw_len = 2 * coordinate_size;
+
+    return 0;
+}
+
+#endif /* MBEDTLS_PSA_UTIL_HAVE_ECDSA */
diff --git a/library/rsa.c b/library/rsa.c
index a90b83adf..f4c08626c 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -32,6 +32,7 @@
 #include "rsa_alt_helpers.h"
 #include "rsa_internal.h"
 #include "mbedtls/oid.h"
+#include "mbedtls/asn1write.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #include "constant_time_internal.h"
@@ -46,6 +47,367 @@
 
 #include "mbedtls/platform.h"
 
+/*
+ * Wrapper around mbedtls_asn1_get_mpi() that rejects zero.
+ *
+ * The value zero is:
+ * - never a valid value for an RSA parameter
+ * - interpreted as "omitted, please reconstruct" by mbedtls_rsa_complete().
+ *
+ * Since values can't be omitted in PKCS#1, passing a zero value to
+ * rsa_complete() would be incorrect, so reject zero values early.
+ */
+static int asn1_get_nonzero_mpi(unsigned char **p,
+                                const unsigned char *end,
+                                mbedtls_mpi *X)
+{
+    int ret;
+
+    ret = mbedtls_asn1_get_mpi(p, end, X);
+    if (ret != 0) {
+        return ret;
+    }
+
+    if (mbedtls_mpi_cmp_int(X, 0) == 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
+    return 0;
+}
+
+int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen)
+{
+    int ret, version;
+    size_t len;
+    unsigned char *p, *end;
+
+    mbedtls_mpi T;
+    mbedtls_mpi_init(&T);
+
+    p = (unsigned char *) key;
+    end = p + keylen;
+
+    /*
+     * This function parses the RSAPrivateKey (PKCS#1)
+     *
+     *  RSAPrivateKey ::= SEQUENCE {
+     *      version           Version,
+     *      modulus           INTEGER,  -- n
+     *      publicExponent    INTEGER,  -- e
+     *      privateExponent   INTEGER,  -- d
+     *      prime1            INTEGER,  -- p
+     *      prime2            INTEGER,  -- q
+     *      exponent1         INTEGER,  -- d mod (p-1)
+     *      exponent2         INTEGER,  -- d mod (q-1)
+     *      coefficient       INTEGER,  -- (inverse of q) mod p
+     *      otherPrimeInfos   OtherPrimeInfos OPTIONAL
+     *  }
+     */
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
+
+    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    end = p + len;
+
+    if ((ret = mbedtls_asn1_get_int(&p, end, &version)) != 0) {
+        return ret;
+    }
+
+    if (version != 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
+    /* Import N */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, &T, NULL, NULL,
+                                  NULL, NULL)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import E */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+                                  NULL, &T)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import D */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, NULL,
+                                  &T, NULL)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import P */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, &T, NULL,
+                                  NULL, NULL)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import Q */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_rsa_import(rsa, NULL, NULL, &T,
+                                  NULL, NULL)) != 0) {
+        goto cleanup;
+    }
+
+#if !defined(MBEDTLS_RSA_NO_CRT) && !defined(MBEDTLS_RSA_ALT)
+    /*
+     * The RSA CRT parameters DP, DQ and QP are nominally redundant, in
+     * that they can be easily recomputed from D, P and Q. However by
+     * parsing them from the PKCS1 structure it is possible to avoid
+     * recalculating them which both reduces the overhead of loading
+     * RSA private keys into memory and also avoids side channels which
+     * can arise when computing those values, since all of D, P, and Q
+     * are secret. See https://eprint.iacr.org/2020/055 for a
+     * description of one such attack.
+     */
+
+    /* Import DP */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->DP, &T)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import DQ */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->DQ, &T)) != 0) {
+        goto cleanup;
+    }
+
+    /* Import QP */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = mbedtls_mpi_copy(&rsa->QP, &T)) != 0) {
+        goto cleanup;
+    }
+
+#else
+    /* Verify existence of the CRT params */
+    if ((ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0 ||
+        (ret = asn1_get_nonzero_mpi(&p, end, &T)) != 0) {
+        goto cleanup;
+    }
+#endif
+
+    /* rsa_complete() doesn't complete anything with the default
+     * implementation but is still called:
+     * - for the benefit of alternative implementation that may want to
+     *   pre-compute stuff beyond what's provided (eg Montgomery factors)
+     * - as is also sanity-checks the key
+     *
+     * Furthermore, we also check the public part for consistency with
+     * mbedtls_pk_parse_pubkey(), as it includes size minima for example.
+     */
+    if ((ret = mbedtls_rsa_complete(rsa)) != 0 ||
+        (ret = mbedtls_rsa_check_pubkey(rsa)) != 0) {
+        goto cleanup;
+    }
+
+    if (p != end) {
+        ret = MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
+cleanup:
+
+    mbedtls_mpi_free(&T);
+
+    if (ret != 0) {
+        mbedtls_rsa_free(rsa);
+    }
+
+    return ret;
+}
+
+int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen)
+{
+    unsigned char *p = (unsigned char *) key;
+    unsigned char *end = (unsigned char *) (key + keylen);
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t len;
+
+    /*
+     *  RSAPublicKey ::= SEQUENCE {
+     *      modulus           INTEGER,  -- n
+     *      publicExponent    INTEGER   -- e
+     *  }
+     */
+
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
+                                    MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
+        return ret;
+    }
+
+    /* mbedtls_asn1_get_tag() already ensures that len is valid (i.e. p+len <= end)*/
+    end = p + len;
+
+    /* Import N */
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+        return ret;
+    }
+
+    if ((ret = mbedtls_rsa_import_raw(rsa, p, len, NULL, 0, NULL, 0,
+                                      NULL, 0, NULL, 0)) != 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
+    p += len;
+
+    /* Import E */
+    if ((ret = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_INTEGER)) != 0) {
+        return ret;
+    }
+
+    if ((ret = mbedtls_rsa_import_raw(rsa, NULL, 0, NULL, 0, NULL, 0,
+                                      NULL, 0, p, len)) != 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
+    p += len;
+
+    if (mbedtls_rsa_complete(rsa) != 0 ||
+        mbedtls_rsa_check_pubkey(rsa) != 0) {
+        return MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+    }
+
+    if (p != end) {
+        return MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+    }
+
+    return 0;
+}
+
+int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start,
+                          unsigned char **p)
+{
+    size_t len = 0;
+    int ret;
+
+    mbedtls_mpi T; /* Temporary holding the exported parameters */
+
+    /*
+     * Export the parameters one after another to avoid simultaneous copies.
+     */
+
+    mbedtls_mpi_init(&T);
+
+    /* Export QP */
+    if ((ret = mbedtls_rsa_export_crt(rsa, NULL, NULL, &T)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export DQ */
+    if ((ret = mbedtls_rsa_export_crt(rsa, NULL, &T, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export DP */
+    if ((ret = mbedtls_rsa_export_crt(rsa, &T, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export Q */
+    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, &T, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export P */
+    if ((ret = mbedtls_rsa_export(rsa, NULL, &T, NULL, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export D */
+    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, &T, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export E */
+    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export N */
+    if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+end_of_export:
+
+    mbedtls_mpi_free(&T);
+    if (ret < 0) {
+        return ret;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_int(p, start, 0));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start,
+                                                     MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
+
+    return (int) len;
+}
+
+/*
+ *  RSAPublicKey ::= SEQUENCE {
+ *      modulus           INTEGER,  -- n
+ *      publicExponent    INTEGER   -- e
+ *  }
+ */
+int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start,
+                             unsigned char **p)
+{
+    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+    size_t len = 0;
+    mbedtls_mpi T;
+
+    mbedtls_mpi_init(&T);
+
+    /* Export E */
+    if ((ret = mbedtls_rsa_export(rsa, NULL, NULL, NULL, NULL, &T)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+    /* Export N */
+    if ((ret = mbedtls_rsa_export(rsa, &T, NULL, NULL, NULL, NULL)) != 0 ||
+        (ret = mbedtls_asn1_write_mpi(p, start, &T)) < 0) {
+        goto end_of_export;
+    }
+    len += ret;
+
+end_of_export:
+
+    mbedtls_mpi_free(&T);
+    if (ret < 0) {
+        return ret;
+    }
+
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_len(p, start, len));
+    MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_tag(p, start, MBEDTLS_ASN1_CONSTRUCTED |
+                                                     MBEDTLS_ASN1_SEQUENCE));
+
+    return (int) len;
+}
 
 #if defined(MBEDTLS_PKCS1_V15) && defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_RSA_ALT)
 
@@ -660,7 +1022,6 @@ size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx)
     return ctx->len;
 }
 
-
 #if defined(MBEDTLS_GENPRIME)
 
 /*
diff --git a/library/rsa_internal.h b/library/rsa_internal.h
index 4081ac639..f79c3b712 100644
--- a/library/rsa_internal.h
+++ b/library/rsa_internal.h
@@ -15,6 +15,85 @@
 #define MBEDTLS_RSA_INTERNAL_H
 
 #include "mbedtls/rsa.h"
+#include "mbedtls/asn1.h"
+
+/**
+ * \brief           Parse a PKCS#1 (ASN.1) encoded private RSA key.
+ *
+ * \param rsa       The RSA context where parsed data will be stored.
+ * \param key       The buffer that contains the key.
+ * \param keylen    The length of the key buffer in bytes.
+ *
+ * \return          0 on success.
+ * \return          MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
+ * \return          MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
+ *                  parsing data.
+ * \return          MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
+ *                  provided key fail.
+ */
+int mbedtls_rsa_parse_key(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
+
+/**
+ * \brief           Parse a PKCS#1 (ASN.1) encoded public RSA key.
+ *
+ * \param rsa       The RSA context where parsed data will be stored.
+ * \param key       The buffer that contains the key.
+ * \param keylen    The length of the key buffer in bytes.
+ *
+ * \return          0 on success.
+ * \return          MBEDTLS_ERR_ASN1_xxx in case of ASN.1 parsing errors.
+ * \return          MBEDTLS_ERR_RSA_xxx in case of RSA internal failures while
+ *                  parsing data.
+ * \return          MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if validity checks on the
+ *                  provided key fail.
+ */
+int mbedtls_rsa_parse_pubkey(mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen);
+
+/**
+ * \brief           Write a PKCS#1 (ASN.1) encoded private RSA key.
+ *
+ * \param rsa       The RSA context which contains the data to be written.
+ * \param start     Beginning of the buffer that will be filled with the
+ *                  private key.
+ * \param p         End of the buffer that will be filled with the private key.
+ *                  On successful return, the referenced pointer will be
+ *                  updated in order to point to the beginning of written data.
+ *
+ * \return          On success, the number of bytes written to the output buffer
+ *                  (i.e. a value > 0).
+ * \return          MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
+ *                  contain a valid key pair.
+ * \return          MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
+ *                  output buffer.
+ *
+ * \note            The output buffer is filled backward, i.e. starting from its
+ *                  end and moving toward its start.
+ */
+int mbedtls_rsa_write_key(const mbedtls_rsa_context *rsa, unsigned char *start,
+                          unsigned char **p);
+
+/**
+ * \brief           Parse a PKCS#1 (ASN.1) encoded public RSA key.
+ *
+ * \param rsa       The RSA context which contains the data to be written.
+ * \param start     Beginning of the buffer that will be filled with the
+ *                  private key.
+ * \param p         End of the buffer that will be filled with the private key.
+ *                  On successful return, the referenced pointer will be
+ *                  updated in order to point to the beginning of written data.
+ *
+ * \return          On success, the number of bytes written to the output buffer
+ *                  (i.e. a value > 0).
+ * \return          MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the RSA context does not
+ *                  contain a valid public key.
+ * \return          MBEDTLS_ERR_ASN1_xxx in case of failure while writing to the
+ *                  output buffer.
+ *
+ * \note            The output buffer is filled backward, i.e. starting from its
+ *                  end and moving toward its start.
+ */
+int mbedtls_rsa_write_pubkey(const mbedtls_rsa_context *rsa, unsigned char *start,
+                             unsigned char **p);
 
 #if defined(MBEDTLS_PKCS1_V21)
 /**
diff --git a/library/sha3.c b/library/sha3.c
index d90fefaea..f420a1249 100644
--- a/library/sha3.c
+++ b/library/sha3.c
@@ -37,7 +37,7 @@ mbedtls_sha3_family_functions;
 /*
  * List of supported SHA-3 families
  */
-static mbedtls_sha3_family_functions sha3_families[] = {
+static const mbedtls_sha3_family_functions sha3_families[] = {
     { MBEDTLS_SHA3_224,      1152, 224 },
     { MBEDTLS_SHA3_256,      1088, 256 },
     { MBEDTLS_SHA3_384,       832, 384 },
@@ -180,7 +180,7 @@ void mbedtls_sha3_clone(mbedtls_sha3_context *dst,
  */
 int mbedtls_sha3_starts(mbedtls_sha3_context *ctx, mbedtls_sha3_id id)
 {
-    mbedtls_sha3_family_functions *p = NULL;
+    const mbedtls_sha3_family_functions *p = NULL;
 
     for (p = sha3_families; p->id != MBEDTLS_SHA3_NONE; p++) {
         if (p->id == id) {
diff --git a/library/sha512.c b/library/sha512.c
index 601125445..6dcea8da5 100644
--- a/library/sha512.c
+++ b/library/sha512.c
@@ -102,6 +102,14 @@
 #      if defined(__linux__)
 /* Our preferred method of detection is getauxval() */
 #        include <sys/auxv.h>
+#        if !defined(HWCAP_SHA512)
+/* The same header that declares getauxval() should provide the HWCAP_xxx
+ * constants to analyze its return value. However, the libc may be too
+ * old to have the constant that we need. So if it's missing, assume that
+ * the value is the same one used by the Linux kernel ABI.
+ */
+#          define HWCAP_SHA512 (1 << 21)
+#        endif
 #      endif
 /* Use SIGILL on Unix, and fall back to it on Linux */
 #      include <signal.h>
diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h
new file mode 100644
index 000000000..27ff72106
--- /dev/null
+++ b/library/ssl_ciphersuites_internal.h
@@ -0,0 +1,154 @@
+/**
+ * \file ssl_ciphersuites_internal.h
+ *
+ * \brief Internal part of the public "ssl_ciphersuites.h".
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
+#define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H
+
+#include "mbedtls/pk.h"
+
+#if defined(MBEDTLS_PK_C)
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+psa_algorithm_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_alg(const mbedtls_ssl_ciphersuite_t *info);
+psa_key_usage_t mbedtls_ssl_get_ciphersuite_sig_pk_psa_usage(const mbedtls_ssl_ciphersuite_t *info);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
+#endif /* MBEDTLS_PK_C */
+
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_PSK:
+        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
+
+static inline int mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+
+static inline int mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
+    const mbedtls_ssl_ciphersuite_t *info)
+{
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
+        case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+        case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+            return 1;
+
+        default:
+            return 0;
+    }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
+
+#endif /* MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H */
diff --git a/library/ssl_client.c b/library/ssl_client.c
index d585ca524..6d988a837 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c
@@ -12,7 +12,7 @@
 
 #include <string.h>
 
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 96afe7628..16cd62e28 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -44,6 +44,8 @@
 #endif
 
 #include "mbedtls/pk.h"
+#include "ssl_ciphersuites_internal.h"
+#include "x509_internal.h"
 #include "pk_internal.h"
 #include "common.h"
 
@@ -650,6 +652,10 @@ struct mbedtls_ssl_handshake_params {
     /* Flag indicating if a CertificateRequest message has been sent
      * to the client or not. */
     uint8_t certificate_request_sent;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+    /* Flag indicating if the server has accepted early data or not. */
+    uint8_t early_data_accepted;
+#endif
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
@@ -2130,12 +2136,6 @@ int mbedtls_ssl_tls13_write_early_data_ext(mbedtls_ssl_context *ssl,
                                            unsigned char *buf,
                                            const unsigned char *end,
                                            size_t *out_len);
-
-#if defined(MBEDTLS_SSL_SRV_C)
-#define MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED \
-    MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT
-#endif /* MBEDTLS_SSL_SRV_C */
-
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 #endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 6579c9686..c2e64c609 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -18,7 +18,7 @@
 
 #include "mbedtls/ssl.h"
 #include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/version.h"
@@ -3985,6 +3985,31 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
                                            rec)) != 0) {
             MBEDTLS_SSL_DEBUG_RET(1, "ssl_decrypt_buf", ret);
 
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C)
+            /*
+             * Although the server rejected early data, it might receive early
+             * data as long as it has not received the client Finished message.
+             * It is encrypted with early keys and should be ignored as stated
+             * in section 4.2.10 of RFC 8446:
+             *
+             * "Ignore the extension and return a regular 1-RTT response. The
+             * server then skips past early data by attempting to deprotect
+             * received records using the handshake traffic key, discarding
+             * records which fail deprotection (up to the configured
+             * max_early_data_size). Once a record is deprotected successfully,
+             * it is treated as the start of the client's second flight and the
+             * server proceeds as with an ordinary 1-RTT handshake."
+             */
+            if ((old_msg_type == MBEDTLS_SSL_MSG_APPLICATION_DATA) &&
+                (ssl->discard_early_data_record ==
+                 MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD)) {
+                MBEDTLS_SSL_DEBUG_MSG(
+                    3, ("EarlyData: deprotect and discard app data records."));
+                /* TODO: Add max_early_data_size check here, see issue 6347 */
+                ret = MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+            }
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */
+
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
             if (ret == MBEDTLS_ERR_SSL_UNEXPECTED_CID &&
                 ssl->conf->ignore_unexpected_cid
@@ -3994,9 +4019,27 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
             }
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
+            /*
+             * The decryption of the record failed, no reason to ignore it,
+             * return in error with the decryption error code.
+             */
             return ret;
         }
 
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C)
+        /*
+         * If the server were discarding protected records that it fails to
+         * deprotect because it has rejected early data, as we have just
+         * deprotected successfully a record, the server has to resume normal
+         * operation and fail the connection if the deprotection of a record
+         * fails.
+         */
+        if (ssl->discard_early_data_record ==
+            MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD) {
+            ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
+        }
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */
+
         if (old_msg_type != rec->type) {
             MBEDTLS_SSL_DEBUG_MSG(4, ("record type after decrypt (before %d): %d",
                                       old_msg_type, rec->type));
@@ -4070,6 +4113,32 @@ static int ssl_prepare_record_content(mbedtls_ssl_context *ssl,
 
     }
 
+#if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_SRV_C)
+    /*
+     * Although the server rejected early data because it needed to send an
+     * HelloRetryRequest message, it might receive early data as long as it has
+     * not received the client Finished message.
+     * The early data is encrypted with early keys and should be ignored as
+     * stated in section 4.2.10 of RFC 8446 (second case):
+     *
+     * "The server then ignores early data by skipping all records with an
+     * external content type of "application_data" (indicating that they are
+     * encrypted), up to the configured max_early_data_size. Ignore application
+     * data message before 2nd ClientHello when early_data was received in 1st
+     * ClientHello."
+     */
+    if (ssl->discard_early_data_record == MBEDTLS_SSL_EARLY_DATA_DISCARD) {
+        if (rec->type == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
+            MBEDTLS_SSL_DEBUG_MSG(
+                3, ("EarlyData: Ignore application message before 2nd ClientHello"));
+            /* TODO: Add max_early_data_size check here, see issue 6347 */
+            return MBEDTLS_ERR_SSL_CONTINUE_PROCESSING;
+        } else if (rec->type == MBEDTLS_SSL_MSG_HANDSHAKE) {
+            ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
+        }
+    }
+#endif /* MBEDTLS_SSL_EARLY_DATA && MBEDTLS_SSL_SRV_C */
+
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
         mbedtls_ssl_dtls_replay_update(ssl);
@@ -5647,13 +5716,54 @@ static int ssl_handle_hs_message_post_handshake(mbedtls_ssl_context *ssl)
     return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
 }
 
+/*
+ * brief          Read at most 'len' application data bytes from the input
+ *                buffer.
+ *
+ * param ssl      SSL context:
+ *                - First byte of application data not read yet in the input
+ *                  buffer located at address `in_offt`.
+ *                - The number of bytes of data not read yet is `in_msglen`.
+ * param buf      buffer that will hold the data
+ * param len      maximum number of bytes to read
+ *
+ * note           The function updates the fields `in_offt` and `in_msglen`
+ *                according to the number of bytes read.
+ *
+ * return         The number of bytes read.
+ */
+static int ssl_read_application_data(
+    mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
+{
+    size_t n = (len < ssl->in_msglen) ? len : ssl->in_msglen;
+
+    if (len != 0) {
+        memcpy(buf, ssl->in_offt, n);
+        ssl->in_msglen -= n;
+    }
+
+    /* Zeroising the plaintext buffer to erase unused application data
+       from the memory. */
+    mbedtls_platform_zeroize(ssl->in_offt, n);
+
+    if (ssl->in_msglen == 0) {
+        /* all bytes consumed */
+        ssl->in_offt = NULL;
+        ssl->keep_current_message = 0;
+    } else {
+        /* more data available */
+        ssl->in_offt += n;
+    }
+
+    return (int) n;
+}
+
 /*
  * Receive application data decrypted from the SSL layer
  */
 int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-    size_t n;
 
     if (ssl == NULL || ssl->conf == NULL) {
         return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
@@ -5817,32 +5927,34 @@ int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len)
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
     }
 
-    n = (len < ssl->in_msglen)
-        ? len : ssl->in_msglen;
-
-    if (len != 0) {
-        memcpy(buf, ssl->in_offt, n);
-        ssl->in_msglen -= n;
-    }
-
-    /* Zeroising the plaintext buffer to erase unused application data
-       from the memory. */
-    mbedtls_platform_zeroize(ssl->in_offt, n);
-
-    if (ssl->in_msglen == 0) {
-        /* all bytes consumed */
-        ssl->in_offt = NULL;
-        ssl->keep_current_message = 0;
-    } else {
-        /* more data available */
-        ssl->in_offt += n;
-    }
+    ret = ssl_read_application_data(ssl, buf, len);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= read"));
 
-    return (int) n;
+    return ret;
 }
 
+#if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_EARLY_DATA)
+int mbedtls_ssl_read_early_data(mbedtls_ssl_context *ssl,
+                                unsigned char *buf, size_t len)
+{
+    if (ssl == NULL || (ssl->conf == NULL)) {
+        return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+    }
+
+    /*
+     * The server may receive early data only while waiting for the End of
+     * Early Data handshake message.
+     */
+    if ((ssl->state != MBEDTLS_SSL_END_OF_EARLY_DATA) ||
+        (ssl->in_offt == NULL)) {
+        return MBEDTLS_ERR_SSL_CANNOT_READ_EARLY_DATA;
+    }
+
+    return ssl_read_application_data(ssl, buf, len);
+}
+#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_SSL_EARLY_DATA */
+
 /*
  * Send application data to be encrypted by the SSL layer, taking care of max
  * fragment length and buffer size.
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0bc18f126..0e9f1fd43 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -20,7 +20,7 @@
 #include "ssl_debug_helpers.h"
 #include "ssl_misc.h"
 
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/version.h"
@@ -631,7 +631,7 @@ static const char *extension_name_table[] = {
     [MBEDTLS_SSL_EXT_ID_RECORD_SIZE_LIMIT] = "record_size_limit"
 };
 
-static unsigned int extension_type_table[] = {
+static const unsigned int extension_type_table[] = {
     [MBEDTLS_SSL_EXT_ID_UNRECOGNIZED] = 0xff,
     [MBEDTLS_SSL_EXT_ID_SERVERNAME] = MBEDTLS_TLS_EXT_SERVERNAME,
     [MBEDTLS_SSL_EXT_ID_MAX_FRAGMENT_LENGTH] = MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH,
@@ -1098,6 +1098,15 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
         return MBEDTLS_ERR_SSL_ALLOC_FAILED;
     }
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+#if defined(MBEDTLS_SSL_CLI_C)
+    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT;
+#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+    ssl->discard_early_data_record = MBEDTLS_SSL_EARLY_DATA_NO_DISCARD;
+#endif
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
     /* Initialize structures */
     mbedtls_ssl_session_init(ssl->session_negotiate);
     ssl_handshake_params_init(ssl->handshake);
@@ -3702,7 +3711,7 @@ int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
          (SSL_SERIALIZED_SESSION_CONFIG_ETM << SSL_SERIALIZED_SESSION_CONFIG_ETM_BIT) | \
          (SSL_SERIALIZED_SESSION_CONFIG_TICKET << SSL_SERIALIZED_SESSION_CONFIG_TICKET_BIT)))
 
-static unsigned char ssl_serialized_session_header[] = {
+static const unsigned char ssl_serialized_session_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
@@ -4427,7 +4436,7 @@ void mbedtls_ssl_session_free(mbedtls_ssl_session *session)
          (SSL_SERIALIZED_CONTEXT_CONFIG_ALPN << SSL_SERIALIZED_CONTEXT_CONFIG_ALPN_BIT) | \
          0u))
 
-static unsigned char ssl_serialized_context_header[] = {
+static const unsigned char ssl_serialized_context_header[] = {
     MBEDTLS_VERSION_MAJOR,
     MBEDTLS_VERSION_MINOR,
     MBEDTLS_VERSION_PATCH,
@@ -5045,7 +5054,7 @@ void mbedtls_ssl_config_init(mbedtls_ssl_config *conf)
  * See the documentation of mbedtls_ssl_conf_curves() for what we promise
  * about this list.
  */
-static uint16_t ssl_preset_default_groups[] = {
+static const uint16_t ssl_preset_default_groups[] = {
 #if defined(MBEDTLS_ECP_HAVE_CURVE25519)
     MBEDTLS_SSL_IANA_TLS_GROUP_X25519,
 #endif
@@ -5096,7 +5105,7 @@ static const int ssl_preset_suiteb_ciphersuites[] = {
  *   - ssl_tls12_preset* is for TLS 1.2 use only.
  *   - ssl_preset_* is for TLS 1.3 only or hybrid TLS 1.3/1.2 handshakes.
  */
-static uint16_t ssl_preset_default_sig_algs[] = {
+static const uint16_t ssl_preset_default_sig_algs[] = {
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
     defined(MBEDTLS_MD_CAN_SHA256) && \
@@ -5191,7 +5200,7 @@ static uint16_t ssl_tls12_preset_default_sig_algs[] = {
 #endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
 
 /* NOTICE: see above */
-static uint16_t ssl_preset_suiteb_sig_algs[] = {
+static const uint16_t ssl_preset_suiteb_sig_algs[] = {
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDSA_CERT_REQ_ANY_ALLOWED_ENABLED) && \
     defined(MBEDTLS_MD_CAN_SHA256) && \
@@ -5232,7 +5241,7 @@ static uint16_t ssl_tls12_preset_suiteb_sig_algs[] = {
 
 #endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
 
-static uint16_t ssl_preset_suiteb_groups[] = {
+static const uint16_t ssl_preset_suiteb_groups[] = {
 #if defined(MBEDTLS_ECP_HAVE_SECP256R1)
     MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
 #endif
@@ -5246,7 +5255,7 @@ static uint16_t ssl_preset_suiteb_groups[] = {
 /* Function for checking `ssl_preset_*_sig_algs` and `ssl_tls12_preset_*_sig_algs`
  * to make sure there are no duplicated signature algorithm entries. */
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_check_no_sig_alg_duplication(uint16_t *sig_algs)
+static int ssl_check_no_sig_alg_duplication(const uint16_t *sig_algs)
 {
     size_t i, j;
     int ret = 0;
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 0c5af87f4..c1ca60c3f 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -14,7 +14,7 @@
 #include "mbedtls/ssl.h"
 #include "ssl_client.h"
 #include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/constant_time.h"
 
@@ -2005,9 +2005,9 @@ static int ssl_get_ecdh_params_from_cert(mbedtls_ssl_context *ssl)
         return MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH;
     }
 
-#if defined(MBEDTLS_ECP_C)
+#if !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
     const mbedtls_ecp_keypair *peer_key = mbedtls_pk_ec_ro(*peer_pk);
-#endif /* MBEDTLS_ECP_C */
+#endif /* !defined(MBEDTLS_PK_USE_PSA_EC_DATA) */
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     uint16_t tls_id = 0;
diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 5a9f6ca4e..f242faa1e 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -13,7 +13,7 @@
 
 #include "mbedtls/ssl.h"
 #include "ssl_misc.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
 #include "constant_time_internal.h"
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index a3d33a34f..f4987b316 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -11,7 +11,7 @@
 
 #include <string.h>
 
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 
@@ -1182,7 +1182,8 @@ int mbedtls_ssl_tls13_write_client_hello_exts(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     if (mbedtls_ssl_conf_tls13_is_some_psk_enabled(ssl) &&
         ssl_tls13_early_data_has_valid_ticket(ssl) &&
-        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED) {
+        ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_ENABLED &&
+        ssl->handshake->hello_retry_request_count == 0) {
 
         ret = mbedtls_ssl_tls13_write_early_data_ext(
             ssl, 0, p, end, &ext_len);
@@ -1236,10 +1237,6 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
     const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
 
     if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED) {
-#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
-        mbedtls_ssl_handshake_set_state(
-            ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
-#endif
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Set hs psk for early data when writing the first psk"));
 
@@ -1294,6 +1291,15 @@ int mbedtls_ssl_tls13_finalize_client_hello(mbedtls_ssl_context *ssl)
             return ret;
         }
 
+#if defined(MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE)
+        mbedtls_ssl_handshake_set_state(
+            ssl, MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO);
+#else
+        MBEDTLS_SSL_DEBUG_MSG(
+            1, ("Switch to early data keys for outbound traffic"));
+        mbedtls_ssl_set_outbound_transform(
+            ssl, ssl->handshake->transform_earlydata);
+#endif
     }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
     return 0;
@@ -3067,19 +3073,19 @@ int mbedtls_ssl_tls13_handshake_client_step(mbedtls_ssl_context *ssl)
             }
             break;
 
+#if defined(MBEDTLS_SSL_EARLY_DATA)
         case MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO:
             ret = mbedtls_ssl_tls13_write_change_cipher_spec(ssl);
             if (ret == 0) {
                 mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
 
-#if defined(MBEDTLS_SSL_EARLY_DATA)
                 MBEDTLS_SSL_DEBUG_MSG(
                     1, ("Switch to early data keys for outbound traffic"));
                 mbedtls_ssl_set_outbound_transform(
                     ssl, ssl->handshake->transform_earlydata);
-#endif
             }
             break;
+#endif /* MBEDTLS_SSL_EARLY_DATA */
 #endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 04ecd8b43..959f8e6a0 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -12,7 +12,7 @@
 #include <string.h>
 
 #include "mbedtls/error.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
@@ -1539,26 +1539,36 @@ static psa_status_t  mbedtls_ssl_get_psa_ffdh_info_from_tls_id(
     uint16_t tls_id, size_t *bits, psa_key_type_t *key_type)
 {
     switch (tls_id) {
+#if defined(PSA_WANT_DH_RFC7919_2048)
         case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
             *bits = 2048;
             *key_type = PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
             return PSA_SUCCESS;
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+#if defined(PSA_WANT_DH_RFC7919_3072)
         case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
             *bits = 3072;
             *key_type =  PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
             return PSA_SUCCESS;
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+#if defined(PSA_WANT_DH_RFC7919_4096)
         case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
             *bits = 4096;
             *key_type =  PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
             return PSA_SUCCESS;
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+#if defined(PSA_WANT_DH_RFC7919_6144)
         case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
             *bits = 6144;
             *key_type =  PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
             return PSA_SUCCESS;
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+#if defined(PSA_WANT_DH_RFC7919_8192)
         case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
             *bits = 8192;
             *key_type =  PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919);
             return PSA_SUCCESS;
+#endif /* PSA_WANT_DH_RFC7919_8192 */
         default:
             return PSA_ERROR_NOT_SUPPORTED;
     }
diff --git a/library/ssl_tls13_keys.c b/library/ssl_tls13_keys.c
index edb453c3e..739414ea2 100644
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@@ -13,7 +13,7 @@
 #include <string.h>
 
 #include "mbedtls/hkdf.h"
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 904bb5b6f..62b117cfa 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -9,7 +9,7 @@
 
 #if defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_SSL_PROTO_TLS1_3)
 
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform.h"
 #include "mbedtls/constant_time.h"
@@ -1533,6 +1533,12 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
         unsigned int extension_type;
         size_t extension_data_len;
         const unsigned char *extension_data_end;
+        uint32_t allowed_exts = MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH;
+
+        if (ssl->handshake->hello_retry_request_count > 0) {
+            /* Do not accept early data extension in 2nd ClientHello */
+            allowed_exts &= ~MBEDTLS_SSL_EXT_MASK(EARLY_DATA);
+        }
 
         /* RFC 8446, section 4.2.11
          *
@@ -1560,7 +1566,7 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 
         ret = mbedtls_ssl_tls13_check_received_extension(
             ssl, MBEDTLS_SSL_HS_CLIENT_HELLO, extension_type,
-            MBEDTLS_SSL_TLS1_3_ALLOWED_EXTS_OF_CH);
+            allowed_exts);
         if (ret != 0) {
             return ret;
         }
@@ -1780,25 +1786,15 @@ static int ssl_tls13_parse_client_hello(mbedtls_ssl_context *ssl,
 }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
+static int ssl_tls13_check_early_data_requirements(mbedtls_ssl_context *ssl)
 {
     mbedtls_ssl_handshake_params *handshake = ssl->handshake;
 
-    if ((handshake->received_extensions &
-         MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) == 0) {
-        MBEDTLS_SSL_DEBUG_MSG(
-            1, ("EarlyData: no early data extension received."));
-        ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_RECEIVED;
-        return;
-    }
-
-    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
-
     if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
         MBEDTLS_SSL_DEBUG_MSG(
             1,
             ("EarlyData: rejected, feature disabled in server configuration."));
-        return;
+        return -1;
     }
 
     if (!handshake->resume) {
@@ -1807,7 +1803,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
            resumption. */
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("EarlyData: rejected, not a session resumption."));
-        return;
+        return -1;
     }
 
     /* RFC 8446 4.2.10
@@ -1830,7 +1826,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("EarlyData: rejected, the selected key in "
                 "`pre_shared_key` is not the first one."));
-        return;
+        return -1;
     }
 
     if (handshake->ciphersuite_info->id !=
@@ -1838,7 +1834,7 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("EarlyData: rejected, the selected ciphersuite is not the one "
                 "of the selected pre-shared key."));
-        return;
+        return -1;
 
     }
 
@@ -1847,18 +1843,18 @@ static void ssl_tls13_update_early_data_status(mbedtls_ssl_context *ssl)
             1,
             ("EarlyData: rejected, early_data not allowed in ticket "
              "permission bits."));
-        return;
+        return -1;
     }
 
-    ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
-
+    return 0;
 }
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
 /* Update the handshake state machine */
 
 MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
+static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl,
+                                              int hrr_required)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -1882,17 +1878,26 @@ static int ssl_tls13_postprocess_client_hello(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    /* There is enough information, update early data state. */
-    ssl_tls13_update_early_data_status(ssl);
+    if (ssl->handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
+        ssl->handshake->early_data_accepted =
+            (!hrr_required) && (ssl_tls13_check_early_data_requirements(ssl) == 0);
 
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
-        ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
-        if (ret != 0) {
-            MBEDTLS_SSL_DEBUG_RET(
-                1, "mbedtls_ssl_tls13_compute_early_transform", ret);
-            return ret;
+        if (ssl->handshake->early_data_accepted) {
+            ret = mbedtls_ssl_tls13_compute_early_transform(ssl);
+            if (ret != 0) {
+                MBEDTLS_SSL_DEBUG_RET(
+                    1, "mbedtls_ssl_tls13_compute_early_transform", ret);
+                return ret;
+            }
+        } else {
+            ssl->discard_early_data_record =
+                hrr_required ?
+                MBEDTLS_SSL_EARLY_DATA_DISCARD :
+                MBEDTLS_SSL_EARLY_DATA_TRY_TO_DEPROTECT_AND_DISCARD;
         }
     }
+#else
+    ((void) hrr_required);
 #endif /* MBEDTLS_SSL_EARLY_DATA */
 
     return 0;
@@ -1947,7 +1952,9 @@ static int ssl_tls13_process_client_hello(mbedtls_ssl_context *ssl)
         return 0;
     }
 
-    MBEDTLS_SSL_PROC_CHK(ssl_tls13_postprocess_client_hello(ssl));
+    MBEDTLS_SSL_PROC_CHK(
+        ssl_tls13_postprocess_client_hello(ssl, parse_client_hello_ret ==
+                                           SSL_CLIENT_HELLO_HRR_REQUIRED));
 
     if (SSL_CLIENT_HELLO_OK == parse_client_hello_ret) {
         mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO);
@@ -2530,7 +2537,7 @@ static int ssl_tls13_write_encrypted_extensions_body(mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+    if (ssl->handshake->early_data_accepted) {
         ret = mbedtls_ssl_tls13_write_early_data_ext(
             ssl, 0, p, end, &output_len);
         if (ret != 0) {
@@ -2857,7 +2864,7 @@ static int ssl_tls13_write_server_finished(mbedtls_ssl_context *ssl)
     }
 
 #if defined(MBEDTLS_SSL_EARLY_DATA)
-    if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+    if (ssl->handshake->early_data_accepted) {
         /* See RFC 8446 section A.2 for more information */
         MBEDTLS_SSL_DEBUG_MSG(
             1, ("Switch to early keys for inbound traffic. "
@@ -2911,6 +2918,17 @@ static int ssl_tls13_end_of_early_data_coordinate(mbedtls_ssl_context *ssl)
 
     if (ssl->in_msgtype == MBEDTLS_SSL_MSG_APPLICATION_DATA) {
         MBEDTLS_SSL_DEBUG_MSG(3, ("Received early data"));
+        /* RFC 8446 section 4.6.1
+         *
+         * A server receiving more than max_early_data_size bytes of 0-RTT data
+         * SHOULD terminate the connection with an "unexpected_message" alert.
+         *
+         * TODO: Add received data size check here.
+         */
+        if (ssl->in_offt == NULL) {
+            /* Set the reading pointer */
+            ssl->in_offt = ssl->in_msg;
+        }
         return SSL_GOT_EARLY_DATA;
     }
 
@@ -2936,37 +2954,6 @@ static int ssl_tls13_parse_end_of_early_data(mbedtls_ssl_context *ssl,
     return 0;
 }
 
-MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_tls13_process_early_application_data(mbedtls_ssl_context *ssl)
-{
-    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
-    if ((ret = mbedtls_ssl_read_record(ssl, 0)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_read_record", ret);
-        return ret;
-    }
-
-    /*
-     * Output early data
-     *
-     * For the time being, we print received data via debug message.
-     *
-     * TODO: Remove it when `mbedtls_ssl_read_early_data` is ready.
-     */
-    ssl->in_msg[ssl->in_msglen] = 0;
-    MBEDTLS_SSL_DEBUG_MSG(3, ("\n%s", ssl->in_msg));
-
-    /* RFC 8446 section 4.6.1
-     *
-     * A server receiving more than max_early_data_size bytes of 0-RTT data
-     * SHOULD terminate the connection with an "unexpected_message" alert.
-     *
-     * TODO: Add received data size check here.
-     */
-
-    return 0;
-}
-
 /*
  * RFC 8446 section A.2
  *
@@ -3037,7 +3024,8 @@ static int ssl_tls13_process_end_of_early_data(mbedtls_ssl_context *ssl)
         ssl_tls13_prepare_for_handshake_second_flight(ssl);
 
     } else if (ret == SSL_GOT_EARLY_DATA) {
-        MBEDTLS_SSL_PROC_CHK(ssl_tls13_process_early_application_data(ssl));
+        ret = MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA;
+        goto cleanup;
     } else {
         MBEDTLS_SSL_DEBUG_MSG(1, ("should never happen"));
         ret = MBEDTLS_ERR_SSL_INTERNAL_ERROR;
diff --git a/library/x509.c b/library/x509.c
index b7b71f33c..f97fb4458 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -19,7 +19,7 @@
 
 #if defined(MBEDTLS_X509_USE_C)
 
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
 #include "mbedtls/asn1.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
diff --git a/library/x509_create.c b/library/x509_create.c
index f7a17e712..839b5df22 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -9,7 +9,7 @@
 
 #if defined(MBEDTLS_X509_CREATE_C)
 
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
diff --git a/library/x509_crl.c b/library/x509_crl.c
index fdbad238a..7901992e2 100644
--- a/library/x509_crl.c
+++ b/library/x509_crl.c
@@ -20,6 +20,7 @@
 #if defined(MBEDTLS_X509_CRL_PARSE_C)
 
 #include "mbedtls/x509_crl.h"
+#include "x509_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 84b92a891..7f0160a00 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -22,6 +22,7 @@
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 
 #include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
diff --git a/library/x509_csr.c b/library/x509_csr.c
index 79b158964..813d64466 100644
--- a/library/x509_csr.c
+++ b/library/x509_csr.c
@@ -20,6 +20,7 @@
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
 
 #include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
diff --git a/library/x509_internal.h b/library/x509_internal.h
new file mode 100644
index 000000000..15e097a15
--- /dev/null
+++ b/library/x509_internal.h
@@ -0,0 +1,213 @@
+/**
+ * \file x509.h
+ *
+ * \brief Internal part of the public "x509.h".
+ */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+#ifndef MBEDTLS_X509_INTERNAL_H
+#define MBEDTLS_X509_INTERNAL_H
+#include "mbedtls/private_access.h"
+
+#include "mbedtls/build_info.h"
+
+#include "mbedtls/x509.h"
+#include "mbedtls/asn1.h"
+#include "pk_internal.h"
+
+#if defined(MBEDTLS_RSA_C)
+#include "mbedtls/rsa.h"
+#endif
+
+/**
+ * \brief          Return the next relative DN in an X509 name.
+ *
+ * \note           Intended use is to compare function result to dn->next
+ *                 in order to detect boundaries of multi-valued RDNs.
+ *
+ * \param dn       Current node in the X509 name
+ *
+ * \return         Pointer to the first attribute-value pair of the
+ *                 next RDN in sequence, or NULL if end is reached.
+ */
+static inline mbedtls_x509_name *mbedtls_x509_dn_get_next(
+    mbedtls_x509_name *dn)
+{
+    while (dn->MBEDTLS_PRIVATE(next_merged) && dn->next != NULL) {
+        dn = dn->next;
+    }
+    return dn->next;
+}
+
+/**
+ * \brief          Store the certificate serial in printable form into buf;
+ *                 no more than size characters will be written.
+ *
+ * \param buf      Buffer to write to
+ * \param size     Maximum size of buffer
+ * \param serial   The X509 serial to represent
+ *
+ * \return         The length of the string written (not including the
+ *                 terminated nul byte), or a negative error code.
+ */
+int mbedtls_x509_serial_gets(char *buf, size_t size, const mbedtls_x509_buf *serial);
+
+/**
+ * \brief          Compare pair of mbedtls_x509_time.
+ *
+ * \param t1       mbedtls_x509_time to compare
+ * \param t2       mbedtls_x509_time to compare
+ *
+ * \return         < 0 if t1 is before t2
+ *                   0 if t1 equals t2
+ *                 > 0 if t1 is after t2
+ */
+int mbedtls_x509_time_cmp(const mbedtls_x509_time *t1, const mbedtls_x509_time *t2);
+
+#if defined(MBEDTLS_HAVE_TIME_DATE)
+/**
+ * \brief          Fill mbedtls_x509_time with provided mbedtls_time_t.
+ *
+ * \param tt       mbedtls_time_t to convert
+ * \param now      mbedtls_x509_time to fill with converted mbedtls_time_t
+ *
+ * \return         \c 0 on success
+ * \return         A non-zero return value on failure.
+ */
+int mbedtls_x509_time_gmtime(mbedtls_time_t tt, mbedtls_x509_time *now);
+#endif /* MBEDTLS_HAVE_TIME_DATE */
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the past.
+ *
+ * \note           Intended usage is "if( is_past( valid_to ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param to       mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the past or an error occurred,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
+
+/**
+ * \brief          Check a given mbedtls_x509_time against the system time
+ *                 and tell if it's in the future.
+ *
+ * \note           Intended usage is "if( is_future( valid_from ) ) ERROR".
+ *                 Hence the return value of 1 if on internal errors.
+ *
+ * \param from     mbedtls_x509_time to check
+ *
+ * \return         1 if the given time is in the future or an error occurred,
+ *                 0 otherwise.
+ */
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
+
+/**
+ * \brief          This function parses an item in the SubjectAlternativeNames
+ *                 extension. Please note that this function might allocate
+ *                 additional memory for a subject alternative name, thus
+ *                 mbedtls_x509_free_subject_alt_name has to be called
+ *                 to dispose of this additional memory afterwards.
+ *
+ * \param san_buf  The buffer holding the raw data item of the subject
+ *                 alternative name.
+ * \param san      The target structure to populate with the parsed presentation
+ *                 of the subject alternative name encoded in \p san_buf.
+ *
+ * \note           Supported GeneralName types, as defined in RFC 5280:
+ *                 "rfc822Name", "dnsName", "directoryName",
+ *                 "uniformResourceIdentifier" and "hardware_module_name"
+ *                 of type "otherName", as defined in RFC 4108.
+ *
+ * \note           This function should be called on a single raw data of
+ *                 subject alternative name. For example, after successful
+ *                 certificate parsing, one must iterate on every item in the
+ *                 \c crt->subject_alt_names sequence, and pass it to
+ *                 this function.
+ *
+ * \warning        The target structure contains pointers to the raw data of the
+ *                 parsed certificate, and its lifetime is restricted by the
+ *                 lifetime of the certificate.
+ *
+ * \return         \c 0 on success
+ * \return         #MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE for an unsupported
+ *                 SAN type.
+ * \return         Another negative value for any other failure.
+ */
+int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
+                                        mbedtls_x509_subject_alternative_name *san);
+/**
+ * \brief          Unallocate all data related to subject alternative name
+ *
+ * \param san      SAN structure - extra memory owned by this structure will be freed
+ */
+void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san);
+
+int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end,
+                          mbedtls_x509_name *cur);
+int mbedtls_x509_get_alg_null(unsigned char **p, const unsigned char *end,
+                              mbedtls_x509_buf *alg);
+int mbedtls_x509_get_alg(unsigned char **p, const unsigned char *end,
+                         mbedtls_x509_buf *alg, mbedtls_x509_buf *params);
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+                                       mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
+                                       int *salt_len);
+#endif
+int mbedtls_x509_get_sig(unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig);
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                             mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
+                             void **sig_opts);
+int mbedtls_x509_get_time(unsigned char **p, const unsigned char *end,
+                          mbedtls_x509_time *t);
+int mbedtls_x509_get_serial(unsigned char **p, const unsigned char *end,
+                            mbedtls_x509_buf *serial);
+int mbedtls_x509_get_ext(unsigned char **p, const unsigned char *end,
+                         mbedtls_x509_buf *ext, int tag);
+#if !defined(MBEDTLS_X509_REMOVE_INFO)
+int mbedtls_x509_sig_alg_gets(char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                              mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
+                              const void *sig_opts);
+#endif
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
+                               int critical, const unsigned char *val,
+                               size_t val_len);
+int mbedtls_x509_write_extensions(unsigned char **p, unsigned char *start,
+                                  mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_names(unsigned char **p, unsigned char *start,
+                             mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
+                           const char *oid, size_t oid_len,
+                           unsigned char *sig, size_t size,
+                           mbedtls_pk_type_t pk_alg);
+int mbedtls_x509_get_ns_cert_type(unsigned char **p,
+                                  const unsigned char *end,
+                                  unsigned char *ns_cert_type);
+int mbedtls_x509_get_key_usage(unsigned char **p,
+                               const unsigned char *end,
+                               unsigned int *key_usage);
+int mbedtls_x509_get_subject_alt_name(unsigned char **p,
+                                      const unsigned char *end,
+                                      mbedtls_x509_sequence *subject_alt_name);
+int mbedtls_x509_get_subject_alt_name_ext(unsigned char **p,
+                                          const unsigned char *end,
+                                          mbedtls_x509_sequence *subject_alt_name);
+int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
+                                       const mbedtls_x509_sequence
+                                       *subject_alt_name,
+                                       const char *prefix);
+int mbedtls_x509_info_cert_type(char **buf, size_t *size,
+                                unsigned char ns_cert_type);
+int mbedtls_x509_info_key_usage(char **buf, size_t *size,
+                                unsigned int key_usage);
+
+int mbedtls_x509_write_set_san_common(mbedtls_asn1_named_data **extensions,
+                                      const mbedtls_x509_san_list *san_list);
+
+#endif /* MBEDTLS_X509_INTERNAL_H */
diff --git a/library/x509write.c b/library/x509write.c
index d434df507..4704900d3 100644
--- a/library/x509write.c
+++ b/library/x509write.c
@@ -8,6 +8,7 @@
 #if defined(MBEDTLS_X509_CSR_WRITE_C) || defined(MBEDTLS_X509_CRT_WRITE_C)
 
 #include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 913b15a70..72f5a10a1 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -16,6 +16,7 @@
 #if defined(MBEDTLS_X509_CRT_WRITE_C)
 
 #include "mbedtls/x509_crt.h"
+#include "x509_internal.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
 #include "mbedtls/oid.h"
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index af75e7f72..d3ddbcc03 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -14,7 +14,7 @@
 
 #if defined(MBEDTLS_X509_CSR_WRITE_C)
 
-#include "mbedtls/x509.h"
+#include "x509_internal.h"
 #include "mbedtls/x509_csr.h"
 #include "mbedtls/asn1write.h"
 #include "mbedtls/error.h"
diff --git a/programs/Makefile b/programs/Makefile
index 82c856996..6baf4651a 100644
--- a/programs/Makefile
+++ b/programs/Makefile
@@ -114,7 +114,7 @@ all: fuzz
 endif
 
 fuzz: ${MBEDTLS_TEST_OBJS}
-	$(MAKE) -C fuzz THIRDPARTY_INCLUDES=$(THIRDPARTY_INCLUDES)
+	$(MAKE) -C fuzz
 
 ${MBEDTLS_TEST_OBJS}:
 	$(MAKE) -C ../tests mbedtls_test
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 85bcd5fca..ccb8db564 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -4,7 +4,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index 93e5f31ee..e925524f6 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -4,7 +4,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 7747744cd..c389029bc 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -1,5 +1,6 @@
 set(libs
     ${mbedtls_target}
+    ${CMAKE_THREAD_LIBS_INIT}
 )
 
 find_library(FUZZINGENGINE_LIB FuzzingEngine)
diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile
index b4fc76ae1..828e5184a 100644
--- a/programs/fuzz/Makefile
+++ b/programs/fuzz/Makefile
@@ -1,36 +1,14 @@
-MBEDTLS_TEST_PATH:=../../tests/src
-MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c))
+MBEDTLS_TEST_PATH:=../../tests
 
-CFLAGS ?= -O2
-WARNING_CFLAGS ?= -Wall -Wextra
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64
-LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS}		\
-		-L../../library			\
-		-lmbedtls$(SHARED_SUFFIX)	\
-		-lmbedx509$(SHARED_SUFFIX)	\
-		-lmbedcrypto$(SHARED_SUFFIX)
+MBEDTLS_PATH := ../..
+include ../../scripts/common.make
 
-LOCAL_CFLAGS += $(patsubst -I../%,-I../../%,$(THIRDPARTY_INCLUDES))
-
-ifndef SHARED
-DEP=../../library/libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a
-else
-DEP=../../library/libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT)
-endif
-
-
-DLEXT ?= so
-EXEXT=
-SHARED_SUFFIX=
+DEP=${MBEDLIBS}
 
 ifdef FUZZINGENGINE
 LOCAL_LDFLAGS += -lFuzzingEngine
 endif
 
-ifdef WINDOWS_BUILD
-LOCAL_LDFLAGS += -lbcrypt
-endif
-
 # A test application is built for each suites/test_suite_*.data file.
 # Application name is same as .data file's base name and can be
 # constructed by stripping path 'suites/' and extension .data.
@@ -45,9 +23,6 @@ BINARIES := $(addsuffix $(EXEXT),$(APPS))
 
 all: $(BINARIES)
 
-$(DEP):
-	$(MAKE) -C ../../library
-
 C_FILES := $(addsuffix .c,$(APPS))
 
 %.o: %.c
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index da9818844..fcacf3ba4 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -6,7 +6,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 3ad56436e..cd0387a88 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -5,7 +5,7 @@ set(executables_mbedtls
 
 foreach(exe IN LISTS executables_mbedtls)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedtls_target})
+    target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
@@ -32,7 +32,7 @@ set(executables_mbedcrypto
 
 foreach(exe IN LISTS executables_mbedcrypto)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index 91bac0ef4..1ae5651ba 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -66,7 +66,7 @@ int main(void)
     mbedtls_dhm_context dhm;
     mbedtls_aes_context aes;
 
-    mbedtls_mpi N, P, Q, D, E;
+    mbedtls_mpi N, P, Q, D, E, dhm_P, dhm_G;
 
     mbedtls_net_init(&listen_fd);
     mbedtls_net_init(&client_fd);
@@ -75,8 +75,8 @@ int main(void)
     mbedtls_ctr_drbg_init(&ctr_drbg);
 
     mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E);
-
+    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&dhm_P);
+    mbedtls_mpi_init(&dhm_G);
     /*
      * 1. Setup the RNG
      */
@@ -141,8 +141,9 @@ int main(void)
         goto exit;
     }
 
-    if (mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(P), 16, f) != 0 ||
-        mbedtls_mpi_read_file(&dhm.MBEDTLS_PRIVATE(G), 16, f) != 0) {
+    if ((ret = mbedtls_mpi_read_file(&dhm_P, 16, f)) != 0 ||
+        (ret = mbedtls_mpi_read_file(&dhm_G, 16, f)) != 0 ||
+        (ret = mbedtls_dhm_set_group(&dhm, &dhm_P, &dhm_G) != 0)) {
         mbedtls_printf(" failed\n  ! Invalid DH parameter file\n\n");
         fclose(f);
         goto exit;
@@ -176,7 +177,7 @@ int main(void)
     memset(buf, 0, sizeof(buf));
 
     if ((ret =
-             mbedtls_dhm_make_params(&dhm, (int) mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P)), buf, &n,
+             mbedtls_dhm_make_params(&dhm, (int) mbedtls_dhm_get_len(&dhm), buf, &n,
                                      mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
         mbedtls_printf(" failed\n  ! mbedtls_dhm_make_params returned %d\n\n", ret);
         goto exit;
@@ -286,7 +287,8 @@ int main(void)
 exit:
 
     mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E);
+    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&dhm_P);
+    mbedtls_mpi_free(&dhm_G);
 
     mbedtls_net_free(&client_fd);
     mbedtls_net_free(&listen_fd);
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index c8ee626d8..a8e4b0e37 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -28,7 +28,7 @@ endif()
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index e5edf7b58..594039535 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -5,7 +5,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${mbedcrypto_target})
+    target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 280bbcf3d..ec2c86fb4 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -1,4 +1,3 @@
-set(THREADS_USE_PTHREADS_WIN32 true)
 find_package(Threads)
 
 set(libs
@@ -39,7 +38,7 @@ foreach(exe IN LISTS executables)
     endif()
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
         ${extra_sources})
-    target_link_libraries(${exe} ${libs})
+    target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
     if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
         if(GEN_FILES)
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 598d38cac..48b2282c9 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1612,6 +1612,7 @@ int main(int argc, char *argv[])
 #if defined(MBEDTLS_SSL_EARLY_DATA)
     int tls13_early_data_enabled = MBEDTLS_SSL_EARLY_DATA_DISABLED;
 #endif
+
 #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
     mbedtls_memory_buffer_alloc_init(alloc_buf, sizeof(alloc_buf));
 #if defined(MBEDTLS_MEMORY_DEBUG)
@@ -3450,6 +3451,19 @@ handshake:
     fflush(stdout);
 
     while ((ret = mbedtls_ssl_handshake(&ssl)) != 0) {
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+        if (ret == MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA) {
+            memset(buf, 0, opt.buffer_size);
+            ret = mbedtls_ssl_read_early_data(&ssl, buf, opt.buffer_size);
+            if (ret > 0) {
+                buf[ret] = '\0';
+                mbedtls_printf(" %d early data bytes read\n\n%s\n",
+                               ret, (char *) buf);
+            }
+            continue;
+        }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
         if (ret == MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS &&
             ssl_async_keys.inject_error == SSL_ASYNC_INJECT_ERROR_CANCEL) {
diff --git a/programs/ssl/ssl_test_lib.c b/programs/ssl/ssl_test_lib.c
index b49dd67c2..a65332ae1 100644
--- a/programs/ssl/ssl_test_lib.c
+++ b/programs/ssl/ssl_test_lib.c
@@ -13,7 +13,7 @@
 #include "ssl_test_lib.h"
 
 #if defined(MBEDTLS_TEST_HOOKS)
-#include "test/helpers.h"
+#include "test/threading_helpers.h"
 #endif
 
 #if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
@@ -427,7 +427,7 @@ int test_hooks_failure_detected(void)
     mbedtls_test_mutex_usage_check();
 #endif
 
-    if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_SUCCESS) {
+    if (mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_SUCCESS) {
         return 1;
     }
     return 0;
@@ -515,17 +515,31 @@ static const struct {
 #endif
 #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
     defined(PSA_WANT_ALG_FFDH)
+#if defined(PSA_WANT_DH_RFC7919_2048)
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
-    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
-#else
+#else /* PSA_WANT_DH_RFC7919_2048 */
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 },
+#endif /* PSA_WANT_DH_RFC7919_2048 */
+#if defined(PSA_WANT_DH_RFC7919_3072)
+    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
+#else /* PSA_WANT_DH_RFC7919_3072 */
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 },
+#endif /* PSA_WANT_DH_RFC7919_3072 */
+#if defined(PSA_WANT_DH_RFC7919_4096)
+    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
+#else /* PSA_WANT_DH_RFC7919_4096 */
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 },
+#endif /* PSA_WANT_DH_RFC7919_4096 */
+#if defined(PSA_WANT_DH_RFC7919_6144)
+    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
+#else /* PSA_WANT_DH_RFC7919_6144 */
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 },
+#endif /* PSA_WANT_DH_RFC7919_6144 */
+#if defined(PSA_WANT_DH_RFC7919_8192)
+    { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
+#else /* PSA_WANT_DH_RFC7919_8192 */
     { MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 },
+#endif /* PSA_WANT_DH_RFC7919_8192 */
 #endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
     { 0, NULL, 0 },
 };
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 077873112..f91f786b9 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -26,7 +26,7 @@ if(TEST_CPP)
     )
     add_executable(cpp_dummy_build "${cpp_dummy_build_cpp}")
     target_include_directories(cpp_dummy_build PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include)
-    target_link_libraries(cpp_dummy_build ${mbedcrypto_target})
+    target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
 endif()
 
 if(USE_SHARED_MBEDTLS_LIBRARY AND
@@ -81,9 +81,9 @@ foreach(exe IN LISTS executables_libs executables_mbedcrypto)
     # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3
     list(FIND executables_libs ${exe} exe_index)
     if (${exe_index} GREATER -1)
-        target_link_libraries(${exe} ${libs})
+        target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     else()
-        target_link_libraries(${exe} ${mbedcrypto_target})
+        target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
     endif()
 endforeach()
 
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 6f7f69bda..8fa5d6298 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -1089,20 +1089,24 @@ int main(int argc, char *argv[])
         mbedtls_dhm_context dhm;
         size_t olen;
         size_t n;
+        mbedtls_mpi P, G;
+        mbedtls_mpi_init(&P); mbedtls_mpi_init(&G);
 
         for (i = 0; (size_t) i < sizeof(dhm_sizes) / sizeof(dhm_sizes[0]); i++) {
             mbedtls_dhm_init(&dhm);
 
-            if (mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(P), dhm_P[i],
+            if (mbedtls_mpi_read_binary(&P, dhm_P[i],
                                         dhm_P_size[i]) != 0 ||
-                mbedtls_mpi_read_binary(&dhm.MBEDTLS_PRIVATE(G), dhm_G[i],
-                                        dhm_G_size[i]) != 0) {
+                mbedtls_mpi_read_binary(&G, dhm_G[i],
+                                        dhm_G_size[i]) != 0 ||
+                mbedtls_dhm_set_group(&dhm, &P, &G) != 0) {
                 mbedtls_exit(1);
             }
 
-            n = mbedtls_mpi_size(&dhm.MBEDTLS_PRIVATE(P));
+            n = mbedtls_dhm_get_len(&dhm);
             mbedtls_dhm_make_public(&dhm, (int) n, buf, n, myrand, NULL);
-            if (mbedtls_mpi_copy(&dhm.MBEDTLS_PRIVATE(GY), &dhm.MBEDTLS_PRIVATE(GX)) != 0) {
+
+            if (mbedtls_dhm_read_public(&dhm, buf, n) != 0) {
                 mbedtls_exit(1);
             }
 
@@ -1119,6 +1123,7 @@ int main(int argc, char *argv[])
                             mbedtls_dhm_calc_secret(&dhm, buf, sizeof(buf), &olen, myrand, NULL));
 
             mbedtls_dhm_free(&dhm);
+            mbedtls_mpi_free(&P), mbedtls_mpi_free(&G);
         }
     }
 #endif
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index 3c3cba3c2..78bd5e792 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -20,4 +20,4 @@ set(libs
 )
 
 add_executable(cmake_subproject cmake_subproject.c)
-target_link_libraries(cmake_subproject ${libs})
+target_link_libraries(cmake_subproject ${libs} ${CMAKE_THREAD_LIBS_INIT})
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index b8dffa9bb..8e798cd4c 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -31,6 +31,7 @@
 #include <mbedtls/platform.h>
 #include <mbedtls/platform_util.h>
 #include "test/helpers.h"
+#include "test/threading_helpers.h"
 #include "test/macros.h"
 
 #include <stdio.h>
@@ -343,9 +344,11 @@ int main(int argc, char *argv[])
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
             mbedtls_test_mutex_usage_check();
 #endif
+            int result = (int) mbedtls_test_get_result();
+
             mbedtls_printf("Running metatest %s... done, result=%d\n",
-                           argv[1], (int) mbedtls_test_info.result);
-            mbedtls_exit(mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS ?
+                           argv[1], result);
+            mbedtls_exit(result == MBEDTLS_TEST_RESULT_SUCCESS ?
                          MBEDTLS_EXIT_SUCCESS :
                          MBEDTLS_EXIT_FAILURE);
         }
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index 7fc58cbcf..cb6bc3d2d 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -9,7 +9,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${libs})
+    target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index 5876b8d21..43437f070 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -13,7 +13,7 @@ set(executables
 
 foreach(exe IN LISTS executables)
     add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    target_link_libraries(${exe} ${libs})
+    target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
     target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
 endforeach()
 
diff --git a/scripts/common.make b/scripts/common.make
index 6c95b4235..2714bcd32 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -1,25 +1,29 @@
 # To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
 
+ifndef MBEDTLS_PATH
+MBEDTLS_PATH := ..
+endif
+
 CFLAGS	?= -O2
 WARNING_CFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
 WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral
 LDFLAGS ?=
 
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I../include -D_FILE_OFFSET_BITS=64
-LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I../include -I../tests/include -D_FILE_OFFSET_BITS=64
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
 LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} 		\
-		-L../library			\
+		-L$(MBEDTLS_PATH)/library			\
 		-lmbedtls$(SHARED_SUFFIX)	\
 		-lmbedx509$(SHARED_SUFFIX)	\
 		-lmbedcrypto$(SHARED_SUFFIX)
 
-include ../3rdparty/Makefile.inc
+include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
 LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
 
 ifndef SHARED
-MBEDLIBS=../library/libmbedcrypto.a ../library/libmbedx509.a ../library/libmbedtls.a
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a
 else
-MBEDLIBS=../library/libmbedcrypto.$(DLEXT) ../library/libmbedx509.$(DLEXT) ../library/libmbedtls.$(DLEXT)
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
 endif
 
 ifdef DEBUG
@@ -97,7 +101,7 @@ endif
 default: all
 
 $(MBEDLIBS):
-	$(MAKE) -C ../library
+	$(MAKE) -C $(MBEDTLS_PATH)/library
 
 neat: clean
 ifndef WINDOWS
diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py
index b21a0cfc2..60803864f 100644
--- a/scripts/mbedtls_dev/psa_information.py
+++ b/scripts/mbedtls_dev/psa_information.py
@@ -82,7 +82,7 @@ def automatic_dependencies(*expressions: str) -> List[str]:
     """
     used = set()
     for expr in expressions:
-        used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr))
+        used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|DH_FAMILY|KEY_TYPE)_\w+', expr))
     used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY)
     return sorted(psa_want_symbol(name) for name in used)
 
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 68bc57f5a..70f5bc929 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,5 +1,3 @@
-find_package(Threads)
-
 set(libs
     ${mbedtls_target}
     ${CMAKE_THREAD_LIBS_INIT}
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index a7035cb25..d6df19c20 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1052,6 +1052,30 @@ rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem: rsa_pkcs1_2048_clear.pem
 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
 keys_rsa_enc_pkcs8_v2_2048_3des_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem
 
+rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-128-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
+keys_rsa_enc_pkcs8_v2_2048_aes128cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-192-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
+keys_rsa_enc_pkcs8_v2_2048_aes192cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
+
+rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der
+rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem: rsa_pkcs1_2048_clear.pem
+	$(OPENSSL) pkcs8  -topk8 -v2 aes-256-cbc -v2prf hmacWithSHA384 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
+all_final += rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
+keys_rsa_enc_pkcs8_v2_2048_aes256cbc_sha384: rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
+
 rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der: rsa_pkcs1_2048_clear.pem
 	$(OPENSSL) pkcs8 -topk8 -v2 des -v2prf hmacWithSHA384 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
 all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der
new file mode 100644
index 000000000..00519400f
Binary files /dev/null and b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
new file mode 100644
index 000000000..b99af2ce1
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIID4AYf5oXcICAggA
+MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAECBBCtsq1ZGRGQPDOZ5HWj2WM3BIIE
+0G6XYOdWx+gqDnXbV4/I8o/whdxUKNXi6lhrJHQBnl+qQPSJnDl4lH6/U7LimyeM
+SASN9h2BqOQhLi+FPxw19Vn7IzKkNe4c2S87t27/p9ss8jgbKfEDPJ77uxMb64eA
+WAmDjOr1eL+HM54pIxrWcHKUNrfliffyzcwcTqf99ORj9QeGJ37XuZ7RLMxfoOij
+4v1YVbSVlMX5SM0tI9/Atm3fUG1zVAm3p3SrSAOr9FkVE0wh/aC5f5KnMzurBq8J
+f8zGrCP4AmXiowbsJ+GCpKBqOB2mFpBjWt2cwYPuZzP5VUaXiJyOgOYXvxLF4TpB
++pDhJfs+P0iG1SWssfLOkp7smFWtowFrGn3y5nDHHd3P8/vyEDS02hdJxoLw0MBe
+zD3aVeaISOMqjc43cA27Kp7uvG7814XAXe1MPt7Bm5CGa9k6XtVhMTp6RBKxL2ow
+3U8SjA3PtuLLbNEB8FDGi2MCsoDGfmXdOZqJPJdxSbLWl5/385irsUKQDnDK9xr5
+tYVAjPLK4tkdtBgGB+Yv2bRYjPdqKiNrE2AuuFN8ESqoir0gOWbGgpmdDpVhG1az
+Y/Dyv1JcteXo/s3PsIZOXXDQEK7fdr9o/QWY62KJCIQXPZU7K4g2aWLbMN8pWabt
+3mpBeCeiLz0+miSwHFSfTg/weegogrfeBtSV6zFcBSG0nz73JT1U6U4ecDAsuk23
+nmLnm3t+n3MTZU18WxTiQrq0n5gOr1XoGduGQYBBS/bhFoQoWvVQ+gaCaR1hF4ap
+U5vTjYmdIv6Hq/Gl3sNpH324NVTQ2JIHzdItyaZiTugr89+7YxPxpL9pwJJyztdy
+31l4AvAot9vEJWH6wPC5v66MQrqcJRtdT8BuEJ2RFKkqP0wN66JC7qhtm4v5oVgp
+tblGcP4oWHMqAZuYUbgJYh5sEXMsO2tbp2ckKOR10ev+Yzq8vQ9AYFSOLNkFAIbA
+lxv0DJonU288A8Rei3WYU9PfYiYWK7cP/I40xtxOJe3cQEhQTBJwT6K1sv7Q0HAa
+hs5P2u45XqJh2waqJkeoeri0p20WnSfcWmov0OIMtxWQMT6Yb62v+aKk+nqlurIz
+BmvJvgZJtnhlJW7WfbSF3kDD8WZbmabJ+rfPclx5/Hyh0JfaHSJDa9Vd8518/wp4
+Tcptcq7GC93St7PG6RTg4nZzrguwdzBVeDGB0BjP4xI/tzEkk0MgFGAL6JDa/FLv
+5L8MOjeCLwWO9OtVjt02amc26SMmpEIyzh5f/eXWDBILnZAgbnieqyQm2+KsvQ87
+9aQdLlC4RvO73f+5Ckygf6vrIW/n8HVmHmLv+qeudVgIiYZVz3/GtiFJjuayMr/D
+SgvrzNyRw8SQWn5V0ORy/3u86ZfraIq3falIFJGZDG9rdgYoBNHzhMeOXL+fqqHa
+egvOQbfA4jpmtbWUxeqLqs1bY8T9hGW8lrRm7TofsuxDPOz+VajF/+lqWrvXp6+8
+Vp10Ig42X88TUroWRrOSXUkR45Xjq/XG5M5mbZQqBygWSqQJ9LrTzu9yqhYsqziB
+tnwXVpudK/9GK7OKEshJ0s/HsLFHAFRBPJnVP0cXTEg9EczgGBLLT6wAj5zy0dxz
+Pe8Y46K6wUUHP4Y9IQmJ+i/dBfiaquSNKKdqMU7sT5cd
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der
new file mode 100644
index 000000000..fc1ccb3cb
Binary files /dev/null and b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
new file mode 100644
index 000000000..0a36a716d
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQI8i+OtR0wbD0CAggA
+MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEWBBBHvOq1294P18bekzyYVp4QBIIE
+0AJnZHjPZcPYKdSNaNfPfc2s+UmTgYeLCun5sd+9KIYyozJ2ljZTijsdp/hItWTu
+DmHrfLTLV8mtL/OFJ83u0rDoHVfSrDLwFMAy/nmbtlLYPFEfU9MQ8s2OtvKuobmI
+b3x7b+MrTlG5ConptsQQw5tl3dza9DZGfHUnO2EzXorytSMLFCGeQskzbN7Y/Sbf
+2+IL5yoifcfPddTbKDyTa77K2516tK2+WTU/VUfv2r5d5SiivZLuMjIYrbneHYoq
+hW30BZozCqJKJ5G2jwNjLUjPirA6qtS0Y1tIb5rRjZ0pSy1X5oIQL2laZLrDo9gP
+/Ud8m1k2nv9Uv9HPM+G4xCMSiJVaptYPyzFQACcSdA/BVUdBC0EwzIj2nbaoAlM0
++sZ2Asbohnds/AsDz+/b6MaMKg9Onoort0zF/HtpSII6+WSmvGOaV2469JEIvZlU
+JIn1YugpDPIe6/B35J9sYfvVNKVsvJntCKxmcz6Nw2VvPKXC3o/bseBqAhLKDMZZ
+Hr3id3O7bN2ng3lKuGofmQeMYnW4zb4coXytdc/XCvf63xE0NsUEBFuRMpc9iocC
+2RMBEzNyE4tnigI61T/zkpwgBic1p/isGoXMdPWl+Z+IAIYgyxOVwO9g78yVW9tp
+1xF9WzJrGHKNT9RLmINyo3jt/wRj8Q+T0EG45cDQcHwpyXdNS614hUCIaeTvQcR9
+8F+f4D8IvL+GJt2EtbqL+D687X/hptNehpFf+uxGiHQfrtOvYS/ArNrewa1ts9nq
+SMAE7Hb7MzFdnhDqRFBa+//H1jvNkDx3qXfb1/MNE8pR6vjcueKKQ0BzlrNX1O2C
+oz0OCMeDfXZhWdYmNjLNcdbonrvq5Z9nOUEdw2lNWELT4lOAmqgA/xBFdQa4glCx
+WS1r6DyjgTdGlPbcGugRuTcYXNx6iikWzoS1369maz+WV9qW7r8kA1Fs7WUiYnOb
+I1E06yQKVANe+t2SQYN2jPK3EsFFOBxG9tlcXbZVxvx9m6XJR7f7YnLPN+b0f1qF
+cT2c5IhK5pKRiZds82lWBnk+eli+qUXILIBbDvBmY4PyPk+kyewAHI1HWBfoSH/3
+aLIV6JPgwjAJKnr0++jUqETID/yGyLHNNy1u4ALyAfbFVU//RGmwAxhrBNPdVVGb
+rBfKL+VL8Hu/m5XWXez0nHKyD8J1i/XO1OutBsXYxEn6Xnu9rJn8F6nJ+XB3zt6K
+QdkUp85t3GM0wyizuPRWJrSVfYyjV41yEBXqe2lgqTT9dpvpgIRtvUeq83e8PD/3
+6qKoeTv+3cppCFZ3vLArGvsvRTcbfc3YEzXxz6gc/1HTzd8UpCnA/9+jepG3IzRL
+1bLs8QVzIBAT/UpuC6QWUdAR/JZMEFLU5FnRh6oXuh2Zys66Ot7LyNhnGlSEPlXI
+polURx0bew+QigBGiH7NpyMgRi9Wh+1HOA/wsAp4X7O+DhaX6vdiDbQoilN1LclU
+TRFShpuaxwRA1ek2Jz3JLn7wCsGaVXrd2v/CgrxofCWzGjR2RWj9hAkV4eoJ3G6A
+x3DhMRrqXc/O3ON9TyhKBZP1g35In5bZmBUv/o+7eYV7KDETxPwsD3A+dCqUJObU
+kyZehu2DsfyZFI98SnecRpb0M0vi6ZZueCykOVec6xkX
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der
new file mode 100644
index 000000000..136cfb95e
Binary files /dev/null and b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der differ
diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
new file mode 100644
index 000000000..da2e90f79
--- /dev/null
+++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFLTBXBgkqhkiG9w0BBQ0wSjApBgkqhkiG9w0BBQwwHAQIhWg0Xe90dAcCAggA
+MAwGCCqGSIb3DQIKBQAwHQYJYIZIAWUDBAEqBBCRE60k0URZBki+hlzaxgZgBIIE
+0Hffn1sg3qNNUkFDHdbvU9E3+aaMJKWqDS4bUqGguT7Tz36TPM1drUZSFyWvPgNY
+dXonxu+2h6jzRny0clPyp3kCbJEqgvyj0laKNAfV1fmJRVkIFiCMs0iBLQnyjAJb
+IJ8hGxsnotdvmL3oTvHq0YawPXRXVDC4qeO+PzcDjSZ62E+Bz1bE2/tLif1BKd0k
+QbccsD9pCyF8pauCAxgN2AWWdus3IzH+hWUf4DTT7AhCdYNijY+ZmBgKGkJoJWwl
+aIZrPGJ7tNIDecQt86xLffKifI/b2dO5e3Q1NgNzHM77ncoeLr9nFSlsc2W3qA/A
+gEDcuGj1ujchKK70Phfz50HMfnP3pCqLk8jDI78/TSvHDiblF68hsUbAsvbtHNu6
++AXlDdSU2bcRyQRsjvaf2lMLt+qkUX+P640SKnXIYa1o9dv4+alE4XTZaimmOnao
+DjYm6bTHAYcE//DW/LXt7V+q1KCPqpoHMR140vyjIRN8uEcPXyTka6lU34ypIhUb
+N7ggLrXrCjh3nJo+nCtXOIMf9O9eD9I/0i8dktZFuTRj1sO/z9J/xFxHTdBG/BB5
+1MEmwriRubrw5Ud+uXnRq+lg5rW3n4+5TBvwYq/GLfyj36ojegbE8OdMfJJqCdd4
+zywMXwYiMi76gYAwEL60DWRn+3vud02QwY8hBXfiOPq2kxazvZM5SWy/1bPgStkn
+fG9uzE8n/ABZA0XWuV8hNAcxYlS+0s3IguvvHogQtQMYTTg/D3OODpc0f/+y3O8N
+qI5Iym1SrWpnF8vVFZsMblMDr+tbeCvYQ+HuaTc0L5cpAozoY7iCzuqwDHFrYTzC
+rSZ70V+FQ956m4xkCBu6TrzqzhA8zfDFs3z9LfV62v9zLgUS8uCKSKWxznM0IdiE
+ZnNrwaE1xsO5QN8LfvlO4NVVxN/ATie5tmlLndS4c2ZkswcR3WM6cW1buVaIPsz7
+lU7sbd/I9pWpzd3eZNkVrWpyWxvFQxBUNNC5IXcgRBZsGgVGRw35LBlWXKluKrVi
+Z/FAf23dt3n2S4dtJ+Fd2+YL/YiK0lqtrm+GkSjmMvVQ57PJn8QvW359e4QsxDyN
+wv6iEQDUqZcQ89ggdGdoSFFgBtFACc9iCKsu5AjTJl+Tql/A3FV7SwYDfZwQuT4e
+gc4dZPuSSVd8cttUeFUmtrPCMx2nP7ZDVYFrZyK07eAIL89gv3bYWu8R/wMKNvzr
+g0Ao0+AnfLJg11C8pAhJea1dxwu7g6LSpA+oCZov4RpqUnLKMCpPbypyFhSizZtF
+evDMf+5aUAbe0+ZsCjUT+RftpzYCPV9uGhYhLMIFRP/7FCcHMrDn7CbAektm063U
+EwP2O1rUrMhPWqRztx71cGBloeVPE8Ddwnsorr4M7EXihZcvNsLfz3N9NUopkU3M
+sM2fEAnq2KMyrrwVGRSHvm70gUDpJeFanRBsI9z1Tr4r3utHIIQ+0u9pFPbQln0Q
+4X4U7KbKC4leTYGMPMFOPXihiMTazNcs232stAYUYe6/DmVX/p2dJHvHux5qBGIW
+Rbv7OuwazOsDqNfrqZTesENIGl/KPoNXiolp/YtG3DHQ1vDjEj/XTOVWWkBDXVgP
+ut4Pi20hvFBwvEBtypAgi1VLcad5+dlrEwryewlLLw5h
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/tests/data_files/tls13_early_data.txt b/tests/data_files/tls13_early_data.txt
index 0c84b0720..95811fd39 100644
--- a/tests/data_files/tls13_early_data.txt
+++ b/tests/data_files/tls13_early_data.txt
@@ -1,3 +1,4 @@
 EarlyData context: line 0                                                    lf
 EarlyData context: line 1                                                    lf
+EarlyData context: line 2                                                    lf
 EarlyData context: If it appears, that means early_data received.
diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h
index 2f6bf8931..a5e49cbe5 100644
--- a/tests/include/test/bignum_helpers.h
+++ b/tests/include/test/bignum_helpers.h
@@ -77,14 +77,14 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
  *
  * - This function guarantees that if \p s begins with '-' then the sign
  *   bit of the result will be negative, even if the value is 0.
- *   When this function encounters such a "negative 0", it
- *   increments #mbedtls_test_case_uses_negative_0.
- * - The size of the result is exactly the minimum number of limbs needed
- *   to fit the digits in the input. In particular, this function constructs
- *   a bignum with 0 limbs for an empty string, and a bignum with leading 0
- *   limbs if the string has sufficiently many leading 0 digits.
- *   This is important so that the "0 (null)" and "0 (1 limb)" and
- *   "leading zeros" test cases do what they claim.
+ *   When this function encounters such a "negative 0", it calls
+ *   mbedtls_test_increment_case_uses_negative_0().
+ * - The size of the result is exactly the minimum number of limbs needed to fit
+ *   the digits in the input. In particular, this function constructs a bignum
+ *   with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
+ *   string has sufficiently many leading 0 digits. This is important so that
+ *   the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
+ *   claim.
  *
  * \param[out] X        The MPI object to populate. It must be initialized.
  * \param[in] s         The null-terminated hexadecimal string to read from.
@@ -93,14 +93,6 @@ void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
  */
 int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
 
-/** Nonzero if the current test case had an input parsed with
- * mbedtls_test_read_mpi() that is a negative 0 (`"-"`, `"-0"`, `"-00"`, etc.,
- * constructing a result with the sign bit set to -1 and the value being
- * all-limbs-0, which is not a valid representation in #mbedtls_mpi but is
- * tested for robustness).
- */
-extern unsigned mbedtls_test_case_uses_negative_0;
-
 #endif /* MBEDTLS_BIGNUM_C */
 
 #endif /* TEST_BIGNUM_HELPERS_H */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index 768a9a69f..dac07acd3 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -192,6 +192,46 @@
 #endif
 #endif
 
+#if defined(PSA_WANT_DH_RFC7919_2048)
+#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)
+#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
+#else
+#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
+#endif
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_3072)
+#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)
+#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
+#else
+#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
+#endif
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_4096)
+#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)
+#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
+#else
+#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
+#endif
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_6144)
+#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)
+#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
+#else
+#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
+#endif
+#endif
+
+#if defined(PSA_WANT_DH_RFC7919_8192)
+#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192)
+#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
+#else
+#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
+#endif
+#endif
+
 #if defined(PSA_WANT_ALG_FFDH)
 #if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
 #undef MBEDTLS_PSA_ACCEL_ALG_FFDH
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
index 7c962a283..d08100f15 100644
--- a/tests/include/test/helpers.h
+++ b/tests/include/test/helpers.h
@@ -23,6 +23,10 @@
 #if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
 #  define MBEDTLS_TEST_HAVE_ASAN
 #endif
+#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */
+#  define MBEDTLS_TEST_HAVE_TSAN
+#endif
+
 #if defined(__has_feature)
 #  if __has_feature(address_sanitizer) /* clang -fsanitize=address */
 #    define MBEDTLS_TEST_HAVE_ASAN
@@ -35,9 +39,10 @@
 #  endif
 #endif
 
-#if defined(MBEDTLS_THREADING_C) && defined(MBEDTLS_THREADING_PTHREAD) && \
-    defined(MBEDTLS_TEST_HOOKS)
-#define MBEDTLS_TEST_MUTEX_USAGE
+#include "test/threading_helpers.h"
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+#include "mbedtls/threading.h"
 #endif
 
 #include "mbedtls/platform.h"
@@ -61,20 +66,128 @@ typedef enum {
     MBEDTLS_TEST_RESULT_SKIPPED
 } mbedtls_test_result_t;
 
+#define MBEDTLS_TEST_LINE_LENGTH 76
+
 typedef struct {
     mbedtls_test_result_t result;
     const char *test;
     const char *filename;
     int line_no;
     unsigned long step;
-    char line1[76];
-    char line2[76];
+    char line1[MBEDTLS_TEST_LINE_LENGTH];
+    char line2[MBEDTLS_TEST_LINE_LENGTH];
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
     const char *mutex_usage_error;
 #endif
+#if defined(MBEDTLS_BIGNUM_C)
+    unsigned case_uses_negative_0;
+#endif
 }
 mbedtls_test_info_t;
-extern mbedtls_test_info_t mbedtls_test_info;
+
+/**
+ * \brief           Get the current test result status
+ *
+ * \return          The current test result status
+ */
+mbedtls_test_result_t mbedtls_test_get_result(void);
+
+/**
+ * \brief           Get the current test name/description
+ *
+ * \return          The current test name/description
+ */
+const char *mbedtls_test_get_test(void);
+
+/**
+ * \brief           Get the current test filename
+ *
+ * \return          The current test filename
+ */
+const char *mbedtls_get_test_filename(void);
+
+/**
+ * \brief           Get the current test file line number (for failure / skip)
+ *
+ * \return          The current test file line number (for failure / skip)
+ */
+int mbedtls_test_get_line_no(void);
+
+/**
+ * \brief           Increment the current test step.
+ *
+ * \note            It is not recommended for multiple threads to call this
+ *                  function concurrently - whilst it is entirely thread safe,
+ *                  the order of calls to this function can obviously not be
+ *                  ensured, so unexpected results may occur.
+ */
+void mbedtls_test_increment_step(void);
+
+/**
+ * \brief           Get the current test step
+ *
+ * \return          The current test step
+ */
+unsigned long mbedtls_test_get_step(void);
+
+/**
+ * \brief           Get the current test line buffer 1
+ *
+ * \param line      Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
+ *                  which will have line buffer 1 copied to it.
+ */
+void mbedtls_test_get_line1(char *line);
+
+/**
+ * \brief           Get the current test line buffer 2
+ *
+ * \param line      Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
+ *                  which will have line buffer 1 copied to it.
+ */
+void mbedtls_test_get_line2(char *line);
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+/**
+ * \brief           Get the current mutex usage error message
+ *
+ * \return          The current mutex error message (may be NULL if no error)
+ */
+const char *mbedtls_test_get_mutex_usage_error(void);
+
+/**
+ * \brief           Set the current mutex usage error message
+ *
+ * \note            This will only set the mutex error message if one has not
+ *                  already been set, or if we are clearing the message (msg is
+ *                  NULL)
+ *
+ * \param msg       Error message to set (can be NULL to clear)
+ */
+void mbedtls_test_set_mutex_usage_error(const char *msg);
+#endif
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+/**
+ * \brief           Get whether the current test is a bignum test that uses
+ *                  negative zero.
+ *
+ * \return          non zero if the current test uses bignum negative zero.
+ */
+unsigned mbedtls_test_get_case_uses_negative_0(void);
+
+/**
+ * \brief           Indicate that the current test uses bignum negative zero.
+ *
+ * \note            This function is called if the current test case had an
+ *                  input parsed with mbedtls_test_read_mpi() that is a negative
+ *                  0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with
+ *                  the sign bit set to -1 and the value being all-limbs-0,
+ *                  which is not a valid representation in #mbedtls_mpi but is
+ *                  tested for robustness). *
+ */
+void  mbedtls_test_increment_case_uses_negative_0(void);
+#endif
 
 int mbedtls_test_platform_setup(void);
 void mbedtls_test_platform_teardown(void);
@@ -111,24 +224,42 @@ void mbedtls_test_fail(const char *test, int line_no, const char *filename);
 void mbedtls_test_skip(const char *test, int line_no, const char *filename);
 
 /**
- * \brief       Set the test step number for failure reports.
+ * \brief           Set the test step number for failure reports.
  *
- *              Call this function to display "step NNN" in addition to the
- *              line number and file name if a test fails. Typically the "step
- *              number" is the index of a for loop but it can be whatever you
- *              want.
+ *                  Call this function to display "step NNN" in addition to the
+ *                  line number and file name if a test fails. Typically the
+ *                  "step number" is the index of a for loop but it can be
+ *                  whatever you want.
+ *
+ * \note            It is not recommended for multiple threads to call this
+ *                  function concurrently - whilst it is entirely thread safe,
+ *                  the order of calls to this function can obviously not be
+ *                  ensured, so unexpected results may occur.
  *
  * \param step  The step number to report.
  */
 void mbedtls_test_set_step(unsigned long step);
 
 /**
- * \brief       Reset mbedtls_test_info to a ready/starting state.
+ * \brief           Reset mbedtls_test_info to a ready/starting state.
  */
 void mbedtls_test_info_reset(void);
 
+#ifdef MBEDTLS_TEST_MUTEX_USAGE
 /**
- * \brief           Record the current test case as a failure if two integers
+ * \brief           Get the test info data mutex.
+ *
+ * \note            This is designed only to be used by threading_helpers to
+ *                  avoid a deadlock, not for general access to this mutex.
+ *
+ * \return          The test info data mutex.
+ */
+mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void);
+
+#endif /* MBEDTLS_TEST_MUTEX_USAGE */
+
+/**
+ * \brief Record the current test case as a failure if two integers
  *                  have a different value.
  *
  *                  This function is usually called via the macro
@@ -254,24 +385,6 @@ int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
 #include "test/fake_external_rng_for_test.h"
 #endif
 
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/**
- *  Activate the mutex usage verification framework. See threading_helpers.c for
- *  information.
- *  */
-void mbedtls_test_mutex_usage_init(void);
-
-/**
- *  Deactivate the mutex usage verification framework. See threading_helpers.c
- *  for information.
- */
-void mbedtls_test_mutex_usage_end(void);
-
-/** Call this function after executing a test case to check for mutex usage
- * errors. */
-void mbedtls_test_mutex_usage_check(void);
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
 #if defined(MBEDTLS_TEST_HOOKS)
 /**
  * \brief   Check that only a pure high-level error code is being combined with
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index d03c62414..1f41966d6 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h
@@ -589,6 +589,16 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
     int *expected_result, mbedtls_ssl_chk_buf_ptr_args *args);
 #endif /* MBEDTLS_TEST_HOOKS */
 
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+int mbedtls_test_ticket_write(
+    void *p_ticket, const mbedtls_ssl_session *session,
+    unsigned char *start, const unsigned char *end,
+    size_t *tlen, uint32_t *ticket_lifetime);
+
+int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
+                              unsigned char *buf, size_t len);
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
 #define ECJPAKE_TEST_PWD        "bla"
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h
new file mode 100644
index 000000000..79bc6c0de
--- /dev/null
+++ b/tests/include/test/threading_helpers.h
@@ -0,0 +1,112 @@
+/**
+ * \file threading_helpers.h
+ *
+ * \brief This file contains the prototypes of helper functions for the purpose
+ *        of testing threading.
+ */
+
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef THREADING_HELPERS_H
+#define THREADING_HELPERS_H
+
+#if defined MBEDTLS_THREADING_C
+
+#include "mbedtls/private_access.h"
+#include "mbedtls/build_info.h"
+
+/* Most fields of publicly available structs are private and are wrapped with
+ * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
+ * directly (without using the MBEDTLS_PRIVATE wrapper). */
+#define MBEDTLS_ALLOW_PRIVATE_ACCESS
+
+#define MBEDTLS_ERR_THREADING_THREAD_ERROR                 -0x001F
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#include <pthread.h>
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_THREADING_ALT)
+/* You should define the mbedtls_test_thread_t type in your header */
+#include "threading_alt.h"
+
+/**
+ * \brief                   Set your alternate threading implementation
+ *                          function pointers for test threads. If used, this
+ *                          function must be called once in the main thread
+ *                          before any other MbedTLS function is called.
+ *
+ * \note                    These functions are part of the testing API only and
+ *                          thus not considered part of the public API of
+ *                          MbedTLS and thus may change without notice.
+ *
+ * \param thread_create     The thread create function implementation.
+ * \param thread_join       The thread join function implementation.
+
+ */
+void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread,
+                                                      void *(*thread_func)(
+                                                          void *),
+                                                      void *thread_data),
+                                 int (*thread_join)(mbedtls_test_thread_t *thread));
+
+#else /* MBEDTLS_THREADING_ALT*/
+
+typedef struct mbedtls_test_thread_t {
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+    pthread_t MBEDTLS_PRIVATE(thread);
+#else /* MBEDTLS_THREADING_PTHREAD */
+    /* Make sure this struct is always non-empty */
+    unsigned dummy;
+#endif
+
+} mbedtls_test_thread_t;
+
+#endif /* MBEDTLS_THREADING_ALT*/
+
+/**
+ * \brief                   The function pointers for thread create and thread
+ *                          join.
+ *
+ * \note                    These functions are part of the testing API only
+ *                          and thus not considered part of the public API of
+ *                          MbedTLS and thus may change without notice.
+ *
+ * \note                    All these functions are expected to work or
+ *                          the result will be undefined.
+ */
+extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread,
+                                         void *(*thread_func)(void *), void *thread_data);
+extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread);
+
+#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS)
+#define MBEDTLS_TEST_MUTEX_USAGE
+#endif
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+/**
+ *  Activate the mutex usage verification framework. See threading_helpers.c for
+ *  information.
+ */
+void mbedtls_test_mutex_usage_init(void);
+
+/**
+ *  Deactivate the mutex usage verification framework. See threading_helpers.c
+ *  for information.
+ */
+void mbedtls_test_mutex_usage_end(void);
+
+/**
+ *  Call this function after executing a test case to check for mutex usage
+ * errors.
+ */
+void mbedtls_test_mutex_usage_check(void);
+#endif /* MBEDTLS_TEST_MUTEX_USAGE */
+
+#endif /* MBEDTLS_THREADING_C */
+
+#endif /* THREADING_HELPERS_H */
diff --git a/tests/opt-testcases/tls13-compat.sh b/tests/opt-testcases/tls13-compat.sh
index 1190a87ee..9cf2550a0 100755
--- a/tests/opt-testcases/tls13-compat.sh
+++ b/tests/opt-testcases/tls13-compat.sh
@@ -363,6 +363,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -380,6 +381,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -397,6 +399,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -415,6 +418,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -777,6 +781,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -794,6 +799,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -811,6 +817,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -829,6 +836,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1191,6 +1199,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1208,6 +1217,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1225,6 +1235,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1243,6 +1254,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1605,6 +1617,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1622,6 +1635,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1639,6 +1653,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -1657,6 +1672,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -2019,6 +2035,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -2036,6 +2053,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -2053,6 +2071,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -2071,6 +2090,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -2473,6 +2493,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2492,6 +2513,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2511,6 +2533,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2531,6 +2554,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2935,6 +2959,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2954,6 +2979,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2973,6 +2999,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -2993,6 +3020,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3397,6 +3425,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3416,6 +3445,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3435,6 +3465,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3455,6 +3486,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3859,6 +3891,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3878,6 +3911,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3897,6 +3931,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -3917,6 +3952,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -4321,6 +4357,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -4340,6 +4377,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -4359,6 +4397,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -4379,6 +4418,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -4764,6 +4804,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -4782,6 +4823,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -4800,6 +4842,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -4819,6 +4862,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -5202,6 +5246,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -5220,6 +5265,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -5238,6 +5284,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -5257,6 +5304,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -5640,6 +5688,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -5658,6 +5707,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -5676,6 +5726,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -5695,6 +5746,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_CHACHA20_POLY1305_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -6078,6 +6130,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -6096,6 +6149,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -6114,6 +6168,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -6133,6 +6188,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -6516,6 +6572,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -6534,6 +6591,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp384r1.crt -key data_files/ecdsa_secp384r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp384r1_sha384 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -6552,6 +6610,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp521r1.crt -key data_files/ecdsa_secp521r1.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs ecdsa_secp521r1_sha512 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -6571,6 +6630,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key -ciphersuites TLS_AES_128_CCM_8_SHA256 -sigalgs rsa_pss_rsae_sha256 -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -6996,6 +7056,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -7016,6 +7077,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -7036,6 +7098,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -7057,6 +7120,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -7482,6 +7546,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -7502,6 +7567,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -7522,6 +7588,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -7543,6 +7610,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-256-GCM:+SHA384:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -7968,6 +8036,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -7988,6 +8057,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -8008,6 +8078,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -8029,6 +8100,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+CHACHA20-POLY1305:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -8454,6 +8526,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -8474,6 +8547,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -8494,6 +8568,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -8515,6 +8590,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -8940,6 +9016,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -8960,6 +9037,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp384r1.crt --x509keyfile data_files/ecdsa_secp384r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP384R1-SHA384:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -8980,6 +9058,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp521r1.crt --x509keyfile data_files/ecdsa_secp521r1.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-ECDSA-SECP521R1-SHA512:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -9001,6 +9080,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-CCM-8:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -9548,11 +9628,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -9574,11 +9656,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -9600,11 +9684,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -9627,12 +9713,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_GCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -10184,11 +10272,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -10210,11 +10300,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -10236,11 +10328,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -10263,12 +10357,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_256_GCM_SHA384,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-256-GCM-SHA384 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -10820,11 +10916,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -10846,11 +10944,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -10872,11 +10972,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -10899,12 +11001,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: CHACHA20_POLY1305_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-CHACHA20-POLY1305-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -11456,11 +11560,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -11482,11 +11588,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -11508,11 +11616,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -11535,12 +11645,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -12092,11 +12204,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp256r1_sha256" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048" \
@@ -12118,11 +12232,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp384r1_sha384" \
          "$P_SRV crt_file=data_files/ecdsa_secp384r1.crt key_file=data_files/ecdsa_secp384r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp384r1_sha384 groups=ffdhe2048" \
@@ -12144,11 +12260,13 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,ecdsa_secp521r1_sha512" \
          "$P_SRV crt_file=data_files/ecdsa_secp521r1.crt key_file=data_files/ecdsa_secp521r1.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=ecdsa_secp521r1_sha512 groups=ffdhe2048" \
@@ -12171,12 +12289,14 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: AES_128_CCM_8_SHA256,ffdhe2048,rsa_pss_rsae_sha256" \
          "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe2048" \
@@ -12258,6 +12378,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: HRR secp256r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -12333,6 +12454,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: HRR secp384r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -12408,6 +12530,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: HRR secp521r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -12483,6 +12606,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: HRR x25519 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -12558,6 +12682,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_openssl_tls1_3_with_ffdh
 run_test "TLS 1.3 O->m: HRR x448 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -12716,6 +12841,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -12801,6 +12927,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -12886,6 +13013,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -12971,6 +13099,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13056,6 +13185,7 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13232,6 +13362,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR secp256r1 -> ffdhe2048" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
@@ -13323,6 +13454,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR secp384r1 -> ffdhe2048" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
@@ -13414,6 +13546,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR secp521r1 -> ffdhe2048" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
@@ -13505,6 +13638,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR x25519 -> ffdhe2048" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
@@ -13596,6 +13730,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR x448 -> ffdhe2048" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups ffdhe2048 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
@@ -13615,6 +13750,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp256r1" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
@@ -13634,6 +13770,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp384r1" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-384 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
@@ -13653,6 +13790,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> secp521r1" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups P-521 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
@@ -13672,6 +13810,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x25519" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X25519 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
@@ -13691,6 +13830,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->O: HRR ffdhe2048 -> x448" \
          "$O_NEXT_SRV_NO_CERT -cert data_files/ecdsa_secp256r1.crt -key data_files/ecdsa_secp256r1.key -groups X448 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
@@ -13792,6 +13932,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR secp256r1 -> ffdhe2048" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
@@ -13893,6 +14034,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR secp384r1 -> ffdhe2048" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
@@ -13994,6 +14136,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR secp521r1 -> ffdhe2048" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
@@ -14095,6 +14238,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR x25519 -> ffdhe2048" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
@@ -14196,6 +14340,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR x448 -> ffdhe2048" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-FFDHE2048:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
@@ -14217,6 +14362,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp256r1" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP256R1:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
@@ -14238,6 +14384,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp384r1" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP384R1:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
@@ -14259,6 +14406,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> secp521r1" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-SECP521R1:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
@@ -14280,6 +14428,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x25519" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X25519:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
@@ -14301,6 +14450,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->G: HRR ffdhe2048 -> x448" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/ecdsa_secp256r1.crt --x509keyfile data_files/ecdsa_secp256r1.key --priority=NONE:+CIPHER-ALL:+MAC-ALL:+SIGN-ALL:+GROUP-X448:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
@@ -14418,12 +14568,14 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR secp256r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1,ffdhe2048" \
@@ -14544,12 +14696,14 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR secp384r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1,ffdhe2048" \
@@ -14670,12 +14824,14 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR secp521r1 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1,ffdhe2048" \
@@ -14796,12 +14952,14 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR x25519 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519,ffdhe2048" \
@@ -14922,12 +15080,14 @@ requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 requires_config_enabled MBEDTLS_SSL_CLI_C
 requires_config_enabled MBEDTLS_DEBUG_C
 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR x448 -> ffdhe2048" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448,ffdhe2048" \
@@ -14954,6 +15114,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp256r1" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp256r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp256r1" \
@@ -14980,6 +15141,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp384r1" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp384r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp384r1" \
@@ -15006,6 +15168,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> secp521r1" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=secp521r1 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,secp521r1" \
@@ -15032,6 +15195,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x25519" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x25519 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x25519" \
@@ -15058,6 +15222,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled PSA_WANT_ALG_ECDH
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_2048
 run_test "TLS 1.3 m->m: HRR ffdhe2048 -> x448" \
          "$P_SRV crt_file=data_files/ecdsa_secp256r1.crt key_file=data_files/ecdsa_secp256r1.key debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=x448 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
          "$P_CLI ca_file=data_files/test-ca2.crt debug_level=4 sig_algs=ecdsa_secp256r1_sha256 groups=ffdhe2048,x448" \
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index c1682e3cf..4e6bf876d 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -502,8 +502,11 @@ run_test "TLS 1.3 G->m: EarlyData: feature is enabled, good." \
          "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
                       -d 10 -r --earlydata $EARLY_DATA_INPUT " \
          0 \
-         -s "NewSessionTicket: early_data(42) extension exists."            \
          -s "Sent max_early_data_size=$EARLY_DATA_INPUT_LEN"                \
+         -s "NewSessionTicket: early_data(42) extension exists."            \
          -s "ClientHello: early_data(42) extension exists."                 \
          -s "EncryptedExtensions: early_data(42) extension exists."         \
-         -s "$( tail -1 $EARLY_DATA_INPUT )"
+         -s "$( head -1 $EARLY_DATA_INPUT )"                                \
+         -s "$( tail -1 $EARLY_DATA_INPUT )"                                \
+         -s "200 early data bytes read"                                     \
+         -s "106 early data bytes read"
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 44930d28b..af32c065d 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -821,6 +821,14 @@ pre_generate_files() {
     fi
 }
 
+clang_version() {
+    if command -v clang > /dev/null ; then
+        clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
+    else
+        echo 0  # report version 0 for "no clang"
+    fi
+}
+
 ################################################################
 #### Helpers for components using libtestdriver1
 ################################################################
@@ -907,6 +915,18 @@ helper_get_psa_curve_list () {
     echo "$loc_list"
 }
 
+# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
+# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
+# in the following helpers.
+helper_get_psa_dh_group_list () {
+    loc_list=""
+    for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
+        loc_list="$loc_list $item"
+    done
+
+    echo "$loc_list"
+}
+
 # Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
 # is useful to easily get a list of key type symbols to accelerate.
 # The function accepts a single argument which is the key type: ECC, DH, RSA.
@@ -1059,8 +1079,8 @@ component_check_test_dependencies () {
     echo "!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH" >> $expected
     # No PSA equivalent - used to skip decryption tests in PSA-ECB, CBC/XTS/NIST_KW/DES
     echo "!MBEDTLS_BLOCK_CIPHER_NO_DECRYPT" >> $expected
-    # This is used by import_rsa_made_up() in test_suite_psa_crypto in order
-    # to build a fake RSA key of the wanted size based on
+    # MBEDTLS_ASN1_WRITE_C is used by import_rsa_made_up() in test_suite_psa_crypto
+    # in order to build a fake RSA key of the wanted size based on
     # PSA_VENDOR_RSA_MAX_KEY_BITS. The legacy module is only used by
     # the test code and that's probably the most convenient way of achieving
     # the test's goal.
@@ -1069,9 +1089,6 @@ component_check_test_dependencies () {
     echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
     # No PSA equivalent - needed by some init tests
     echo "MBEDTLS_ENTROPY_NV_SEED" >> $expected
-    # Used by two tests that are about an extension to the PSA standard;
-    # as such, no PSA equivalent.
-    echo "MBEDTLS_PEM_PARSE_C" >> $expected
 
     # Compare reality with expectation.
     # We want an exact match, to ensure the above list remains up-to-date.
@@ -1552,6 +1569,7 @@ component_test_full_no_cipher_no_psa_crypto () {
     scripts/config.py unset MBEDTLS_CMAC_C
     scripts/config.py unset MBEDTLS_NIST_KW_C
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+    scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
     scripts/config.py unset MBEDTLS_SSL_TLS_C
     scripts/config.py unset MBEDTLS_SSL_TICKET_C
     # Disable features that depend on PSA_CRYPTO_C
@@ -2374,6 +2392,26 @@ component_test_depends_py_pkalgs_psa () {
     tests/scripts/depends.py pkalgs
 }
 
+component_test_psa_crypto_config_ffdh_2048_only () {
+    msg "build: full config - only DH 2048"
+
+    scripts/config.py full
+
+    # Disable all DH groups other than 2048.
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_3072
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_4096
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_6144
+    scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_DH_RFC7919_8192
+
+    make CFLAGS="$ASAN_CFLAGS -Werror" LDFLAGS="$ASAN_CFLAGS"
+
+    msg "test: full config - only DH 2048"
+    make test
+
+    msg "ssl-opt: full config - only DH 2048"
+    tests/ssl-opt.sh -f "ffdh"
+}
+
 component_build_no_pk_rsa_alt_support () {
     msg "build: !MBEDTLS_PK_RSA_ALT_SUPPORT" # ~30s
 
@@ -2430,11 +2468,12 @@ component_build_dhm_alt () {
     make CFLAGS='-Werror -Wall -Wextra -I../tests/include/alt-dummy' lib
 }
 
-component_test_no_use_psa_crypto_full_cmake_asan() {
-    # full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
-    msg "build: cmake, full config minus MBEDTLS_USE_PSA_CRYPTO, ASan"
+component_test_no_psa_crypto_full_cmake_asan() {
+    # full minus MBEDTLS_PSA_CRYPTO_C: run the same set of tests as basic-build-test.sh
+    msg "build: cmake, full config minus PSA crypto, ASan"
     scripts/config.py full
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
+    scripts/config.py unset MBEDTLS_PSA_CRYPTO_CLIENT
     scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
     scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
     scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
@@ -2445,22 +2484,22 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
     CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
     make
 
-    msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    msg "test: main suites (full minus PSA crypto)"
     make test
 
     # Note: ssl-opt.sh has some test cases that depend on
     # MBEDTLS_ECP_RESTARTABLE && !MBEDTLS_USE_PSA_CRYPTO
     # This is the only component where those tests are not skipped.
-    msg "test: ssl-opt.sh (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    msg "test: ssl-opt.sh (full minus PSA crypto)"
     tests/ssl-opt.sh
 
-    msg "test: compat.sh default (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    msg "test: compat.sh default (full minus PSA crypto)"
     tests/compat.sh
 
-    msg "test: compat.sh NULL (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    msg "test: compat.sh NULL (full minus PSA crypto)"
     tests/compat.sh -f 'NULL'
 
-    msg "test: compat.sh ARIA + ChachaPoly (full minus MBEDTLS_USE_PSA_CRYPTO)"
+    msg "test: compat.sh ARIA + ChachaPoly (full minus PSA crypto)"
     env OPENSSL="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
 }
 
@@ -2553,7 +2592,8 @@ component_test_psa_crypto_config_accel_ffdh () {
 
     # Algorithms and key types to accelerate
     loc_accel_list="ALG_FFDH \
-                    $(helper_get_psa_key_type_list "DH")"
+                    $(helper_get_psa_key_type_list "DH") \
+                    $(helper_get_psa_dh_group_list)"
 
     # Configure
     # ---------
@@ -2752,12 +2792,6 @@ common_test_psa_crypto_config_accel_ecc_some_curves () {
     scripts/config.py unset MBEDTLS_PK_C
     scripts/config.py unset MBEDTLS_PK_PARSE_C
     scripts/config.py unset MBEDTLS_PK_WRITE_C
-    # We need to disable RSA too or PK will be re-enabled.
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_RSA_[0-9A-Z_a-z]*"
-    scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_ALG_RSA_[0-9A-Z_a-z]*"
-    scripts/config.py unset MBEDTLS_RSA_C
-    scripts/config.py unset MBEDTLS_PKCS1_V15
-    scripts/config.py unset MBEDTLS_PKCS1_V21
 
     # Disable modules that are accelerated - some will be re-enabled
     scripts/config.py unset MBEDTLS_ECDSA_C
@@ -3085,6 +3119,7 @@ config_psa_crypto_config_accel_ecc_ffdh_no_bignum() {
         # PSA sides, and also disable the key exchanges that depend on DHM.
         scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_FFDH
         scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_KEY_TYPE_DH_[0-9A-Z_a-z]*"
+        scripts/config.py -f "$CRYPTO_CONFIG_H" unset-all "PSA_WANT_DH_RFC7919_[0-9]*"
         scripts/config.py unset MBEDTLS_DHM_C
         scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
         scripts/config.py unset MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
@@ -3139,7 +3174,8 @@ common_test_psa_crypto_config_accel_ecc_ffdh_no_bignum () {
     if [ "$test_target" = "ECC_DH" ]; then
         loc_accel_list="$loc_accel_list \
                         ALG_FFDH \
-                        $(helper_get_psa_key_type_list "DH")"
+                        $(helper_get_psa_key_type_list "DH") \
+                        $(helper_get_psa_dh_group_list)"
     fi
 
     # Configure
@@ -4692,14 +4728,8 @@ component_test_aesni_m32 () { # ~ 60s
 }
 
 support_test_aesni_m32_clang() {
-    support_test_aesni_m32 && if command -v clang > /dev/null ; then
-        # clang >= 4 is required to build with target attributes
-        clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
-        [[ "${clang_ver}" -ge 4 ]]
-    else
-        # clang not available
-        false
-    fi
+    # clang >= 4 is required to build with target attributes
+    support_test_aesni_m32 && [[ $(clang_version) -ge 4 ]]
 }
 
 component_test_aesni_m32_clang() {
@@ -4750,9 +4780,8 @@ component_build_aes_aesce_armcc () {
 }
 
 support_build_aes_armce() {
-    # clang >= 4 is required to build with AES extensions
-    ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
-    [ "${ver}" -ge 11 ]
+    # clang >= 11 is required to build with AES extensions
+    [[ $(clang_version) -ge 11 ]]
 }
 
 component_build_aes_armce () {
@@ -4807,15 +4836,8 @@ component_build_aes_armce () {
 }
 
 support_build_sha_armce() {
-    if command -v clang > /dev/null ; then
-        # clang >= 4 is required to build with SHA extensions
-        clang_ver="$(clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#')"
-
-        [[ "${clang_ver}" -ge 4 ]]
-    else
-        # clang not available
-        false
-    fi
+    # clang >= 4 is required to build with SHA extensions
+    [[ $(clang_version) -ge 4 ]]
 }
 
 component_build_sha_armce () {
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 6503f9a27..8c7f21f85 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -562,6 +562,11 @@ KNOWN_TASKS = {
                     # but these are not available in the accelerated component.
                     re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'),
                 ],
+                'test_suite_pkcs5': [
+                    # The AES part of PKCS#5 PBES2 is not yet supported.
+                    # The rest of PKCS#5 (PBKDF2) works, though.
+                    re.compile(r'PBES2 .* AES-.*')
+                ],
                 'test_suite_pkparse': [
                     # PEM (called by pkparse) requires AES_C in order to decrypt
                     # the key, but this is not available in the accelerated
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
index fdb264d7b..8b28590b8 100755
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ b/tests/scripts/generate_tls13_compat_tests.py
@@ -353,6 +353,19 @@ class MbedTLSBase(TLSProgram):
             ret += ["groups={named_groups}".format(named_groups=named_groups)]
         return ret
 
+    #pylint: disable=missing-function-docstring
+    def add_ffdh_group_requirements(self, requirement_list):
+        if 'ffdhe2048' in self._named_groups:
+            requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
+        if 'ffdhe3072' in self._named_groups:
+            requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
+        if 'ffdhe4096' in self._named_groups:
+            requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
+        if 'ffdhe6144' in self._named_groups:
+            requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
+        if 'ffdhe8192' in self._named_groups:
+            requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
+
     def pre_checks(self):
         ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
                'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
@@ -365,13 +378,14 @@ class MbedTLSBase(TLSProgram):
                 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
 
         ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448']
-        ffdh_groups = ['ffdhe2048']
+        ffdh_groups = ['ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192']
 
         if any(x in ec_groups for x in self._named_groups):
             ret.append('requires_config_enabled PSA_WANT_ALG_ECDH')
 
         if any(x in ffdh_groups for x in self._named_groups):
             ret.append('requires_config_enabled PSA_WANT_ALG_FFDH')
+            self.add_ffdh_group_requirements(ret)
 
         return ret
 
diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py
index 0d56ddfd9..8d70cbca3 100755
--- a/tests/scripts/test_psa_compliance.py
+++ b/tests/scripts/test_psa_compliance.py
@@ -27,22 +27,10 @@ from mbedtls_dev import build_tree
 # The test numbers correspond to the numbers used by the console output of the test suite.
 # Test number 2xx corresponds to the files in the folder
 # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
-EXPECTED_FAILURES = {
-    # psa_hash_suspend() and psa_hash_resume() are not supported.
-    # - Tracked in issue #3274
-    262, 263
-}
+EXPECTED_FAILURES = {} # type: dict
 
-# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches
-# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite.
-# These fixes allow the tests numbered 216, 248 and 249 to complete successfully.
-#
-# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag.
-# - Tracked in issue #5145
-#
-# Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-3
-PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git'
-PSA_ARCH_TESTS_REF = 'fix-pr-5736'
+PSA_ARCH_TESTS_REPO = 'https://github.com/ARM-software/psa-arch-tests.git'
+PSA_ARCH_TESTS_REF = 'v23.06_API1.5_ADAC_EAC'
 
 #pylint: disable=too-many-branches,too-many-statements,too-many-locals
 def main(library_build_dir: str):
diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c
index c85e2caaf..913f5e387 100644
--- a/tests/src/bignum_helpers.c
+++ b/tests/src/bignum_helpers.c
@@ -135,7 +135,7 @@ int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
     }
     if (negative) {
         if (mbedtls_mpi_cmp_int(X, 0) == 0) {
-            ++mbedtls_test_case_uses_negative_0;
+            mbedtls_test_increment_case_uses_negative_0();
         }
         X->s = -1;
     }
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index eb28919b8..da0b54a00 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -13,6 +13,10 @@
 #include <test/psa_crypto_helpers.h>
 #endif
 
+#if defined(MBEDTLS_THREADING_C)
+#include "mbedtls/threading.h"
+#endif
+
 /*----------------------------------------------------------------------------*/
 /* Static global variables */
 
@@ -20,7 +24,267 @@
 static mbedtls_platform_context platform_ctx;
 #endif
 
-mbedtls_test_info_t mbedtls_test_info;
+static mbedtls_test_info_t mbedtls_test_info;
+
+#ifdef MBEDTLS_THREADING_C
+mbedtls_threading_mutex_t mbedtls_test_info_mutex;
+#endif /* MBEDTLS_THREADING_C */
+
+/*----------------------------------------------------------------------------*/
+/* Mbedtls Test Info accessors */
+
+mbedtls_test_result_t mbedtls_test_get_result(void)
+{
+    mbedtls_test_result_t result;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    result =  mbedtls_test_info.result;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return result;
+}
+
+void mbedtls_test_set_result(mbedtls_test_result_t result, const char *test,
+                             int line_no, const char *filename)
+{
+    /* Internal function only - mbedtls_test_info_mutex should be held prior
+     * to calling this function. */
+
+    mbedtls_test_info.result = result;
+    mbedtls_test_info.test = test;
+    mbedtls_test_info.line_no = line_no;
+    mbedtls_test_info.filename = filename;
+}
+
+const char *mbedtls_test_get_test(void)
+{
+    const char *test;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    test = mbedtls_test_info.test;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return test;
+}
+const char *mbedtls_get_test_filename(void)
+{
+    const char *filename;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    /* It should be ok just to pass back the pointer here, as it is going to
+     * be a pointer into non changing data. */
+    filename = mbedtls_test_info.filename;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return filename;
+}
+
+int mbedtls_test_get_line_no(void)
+{
+    int line_no;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    line_no = mbedtls_test_info.line_no;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return line_no;
+}
+
+void mbedtls_test_increment_step(void)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    ++mbedtls_test_info.step;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+
+unsigned long mbedtls_test_get_step(void)
+{
+    unsigned long step;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    step = mbedtls_test_info.step;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return step;
+}
+
+void mbedtls_test_reset_step(void)
+{
+    /* Internal function only - mbedtls_test_info_mutex should be held prior
+     * to calling this function. */
+
+    mbedtls_test_info.step = (unsigned long) (-1);
+}
+
+void mbedtls_test_set_step(unsigned long step)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    mbedtls_test_info.step = step;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+
+void mbedtls_test_get_line1(char *line)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH);
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+
+void mbedtls_test_set_line1(const char *line)
+{
+    /* Internal function only - mbedtls_test_info_mutex should be held prior
+     * to calling this function. */
+
+    if (line == NULL) {
+        memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH);
+    } else {
+        memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH);
+    }
+}
+
+void mbedtls_test_get_line2(char *line)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH);
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+
+void mbedtls_test_set_line2(const char *line)
+{
+    /* Internal function only - mbedtls_test_info_mutex should be held prior
+     * to calling this function. */
+
+    if (line == NULL) {
+        memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH);
+    } else {
+        memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH);
+    }
+}
+
+
+#if defined(MBEDTLS_TEST_MUTEX_USAGE)
+const char *mbedtls_test_get_mutex_usage_error(void)
+{
+    return mbedtls_test_info.mutex_usage_error;
+}
+
+void mbedtls_test_set_mutex_usage_error(const char *msg)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) {
+        mbedtls_test_info.mutex_usage_error = msg;
+    }
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
+
+#if defined(MBEDTLS_BIGNUM_C)
+
+unsigned mbedtls_test_get_case_uses_negative_0(void)
+{
+    unsigned test_case_uses_negative_0 = 0;
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+    test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    return test_case_uses_negative_0;
+}
+
+void mbedtls_test_set_case_uses_negative_0(unsigned uses)
+{
+    /* Internal function only - mbedtls_test_info_mutex should be held prior
+     * to calling this function. */
+
+    mbedtls_test_info.case_uses_negative_0 = uses;
+}
+
+void mbedtls_test_increment_case_uses_negative_0(void)
+{
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    ++mbedtls_test_info.case_uses_negative_0;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
+
+#endif /* MBEDTLS_BIGNUM_C */
+
+#ifdef MBEDTLS_TEST_MUTEX_USAGE
+mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void)
+{
+    return &mbedtls_test_info_mutex;
+}
+
+#endif /* MBEDTLS_TEST_MUTEX_USAGE */
 
 /*----------------------------------------------------------------------------*/
 /* Helper Functions */
@@ -44,11 +308,19 @@ int mbedtls_test_platform_setup(void)
     ret = mbedtls_platform_setup(&platform_ctx);
 #endif /* MBEDTLS_PLATFORM_C */
 
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_init(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
     return ret;
 }
 
 void mbedtls_test_platform_teardown(void)
 {
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_free(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
 #if defined(MBEDTLS_PLATFORM_C)
     mbedtls_platform_teardown(&platform_ctx);
 #endif /* MBEDTLS_PLATFORM_C */
@@ -71,46 +343,53 @@ int mbedtls_test_ascii2uc(const char c, unsigned char *uc)
 
 void mbedtls_test_fail(const char *test, int line_no, const char *filename)
 {
-    if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
-        /* We've already recorded the test as having failed. Don't
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    /* Don't use accessor, we already hold mutex. */
+    if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
+        /* If we have already recorded the test as having failed then don't
          * overwrite any previous information about the failure. */
-        return;
+        mbedtls_test_set_result(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename);
     }
-    mbedtls_test_info.result = MBEDTLS_TEST_RESULT_FAILED;
-    mbedtls_test_info.test = test;
-    mbedtls_test_info.line_no = line_no;
-    mbedtls_test_info.filename = filename;
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
 }
 
 void mbedtls_test_skip(const char *test, int line_no, const char *filename)
 {
-    mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SKIPPED;
-    mbedtls_test_info.test = test;
-    mbedtls_test_info.line_no = line_no;
-    mbedtls_test_info.filename = filename;
-}
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
 
-void mbedtls_test_set_step(unsigned long step)
-{
-    mbedtls_test_info.step = step;
-}
+    mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename);
 
-#if defined(MBEDTLS_BIGNUM_C)
-unsigned mbedtls_test_case_uses_negative_0 = 0;
-#endif
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+}
 
 void mbedtls_test_info_reset(void)
 {
-    mbedtls_test_info.result = MBEDTLS_TEST_RESULT_SUCCESS;
-    mbedtls_test_info.step = (unsigned long) (-1);
-    mbedtls_test_info.test = 0;
-    mbedtls_test_info.line_no = 0;
-    mbedtls_test_info.filename = 0;
-    memset(mbedtls_test_info.line1, 0, sizeof(mbedtls_test_info.line1));
-    memset(mbedtls_test_info.line2, 0, sizeof(mbedtls_test_info.line2));
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    mbedtls_test_set_result(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0);
+    mbedtls_test_reset_step();
+    mbedtls_test_set_line1(NULL);
+    mbedtls_test_set_line2(NULL);
+
 #if defined(MBEDTLS_BIGNUM_C)
-    mbedtls_test_case_uses_negative_0 = 0;
+    mbedtls_test_set_case_uses_negative_0(0);
 #endif
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
 }
 
 int mbedtls_test_equal(const char *test, int line_no, const char *filename,
@@ -123,20 +402,31 @@ int mbedtls_test_equal(const char *test, int line_no, const char *filename,
         return 1;
     }
 
-    if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
-        /* We've already recorded the test as having failed. Don't
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    /* Don't use accessor, as we already hold mutex. */
+    if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
+        /* If we've already recorded the test as having failed then don't
          * overwrite any previous information about the failure. */
-        return 0;
+
+        char buf[MBEDTLS_TEST_LINE_LENGTH];
+        mbedtls_test_fail(test, line_no, filename);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "lhs = 0x%016llx = %lld",
+                                value1, (long long) value1);
+        mbedtls_test_set_line1(buf);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "rhs = 0x%016llx = %lld",
+                                value2, (long long) value2);
+        mbedtls_test_set_line2(buf);
     }
-    mbedtls_test_fail(test, line_no, filename);
-    (void) mbedtls_snprintf(mbedtls_test_info.line1,
-                            sizeof(mbedtls_test_info.line1),
-                            "lhs = 0x%016llx = %lld",
-                            value1, (long long) value1);
-    (void) mbedtls_snprintf(mbedtls_test_info.line2,
-                            sizeof(mbedtls_test_info.line2),
-                            "rhs = 0x%016llx = %lld",
-                            value2, (long long) value2);
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
     return 0;
 }
 
@@ -150,20 +440,31 @@ int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
         return 1;
     }
 
-    if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
-        /* We've already recorded the test as having failed. Don't
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    /* Don't use accessor, we already hold mutex. */
+    if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
+        /* If we've already recorded the test as having failed then don't
          * overwrite any previous information about the failure. */
-        return 0;
+
+        char buf[MBEDTLS_TEST_LINE_LENGTH];
+        mbedtls_test_fail(test, line_no, filename);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "lhs = 0x%016llx = %llu",
+                                value1, value1);
+        mbedtls_test_set_line1(buf);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "rhs = 0x%016llx = %llu",
+                                value2, value2);
+        mbedtls_test_set_line2(buf);
     }
-    mbedtls_test_fail(test, line_no, filename);
-    (void) mbedtls_snprintf(mbedtls_test_info.line1,
-                            sizeof(mbedtls_test_info.line1),
-                            "lhs = 0x%016llx = %llu",
-                            value1, value1);
-    (void) mbedtls_snprintf(mbedtls_test_info.line2,
-                            sizeof(mbedtls_test_info.line2),
-                            "rhs = 0x%016llx = %llu",
-                            value2, value2);
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
     return 0;
 }
 
@@ -177,20 +478,31 @@ int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
         return 1;
     }
 
-    if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED) {
-        /* We've already recorded the test as having failed. Don't
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_lock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
+    /* Don't use accessor, we already hold mutex. */
+    if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
+        /* If we've already recorded the test as having failed then don't
          * overwrite any previous information about the failure. */
-        return 0;
+
+        char buf[MBEDTLS_TEST_LINE_LENGTH];
+        mbedtls_test_fail(test, line_no, filename);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "lhs = 0x%016llx = %lld",
+                                (unsigned long long) value1, value1);
+        mbedtls_test_set_line1(buf);
+        (void) mbedtls_snprintf(buf, sizeof(buf),
+                                "rhs = 0x%016llx = %lld",
+                                (unsigned long long) value2, value2);
+        mbedtls_test_set_line2(buf);
     }
-    mbedtls_test_fail(test, line_no, filename);
-    (void) mbedtls_snprintf(mbedtls_test_info.line1,
-                            sizeof(mbedtls_test_info.line1),
-                            "lhs = 0x%016llx = %lld",
-                            (unsigned long long) value1, value1);
-    (void) mbedtls_snprintf(mbedtls_test_info.line2,
-                            sizeof(mbedtls_test_info.line2),
-                            "rhs = 0x%016llx = %lld",
-                            (unsigned long long) value2, value2);
+
+#ifdef MBEDTLS_THREADING_C
+    mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
+#endif /* MBEDTLS_THREADING_C */
+
     return 0;
 }
 
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index f8b36e1fa..560b7113d 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -414,6 +414,21 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
                                                   PSA_KEY_DERIVATION_INPUT_INFO,
                                                   input2,
                                                   input2_length));
+    } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) {
+        PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+                                                  PSA_KEY_DERIVATION_INPUT_SALT,
+                                                  input1, input1_length));
+        PSA_ASSERT(psa_key_derivation_input_key(operation,
+                                                PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                key));
+    } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) {
+        PSA_ASSERT(psa_key_derivation_input_key(operation,
+                                                PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                key));
+        PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+                                                  PSA_KEY_DERIVATION_INPUT_INFO,
+                                                  input2,
+                                                  input2_length));
     } else if (PSA_ALG_IS_TLS12_PRF(alg) ||
                PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
         PSA_ASSERT(psa_key_derivation_input_bytes(operation,
@@ -436,6 +451,10 @@ int mbedtls_test_psa_setup_key_derivation_wrap(
         PSA_ASSERT(psa_key_derivation_input_key(operation,
                                                 PSA_KEY_DERIVATION_INPUT_PASSWORD,
                                                 key));
+    } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        PSA_ASSERT(psa_key_derivation_input_bytes(operation,
+                                                  PSA_KEY_DERIVATION_INPUT_SECRET,
+                                                  input1, input1_length));
     } else {
         TEST_FAIL("Key derivation algorithm not supported");
     }
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 2368a7654..980c19218 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -841,6 +841,23 @@ int mbedtls_test_ssl_endpoint_init(
     }
 #endif
 
+#if defined(MBEDTLS_DEBUG_C)
+#if defined(MBEDTLS_SSL_SRV_C)
+    if (endpoint_type == MBEDTLS_SSL_IS_SERVER &&
+        options->srv_log_fun != NULL) {
+        mbedtls_ssl_conf_dbg(&(ep->conf), options->srv_log_fun,
+                             options->srv_log_obj);
+    }
+#endif
+#if defined(MBEDTLS_SSL_CLI_C)
+    if (endpoint_type == MBEDTLS_SSL_IS_CLIENT &&
+        options->cli_log_fun != NULL) {
+        mbedtls_ssl_conf_dbg(&(ep->conf), options->cli_log_fun,
+                             options->cli_log_obj);
+    }
+#endif
+#endif /* MBEDTLS_DEBUG_C */
+
     ret = mbedtls_test_ssl_endpoint_certificate_init(ep, options->pk_alg,
                                                      options->opaque_alg,
                                                      options->opaque_alg2,
@@ -1977,6 +1994,12 @@ void mbedtls_test_ssl_perform_handshake(
     mbedtls_test_message_socket_init(&server_context);
     mbedtls_test_message_socket_init(&client_context);
 
+#if defined(MBEDTLS_DEBUG_C)
+    if (options->cli_log_fun || options->srv_log_fun) {
+        mbedtls_debug_set_threshold(4);
+    }
+#endif
+
     /* Client side */
     if (options->dtls != 0) {
         TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
@@ -2000,14 +2023,6 @@ void mbedtls_test_ssl_perform_handshake(
         set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
     }
 
-#if defined(MBEDTLS_DEBUG_C)
-    if (options->cli_log_fun) {
-        mbedtls_debug_set_threshold(4);
-        mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
-                             options->cli_log_obj);
-    }
-#endif
-
     /* Server side */
     if (options->dtls != 0) {
         TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
@@ -2072,14 +2087,6 @@ void mbedtls_test_ssl_perform_handshake(
     }
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-#if defined(MBEDTLS_DEBUG_C)
-    if (options->srv_log_fun) {
-        mbedtls_debug_set_threshold(4);
-        mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
-                             options->srv_log_obj);
-    }
-#endif
-
     TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
                                                  &(server.socket),
                                                  BUFFSIZE) == 0);
@@ -2419,4 +2426,40 @@ int mbedtls_test_tweak_tls13_certificate_msg_vector_len(
     return 0;
 }
 #endif /* MBEDTLS_TEST_HOOKS */
+
+/*
+ * Functions for tests based on tickets. Implementations of the
+ * write/parse ticket interfaces as defined by mbedtls_ssl_ticket_write/parse_t.
+ * Basically same implementations as in ticket.c without the encryption. That
+ * way we can tweak easily tickets characteristics to simulate misbehaving
+ * peers.
+ */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+int mbedtls_test_ticket_write(
+    void *p_ticket, const mbedtls_ssl_session *session,
+    unsigned char *start, const unsigned char *end,
+    size_t *tlen, uint32_t *lifetime)
+{
+    int ret;
+    ((void) p_ticket);
+
+    if ((ret = mbedtls_ssl_session_save(session, start, end - start,
+                                        tlen)) != 0) {
+        return ret;
+    }
+
+    /* Maximum ticket lifetime as defined in RFC 8446 */
+    *lifetime = 7 * 24 * 3600;
+
+    return 0;
+}
+
+int mbedtls_test_ticket_parse(void *p_ticket, mbedtls_ssl_session *session,
+                              unsigned char *buf, size_t len)
+{
+    ((void) p_ticket);
+
+    return mbedtls_ssl_session_load(session, buf, len);
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
 #endif /* MBEDTLS_SSL_TLS_C */
diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c
index 5fbf65b2d..ff0c712fa 100644
--- a/tests/src/threading_helpers.c
+++ b/tests/src/threading_helpers.c
@@ -6,8 +6,74 @@
  */
 
 #include <test/helpers.h>
+#include <test/threading_helpers.h>
 #include <test/macros.h>
 
+#include "mbedtls/threading.h"
+
+#if defined(MBEDTLS_THREADING_C)
+
+#if defined(MBEDTLS_THREADING_PTHREAD)
+
+static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)(
+                                               void *), void *thread_data)
+{
+    if (thread == NULL || thread_func == NULL) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
+
+    if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) {
+        return MBEDTLS_ERR_THREADING_THREAD_ERROR;
+    }
+
+    return 0;
+}
+
+static int threading_thread_join_pthread(mbedtls_test_thread_t *thread)
+{
+    if (thread == NULL) {
+        return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+    }
+
+    if (pthread_join(thread->thread, NULL) != 0) {
+        return MBEDTLS_ERR_THREADING_THREAD_ERROR;
+    }
+
+    return 0;
+}
+
+int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
+                                  void *thread_data) = threading_thread_create_pthread;
+int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread;
+
+#endif /* MBEDTLS_THREADING_PTHREAD */
+
+#if defined(MBEDTLS_THREADING_ALT)
+
+static int threading_thread_create_fail(mbedtls_test_thread_t *thread,
+                                        void *(*thread_func)(void *),
+                                        void *thread_data)
+{
+    (void) thread;
+    (void) thread_func;
+    (void) thread_data;
+
+    return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+}
+
+static int threading_thread_join_fail(mbedtls_test_thread_t *thread)
+{
+    (void) thread;
+
+    return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
+}
+
+int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
+                                  void *thread_data) = threading_thread_create_fail;
+int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail;
+
+#endif /* MBEDTLS_THREADING_ALT */
+
 #if defined(MBEDTLS_TEST_MUTEX_USAGE)
 
 #include "mbedtls/threading.h"
@@ -109,9 +175,7 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
 {
     (void) mutex;
 
-    if (mbedtls_test_info.mutex_usage_error == NULL) {
-        mbedtls_test_info.mutex_usage_error = msg;
-    }
+    mbedtls_test_set_mutex_usage_error(msg);
     mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
     /* Don't mark the test as failed yet. This way, if the test fails later
      * for a functional reason, the test framework will report the message
@@ -119,40 +183,60 @@ static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
      * mbedtls_test_mutex_usage_check() will mark it as failed. */
 }
 
+static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex)
+{
+    /* If we attempt to run tests on this mutex then we are going to run into a
+     * couple of problems:
+     * 1. If any test on this mutex fails, we are going to deadlock when
+     * reporting that failure, as we already hold the mutex at that point.
+     * 2. Given the 'global' position of the initialization and free of this
+     * mutex, it will be shown as leaked on the first test run. */
+    if (mutex == mbedtls_test_get_info_mutex()) {
+        return 0;
+    }
+
+    return 1;
+}
+
 static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
 {
     mutex_functions.init(mutex);
 
-    if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
-        mutex->state = MUTEX_IDLE;
-        ++live_mutexes;
+    if (mbedtls_test_mutex_can_test(mutex)) {
+        if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+            mutex->state = MUTEX_IDLE;
+            ++live_mutexes;
 
-        mutex_functions.unlock(&mbedtls_test_mutex_mutex);
+            mutex_functions.unlock(&mbedtls_test_mutex_mutex);
+        }
     }
 }
 
 static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
 {
-    if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+    if (mbedtls_test_mutex_can_test(mutex)) {
+        if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
 
-        switch (mutex->state) {
-            case MUTEX_FREED:
-                mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
-                break;
-            case MUTEX_IDLE:
-                mutex->state = MUTEX_FREED;
-                --live_mutexes;
-                break;
-            case MUTEX_LOCKED:
-                mbedtls_test_mutex_usage_error(mutex, "free without unlock");
-                break;
-            default:
-                mbedtls_test_mutex_usage_error(mutex, "corrupted state");
-                break;
+            switch (mutex->state) {
+                case MUTEX_FREED:
+                    mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
+                    break;
+                case MUTEX_IDLE:
+                    mutex->state = MUTEX_FREED;
+                    --live_mutexes;
+                    break;
+                case MUTEX_LOCKED:
+                    mbedtls_test_mutex_usage_error(mutex, "free without unlock");
+                    break;
+                default:
+                    mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+                    break;
+            }
+
+            mutex_functions.unlock(&mbedtls_test_mutex_mutex);
         }
-
-        mutex_functions.unlock(&mbedtls_test_mutex_mutex);
     }
+
     mutex_functions.free(mutex);
 }
 
@@ -162,26 +246,30 @@ static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
      * is to hold the passed in and internal mutex - otherwise we create a race
      * condition. */
     int ret = mutex_functions.lock(mutex);
-    if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
-        switch (mutex->state) {
-            case MUTEX_FREED:
-                mbedtls_test_mutex_usage_error(mutex, "lock without init");
-                break;
-            case MUTEX_IDLE:
-                if (ret == 0) {
-                    mutex->state = MUTEX_LOCKED;
-                }
-                break;
-            case MUTEX_LOCKED:
-                mbedtls_test_mutex_usage_error(mutex, "double lock");
-                break;
-            default:
-                mbedtls_test_mutex_usage_error(mutex, "corrupted state");
-                break;
-        }
 
-        mutex_functions.unlock(&mbedtls_test_mutex_mutex);
+    if (mbedtls_test_mutex_can_test(mutex)) {
+        if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+            switch (mutex->state) {
+                case MUTEX_FREED:
+                    mbedtls_test_mutex_usage_error(mutex, "lock without init");
+                    break;
+                case MUTEX_IDLE:
+                    if (ret == 0) {
+                        mutex->state = MUTEX_LOCKED;
+                    }
+                    break;
+                case MUTEX_LOCKED:
+                    mbedtls_test_mutex_usage_error(mutex, "double lock");
+                    break;
+                default:
+                    mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+                    break;
+            }
+
+            mutex_functions.unlock(&mbedtls_test_mutex_mutex);
+        }
     }
+
     return ret;
 }
 
@@ -190,23 +278,26 @@ static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
     /* Lock the internal mutex first and change state, so that the only way to
      * change the state is to hold the passed in and internal mutex - otherwise
      * we create a race condition. */
-    if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
-        switch (mutex->state) {
-            case MUTEX_FREED:
-                mbedtls_test_mutex_usage_error(mutex, "unlock without init");
-                break;
-            case MUTEX_IDLE:
-                mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
-                break;
-            case MUTEX_LOCKED:
-                mutex->state = MUTEX_IDLE;
-                break;
-            default:
-                mbedtls_test_mutex_usage_error(mutex, "corrupted state");
-                break;
+    if (mbedtls_test_mutex_can_test(mutex)) {
+        if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
+            switch (mutex->state) {
+                case MUTEX_FREED:
+                    mbedtls_test_mutex_usage_error(mutex, "unlock without init");
+                    break;
+                case MUTEX_IDLE:
+                    mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
+                    break;
+                case MUTEX_LOCKED:
+                    mutex->state = MUTEX_IDLE;
+                    break;
+                default:
+                    mbedtls_test_mutex_usage_error(mutex, "corrupted state");
+                    break;
+            }
+            mutex_functions.unlock(&mbedtls_test_mutex_mutex);
         }
-        mutex_functions.unlock(&mbedtls_test_mutex_mutex);
     }
+
     return mutex_functions.unlock(mutex);
 }
 
@@ -233,17 +324,15 @@ void mbedtls_test_mutex_usage_check(void)
          * negative number means a missing init somewhere. */
         mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
         live_mutexes = 0;
-        if (mbedtls_test_info.mutex_usage_error == NULL) {
-            mbedtls_test_info.mutex_usage_error = "missing free";
-        }
+        mbedtls_test_set_mutex_usage_error("missing free");
     }
-    if (mbedtls_test_info.mutex_usage_error != NULL &&
-        mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
+    if (mbedtls_test_get_mutex_usage_error() != NULL &&
+        mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) {
         /* Functionally, the test passed. But there was a mutex usage error,
          * so mark the test as failed after all. */
         mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
     }
-    mbedtls_test_info.mutex_usage_error = NULL;
+    mbedtls_test_set_mutex_usage_error(NULL);
 }
 
 void mbedtls_test_mutex_usage_end(void)
@@ -257,3 +346,5 @@ void mbedtls_test_mutex_usage_end(void)
 }
 
 #endif /* MBEDTLS_TEST_MUTEX_USAGE */
+
+#endif /* MBEDTLS_THREADING_C */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 26c5a796f..fd2fc0a1b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -13614,6 +13614,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_3072
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13638,6 +13639,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_3072
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
@@ -13656,6 +13658,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_4096
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13680,6 +13683,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_4096
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
@@ -13698,6 +13702,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_6144
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13721,6 +13726,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_6144
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
          "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
@@ -13739,6 +13745,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_8192
 requires_gnutls_tls1_3
 requires_gnutls_next_no_ticket
 requires_gnutls_next_disable_tls13_compat
@@ -13763,6 +13770,7 @@ requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
 requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
 requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
 requires_config_enabled PSA_WANT_ALG_FFDH
+requires_config_enabled PSA_WANT_DH_RFC7919_8192
 client_needs_more_time 4
 run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
          "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 86ff5b489..b5f5796e4 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -8,6 +8,7 @@
 #include <test/random.h>
 #include <test/bignum_helpers.h>
 #include <test/psa_crypto_helpers.h>
+#include <test/threading_helpers.h>
 
 #include <errno.h>
 #include <limits.h>
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index cc286973c..eb42a07eb 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -371,14 +371,12 @@ static void write_outcome_entry(FILE *outcome_file,
  * \param missing_unmet_dependencies Non-zero if there was a problem tracking
  *                                   all unmet dependencies, 0 otherwise.
  * \param ret                        The test dispatch status (DISPATCH_xxx).
- * \param info                       A pointer to the test info structure.
  */
 static void write_outcome_result(FILE *outcome_file,
                                  size_t unmet_dep_count,
                                  int unmet_dependencies[],
                                  int missing_unmet_dependencies,
-                                 int ret,
-                                 const mbedtls_test_info_t *info)
+                                 int ret)
 {
     if (outcome_file == NULL) {
         return;
@@ -401,7 +399,7 @@ static void write_outcome_result(FILE *outcome_file,
                 }
                 break;
             }
-            switch (info->result) {
+            switch (mbedtls_test_get_result()) {
                 case MBEDTLS_TEST_RESULT_SUCCESS:
                     mbedtls_fprintf(outcome_file, "PASS;");
                     break;
@@ -410,8 +408,9 @@ static void write_outcome_result(FILE *outcome_file,
                     break;
                 default:
                     mbedtls_fprintf(outcome_file, "FAIL;%s:%d:%s",
-                                    info->filename, info->line_no,
-                                    info->test);
+                                    mbedtls_get_test_filename(),
+                                    mbedtls_test_get_line_no(),
+                                    mbedtls_test_get_test());
                     break;
             }
             break;
@@ -614,7 +613,7 @@ int execute_tests(int argc, const char **argv)
                 break;
             }
             mbedtls_fprintf(stdout, "%s%.66s",
-                            mbedtls_test_info.result == MBEDTLS_TEST_RESULT_FAILED ?
+                            mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_FAILED ?
                             "\n" : "", buf);
             mbedtls_fprintf(stdout, " ");
             for (i = strlen(buf) + 1; i < 67; i++) {
@@ -690,7 +689,7 @@ int execute_tests(int argc, const char **argv)
             write_outcome_result(outcome_file,
                                  unmet_dep_count, unmet_dependencies,
                                  missing_unmet_dependencies,
-                                 ret, &mbedtls_test_info);
+                                 ret);
             if (unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE) {
                 total_skipped++;
                 mbedtls_fprintf(stdout, "----");
@@ -715,30 +714,33 @@ int execute_tests(int argc, const char **argv)
                 unmet_dep_count = 0;
                 missing_unmet_dependencies = 0;
             } else if (ret == DISPATCH_TEST_SUCCESS) {
-                if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SUCCESS) {
+                if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SUCCESS) {
                     mbedtls_fprintf(stdout, "PASS\n");
-                } else if (mbedtls_test_info.result == MBEDTLS_TEST_RESULT_SKIPPED) {
+                } else if (mbedtls_test_get_result() == MBEDTLS_TEST_RESULT_SKIPPED) {
                     mbedtls_fprintf(stdout, "----\n");
                     total_skipped++;
                 } else {
+                    char line_buffer[MBEDTLS_TEST_LINE_LENGTH];
+
                     total_errors++;
                     mbedtls_fprintf(stdout, "FAILED\n");
                     mbedtls_fprintf(stdout, "  %s\n  at ",
-                                    mbedtls_test_info.test);
-                    if (mbedtls_test_info.step != (unsigned long) (-1)) {
+                                    mbedtls_test_get_test());
+                    if (mbedtls_test_get_step() != (unsigned long) (-1)) {
                         mbedtls_fprintf(stdout, "step %lu, ",
-                                        mbedtls_test_info.step);
+                                        mbedtls_test_get_step());
                     }
                     mbedtls_fprintf(stdout, "line %d, %s",
-                                    mbedtls_test_info.line_no,
-                                    mbedtls_test_info.filename);
-                    if (mbedtls_test_info.line1[0] != 0) {
-                        mbedtls_fprintf(stdout, "\n  %s",
-                                        mbedtls_test_info.line1);
+                                    mbedtls_test_get_line_no(),
+                                    mbedtls_get_test_filename());
+
+                    mbedtls_test_get_line1(line_buffer);
+                    if (line_buffer[0] != 0) {
+                        mbedtls_fprintf(stdout, "\n  %s", line_buffer);
                     }
-                    if (mbedtls_test_info.line2[0] != 0) {
-                        mbedtls_fprintf(stdout, "\n  %s",
-                                        mbedtls_test_info.line2);
+                    mbedtls_test_get_line2(line_buffer);
+                    if (line_buffer[0] != 0) {
+                        mbedtls_fprintf(stdout, "\n  %s", line_buffer);
                     }
                 }
                 fflush(stdout);
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index f1748d114..a454ebaf7 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -16,7 +16,7 @@
  * END_DEPENDENCIES
  */
 
-/* BEGIN_CASE depends_on:NOT_DEFINED */
+/* BEGIN_CASE */
 void aria_invalid_param()
 {
     mbedtls_aria_context ctx;
@@ -52,8 +52,10 @@ void aria_invalid_param()
                                          output));
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
+#if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB)
 exit:
     return;
+#endif
 
 }
 /* END_CASE */
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index c90f1bbbb..50be2d2f1 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -24,7 +24,7 @@ static int sign_is_valid(const mbedtls_mpi *X)
      * we sometimes test the robustness of library functions when given
      * a negative zero input. If a test case has a negative zero as input,
      * we don't mind if the function has a negative zero output. */
-    if (!mbedtls_test_case_uses_negative_0 &&
+    if (!mbedtls_test_get_case_uses_negative_0() &&
         mbedtls_mpi_bitlen(X) == 0 && X->s != 1) {
         return 0;
     }
@@ -143,6 +143,26 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void mpi_zero_length_buffer_is_null()
+{
+    mbedtls_mpi X;
+    size_t olen;
+
+    mbedtls_mpi_init(&X);
+
+    /* Simply test that the following functions do not crash when a NULL buffer
+     * pointer and 0 length is passed. We don't care much about the return value. */
+    TEST_EQUAL(mbedtls_mpi_read_binary(&X, NULL, 0), 0);
+    TEST_EQUAL(mbedtls_mpi_read_binary_le(&X, NULL, 0), 0);
+    TEST_EQUAL(mbedtls_mpi_write_string(&X, 16, NULL, 0, &olen), MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL);
+    TEST_EQUAL(mbedtls_mpi_write_binary(&X, NULL, 0), 0);
+
+exit:
+    mbedtls_mpi_free(&X);
+}
+/* END_CASE */
+
 /* BEGIN_CASE */
 void mpi_read_binary(data_t *buf, char *input_A)
 {
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 9d068f146..c53e42a8f 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -82,6 +82,9 @@ mpi_read_write_string:16:"":2:"0":4:0:0
 Test mpi_write_string #10 (Negative hex with odd number of digits)
 mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
 
+Provide NULL buffer with 0 length
+mpi_zero_length_buffer_is_null
+
 Base test mbedtls_mpi_read_binary #1
 mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424"
 
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 425c43ef1..720eb3e08 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -347,19 +347,24 @@ exit:
 void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count)
 {
     size_t thread_count = (size_t) arg_thread_count;
-    pthread_t *threads = NULL;
+    mbedtls_test_thread_t *threads = NULL;
 
     unsigned char out[16];
     unsigned char *entropy = NULL;
 
     const size_t n_random_calls = thread_count * thread_random_reps + 1;
 
-    /* Based on the size of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA512. */
+    /* This is a known-answer test, and although tests use a mock entropy
+     * function the input entropy length will still affect the output.
+     * We therefore need to pick a fixed entropy length, rather than using the
+     * default entropy length (MBEDTLS_CTR_DRBG_ENTROPY_LEN). We've chosen to
+     * use the default value of MBEDTLS_CTR_DRBG_ENTROPY_LEN for SHA-512,
+     * as this was the value used when the expected answers were calculated. */
     const size_t entropy_len = 48;
 
     AES_PSA_INIT();
 
-    TEST_CALLOC(threads, sizeof(pthread_t) * thread_count);
+    TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count);
     memset(out, 0, sizeof(out));
 
     mbedtls_ctr_drbg_context ctx;
@@ -367,8 +372,8 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count)
 
     test_offset_idx = 0;
 
-    /* Need to do this, otherwise if we are forced into using SHA256 for
-     * whaever reason, output will differ. */
+    /* Need to set a non-default fixed entropy len, to ensure same output across
+     * all configs - see above for details. */
     mbedtls_ctr_drbg_set_entropy_len(&ctx, entropy_len);
 
     if (reseed == 0) {
@@ -393,13 +398,13 @@ void ctr_drbg_threads(data_t *expected_result, int reseed, int arg_thread_count)
 
     for (size_t i = 0; i < thread_count; i++) {
         TEST_EQUAL(
-            pthread_create(&threads[i], NULL,
-                           thread_random_function, (void *) &ctx),
+            mbedtls_test_thread_create(&threads[i],
+                                       thread_random_function, (void *) &ctx),
             0);
     }
 
     for (size_t i = 0; i < thread_count; i++) {
-        TEST_EQUAL(pthread_join(threads[i], NULL), 0);
+        TEST_EQUAL(mbedtls_test_thread_join(&threads[i]), 0);
     }
 
     /* Take a last output for comparing and thus verifying the DRBG state */
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index b9610406b..eeefc9597 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -1,5 +1,5 @@
 /* BEGIN_HEADER */
-#include "mbedtls/debug.h"
+#include "debug_internal.h"
 #include "string.h"
 #include "mbedtls/pk.h"
 
diff --git a/tests/suites/test_suite_dhm.function b/tests/suites/test_suite_dhm.function
index e6f75de77..20905940b 100644
--- a/tests/suites/test_suite_dhm.function
+++ b/tests/suites/test_suite_dhm.function
@@ -31,7 +31,7 @@ static int check_dhm_param_output(const mbedtls_mpi *expected,
     int ok = 0;
     mbedtls_mpi_init(&actual);
 
-    ++mbedtls_test_info.step;
+    mbedtls_test_increment_step();
 
     TEST_ASSERT(size >= *offset + 2);
     n = (buffer[*offset] << 8) | buffer[*offset + 1];
diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function
index 599c9266e..8bb7b8b8e 100644
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@@ -153,6 +153,21 @@ exit:
     mbedtls_free(output);
 }
 
+static void gcm_reset_ctx(mbedtls_gcm_context *ctx, const uint8_t *key,
+                          size_t key_bits, const uint8_t *iv, size_t iv_len,
+                          int starts_ret)
+{
+    int mode = MBEDTLS_GCM_ENCRYPT;
+    mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
+
+    mbedtls_gcm_init(ctx);
+    TEST_EQUAL(mbedtls_gcm_setkey(ctx, valid_cipher, key, key_bits), 0);
+    TEST_EQUAL(starts_ret, mbedtls_gcm_starts(ctx, mode, iv, iv_len));
+exit:
+    /* empty */
+    return;
+}
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -478,6 +493,118 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+/* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of IV should
+ * satisfy 1 <= bit_len(IV) <= 2^64 - 1. */
+void gcm_invalid_iv_len(void)
+{
+    mbedtls_gcm_context ctx;
+    mbedtls_gcm_init(&ctx);
+    uint8_t b16[16] = { 0 };
+
+    BLOCK_CIPHER_PSA_INIT();
+
+    // Invalid IV length 0
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 0, MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+
+    // Only testable on platforms where sizeof(size_t) >= 8.
+#if SIZE_MAX >= UINT64_MAX
+    // Invalid IV length 2^61
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, 1ULL << 61, MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+#endif
+
+    goto exit; /* To suppress error that exit is defined but not used */
+exit:
+    mbedtls_gcm_free(&ctx);
+    BLOCK_CIPHER_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_add_len_too_long(void)
+{
+    // Only testable on platforms where sizeof(size_t) >= 8.
+#if SIZE_MAX >= UINT64_MAX
+    mbedtls_gcm_context ctx;
+    mbedtls_gcm_init(&ctx);
+    uint8_t b16[16] = { 0 };
+    BLOCK_CIPHER_PSA_INIT();
+
+    /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of AD should
+     * be <= 2^64 - 1, ie < 2^64. This is the minimum invalid length in bytes. */
+    uint64_t len_max = 1ULL << 61;
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Feed AD that just exceeds the length limit
+    TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max),
+               MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Feed AD that just exceeds the length limit in two calls
+    TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
+    TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, len_max - 1),
+               MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Test if potential total AD length overflow is handled properly
+    TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, 1), 0);
+    TEST_EQUAL(mbedtls_gcm_update_ad(&ctx, b16, UINT64_MAX), MBEDTLS_ERR_GCM_BAD_INPUT);
+
+exit:
+    mbedtls_gcm_free(&ctx);
+    BLOCK_CIPHER_PSA_DONE();
+#endif
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void gcm_input_len_too_long(void)
+{
+    // Only testable on platforms where sizeof(size_t) >= 8
+#if SIZE_MAX >= UINT64_MAX
+    mbedtls_gcm_context ctx;
+    uint8_t b16[16] = { 0 };
+    uint8_t out[1];
+    size_t out_len;
+    mbedtls_gcm_init(&ctx);
+    BLOCK_CIPHER_PSA_INIT();
+
+    /* NISP SP 800-38D, Section 5.2.1.1 requires that bit length of input should
+     * be <= 2^39 - 256. This is the maximum valid length in bytes. */
+    uint64_t len_max = (1ULL << 36) - 32;
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Feed input that just exceeds the length limit
+    TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max + 1, out, len_max + 1,
+                                  &out_len),
+               MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Feed input that just exceeds the length limit in two calls
+    TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
+    TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, len_max, out, len_max, &out_len),
+               MBEDTLS_ERR_GCM_BAD_INPUT);
+    mbedtls_gcm_free(&ctx);
+
+    gcm_reset_ctx(&ctx, b16, sizeof(b16) * 8, b16, sizeof(b16), 0);
+    // Test if potential total input length overflow is handled properly
+    TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, 1, out, 1, &out_len), 0);
+    TEST_EQUAL(mbedtls_gcm_update(&ctx, b16, UINT64_MAX, out, UINT64_MAX,
+                                  &out_len),
+               MBEDTLS_ERR_GCM_BAD_INPUT);
+
+exit:
+    mbedtls_gcm_free(&ctx);
+    BLOCK_CIPHER_PSA_DONE();
+#endif
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_CCM_GCM_CAN_AES */
 void gcm_selftest()
 {
diff --git a/tests/suites/test_suite_gcm.misc.data b/tests/suites/test_suite_gcm.misc.data
index f22b7a3b7..108630ee8 100644
--- a/tests/suites/test_suite_gcm.misc.data
+++ b/tests/suites/test_suite_gcm.misc.data
@@ -1,2 +1,14 @@
 GCM - Invalid parameters
 gcm_invalid_param:
+
+GCM - Invalid IV length
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_invalid_iv_len:
+
+GCM - Additional data length too long
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_add_len_too_long:
+
+GCM - Input length too long
+depends_on:MBEDTLS_GCM_C:MBEDTLS_CCM_GCM_CAN_AES
+gcm_input_len_too_long:
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index af1e20c46..341495883 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -680,3 +680,432 @@ pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSA:MBEDTLS_MD_SHA512
 PSA wrapped sign ext: RSA2048, PK_RSASSA_PSS, MD_SHA512
 depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512:MBEDTLS_RSA_C
 pk_psa_wrap_sign_ext:MBEDTLS_PK_RSA:2048:MBEDTLS_PK_RSASSA_PSS:MBEDTLS_MD_SHA512
+
+PSA attributes for pk: NONE (bad)
+pk_get_psa_attributes_fail:MBEDTLS_PK_NONE:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_BAD_INPUT_DATA
+
+# There is a (negative) test for pk_type=MBEDTLS_PK_RSA_ALT in pk_rsa_alt().
+
+# Bad usage due to not specifying sign/crypt/derive.
+PSA attributes for pk: RSA usage=0 (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+# Bad usage due to not specifying sign/crypt/derive.
+PSA attributes for pk: RSA usage=EXPORT (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+# This usage could make sense, but is not currently supported.
+PSA attributes for pk: RSA usage=DECRYPT|EXPORT (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+# Bad usage due to specifying more than one of sign/crypt/derive.
+PSA attributes for pk: RSA usage=DECRYPT|SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+# This usage could make sense, but is not currently supported.
+PSA attributes for pk: RSA usage=SIGN_MESSAGE|SIGN_HASH (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+# This usage could make sense, but is not currently supported.
+PSA attributes for pk: RSA usage=SIGN_MESSAGE|VERIFY_MESSAGE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: RSA v15 pair DECRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA attributes for pk: RSA v21 SHA-256 pair DECRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA attributes for pk: RSA v21 SHA-512 pair DECRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_DECRYPT:1:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
+
+PSA attributes for pk: RSA v15 pair->public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA attributes for pk: RSA v21 SHA-256 pair->public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA attributes for pk: RSA v21 SHA-512 pair->public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:1:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
+
+PSA attributes for pk: RSA v15 public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_PKCS1V15_CRYPT
+
+PSA attributes for pk: RSA v21 SHA-256 public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA256
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA256:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_256)
+
+PSA attributes for pk: RSA v21 SHA-512 public ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21:MBEDTLS_MD_CAN_SHA512
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_SHA512:0:PSA_KEY_USAGE_ENCRYPT:0:PSA_ALG_RSA_OAEP(PSA_ALG_SHA_512)
+
+PSA attributes for pk: RSA v15 public DECRYPT (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: RSA v15 pair SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 pair SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 pair SIGN_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 pair SIGN_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 pair->public VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 pair->public VERIFY_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 pair->public VERIFY_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 public VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 public VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 public VERIFY_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v21 SHA-256 public VERIFY_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V21
+pk_rsa_v21_get_psa_attributes:MBEDTLS_MD_NONE:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: RSA v15 public SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: RSA v15 public SIGN_HASH (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: RSA v15 pair DERIVE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: RSA v15 public DERIVE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME:MBEDTLS_PKCS1_V15
+pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY pair DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA pair DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY public DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA public DECRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY pair ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA pair ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY public ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA public ENCRYPT (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY pair DERIVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
+
+PSA attributes for pk: ECKEY_DH pair DERIVE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
+
+PSA attributes for pk: ECDSA pair DERIVE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY public DERIVE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public DERIVE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA public DERIVE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY pair SIGN_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA pair SIGN_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY pair SIGN_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA pair SIGN_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY pair->public VERIFY_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA pair->public VERIFY_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:1:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY public VERIFY_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA public VERIFY_MESSAGE
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY public VERIFY_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECDSA public VERIFY_HASH
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
+
+PSA attributes for pk: ECKEY public SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA public SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY public SIGN_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECDSA public SIGN_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:1:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public SIGN_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public VERIFY_MESSAGE (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: ECKEY_DH public VERIFY_HASH (bad)
+depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:0:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
+
+PSA attributes for pk: opaque RSA pair, 0 & SIGN_MESSAGE (bad policy)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, SIGN|VERIFY & SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, SIGN|DECRYPT & SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
+
+PSA attributes for pk: opaque RSA pair, SIGN|... & SIGN_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+
+PSA attributes for pk: opaque RSA pair, SIGN_MESSAGE & SIGN_HASH (bad policy)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+# For a PK_OPAQUE key, mbedtls_pk_get_psa_attributes() ignores the input
+# key's algorithm policy. Just this time, test with a few different algorithms.
+PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [0]
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [raw]
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [v15]
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, SIGN_HASH & SIGN_HASH [PSS]
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque RSA pair, 0 & DECRYPT (bad policy)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:0:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque RSA pair, DECRYPT & DECRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_DECRYPT
+
+PSA attributes for pk: opaque RSA pair, DECRYPT|... & DECRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+
+PSA attributes for pk: opaque RSA pair, ... & DERIVE (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque RSA pair, ... & EXPORT (bad)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque RSA pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque RSA pair->public, VERIFY_HASH & VERIFY_HASH
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque RSA pair->public, ENCRYPT & ENCRYPT
+depends_on:MBEDTLS_RSA_C:MBEDTLS_GENPRIME
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_RSA_KEY_PAIR:MBEDTLS_RSA_GEN_KEY_MIN_BITS:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_ENCRYPT:0:0:PSA_KEY_USAGE_ENCRYPT
+
+PSA attributes for pk: opaque ECC pair, 0 & SIGN_MESSAGE (bad policy)
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:0:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque ECC pair, SIGN_MESSAGE & SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque ECC pair, SIGN|VERIFY & SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque ECC pair, SIGN|DECRYPT & SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_DECRYPT
+
+PSA attributes for pk: opaque ECC pair, SIGN|... & SIGN_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_MESSAGE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT
+
+PSA attributes for pk: opaque ECC pair, SIGN_HASH & SIGN_HASH
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_SIGN_HASH:0:1:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_SIGN_MESSAGE
+
+PSA attributes for pk: opaque ECC pair, ... & DERIVE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE:0:1:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE
+
+PSA attributes for pk: opaque ECC pair, ... & DECRYPT (bad)
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque ECC pair, ... & EXPORT (bad)
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE | PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_DECRYPT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDH:PSA_KEY_USAGE_EXPORT:MBEDTLS_ERR_PK_TYPE_MISMATCH:1:0
+
+PSA attributes for pk: opaque ECC pair->public, VERIFY_MESSAGE & VERIFY_MESSAGE
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_MESSAGE:0:0:PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque ECC pair->public, VERIFY_HASH & VERIFY_HASH
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_VERIFY_HASH:0:0:PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE
+
+PSA attributes for pk: opaque ECC pair->public, ENCRYPT & ENCRYPT (bad)
+depends_on:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
+pk_get_psa_attributes_opaque:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_ENCRYPT:PSA_ALG_ECDSA_ANY:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH:0:0
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index f05444317..257430702 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -6,6 +6,7 @@
 #include "mbedtls/asn1.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/ecp.h"
+#include "mbedtls/error.h"
 #include "mbedtls/rsa.h"
 #include "pk_internal.h"
 
@@ -35,6 +36,30 @@
 #define MBEDTLS_TEST_PK_PSA_SIGN
 #endif
 
+/* MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE is enabled when PSA supports
+ * at least one elliptic curve. This is distinct from
+ * PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY because that symbol can be enabled even
+ * when there are no curves. This happens in particular in a configuration
+ * with MBEDTLS_PSA_CRYPTO_CONFIG disabled and where the only legacy curve
+ * is secp224k1, which is not supported in PSA. */
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256) || \
+    defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384) || \
+    defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512) || \
+    defined(PSA_WANT_ECC_MONTGOMERY_255) || \
+    defined(PSA_WANT_ECC_MONTGOMERY_448) || \
+    defined(PSA_WANT_ECC_SECP_K1_192) || \
+    defined(PSA_WANT_ECC_SECP_K1_224) || \
+    defined(PSA_WANT_ECC_SECP_K1_256) || \
+    defined(PSA_WANT_ECC_SECP_R1_192) || \
+    defined(PSA_WANT_ECC_SECP_R1_224) || \
+    defined(PSA_WANT_ECC_SECP_R1_256) || \
+    defined(PSA_WANT_ECC_SECP_R1_384) || \
+    defined(PSA_WANT_ECC_SECP_R1_521)
+#define MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
+#endif
+#endif
+
 #if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
 static int pk_genkey_ec(mbedtls_pk_context *pk, mbedtls_ecp_group_id grp_id)
 {
@@ -111,7 +136,14 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
         mbedtls_pk_get_type(pk) == MBEDTLS_PK_ECDSA) {
         int ret;
 
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+        ret = pk_genkey_ec(pk, curve_or_keybits);
+        if (ret != 0) {
+            return ret;
+        }
+
+        return 0;
+#else
         ret = mbedtls_ecp_group_load(&mbedtls_pk_ec_rw(*pk)->grp, curve_or_keybits);
         if (ret != 0) {
             return ret;
@@ -120,15 +152,6 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
                                        &mbedtls_pk_ec_rw(*pk)->d,
                                        &mbedtls_pk_ec_rw(*pk)->Q,
                                        mbedtls_test_rnd_std_rand, NULL);
-#endif /* MBEDTLS_ECP_C */
-
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
-        ret = pk_genkey_ec(pk, curve_or_keybits);
-        if (ret != 0) {
-            return ret;
-        }
-
-        return 0;
 #endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
 
     }
@@ -136,6 +159,32 @@ static int pk_genkey(mbedtls_pk_context *pk, int curve_or_keybits)
     return -1;
 }
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+static psa_key_usage_t pk_get_psa_attributes_implied_usage(
+    psa_key_usage_t expected_usage)
+{
+    /* Usage implied universally */
+    if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) {
+        expected_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
+    }
+    if (expected_usage & PSA_KEY_USAGE_VERIFY_HASH) {
+        expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+    }
+    /* Usage implied by mbedtls_pk_get_psa_attributes() */
+    if (expected_usage & PSA_KEY_USAGE_SIGN_HASH) {
+        expected_usage |= PSA_KEY_USAGE_VERIFY_HASH;
+    }
+    if (expected_usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
+        expected_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
+    }
+    if (expected_usage & PSA_KEY_USAGE_DECRYPT) {
+        expected_usage |= PSA_KEY_USAGE_ENCRYPT;
+    }
+    expected_usage |= PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_COPY;
+    return expected_usage;
+}
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
 #if defined(MBEDTLS_RSA_C)
 int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
                              const unsigned char *input, unsigned char *output,
@@ -162,6 +211,127 @@ size_t mbedtls_rsa_key_len_func(void *ctx)
 }
 #endif /* MBEDTLS_RSA_C */
 
+#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+static mbedtls_ecp_group_id ecc_pick_grp_id(void)
+{
+#if defined(MBEDTLS_ECP_LIGHT)
+    return mbedtls_ecp_grp_id_list()[0];
+#elif defined(PSA_WANT_ECC_SECP_R1_192)
+    return MBEDTLS_ECP_DP_SECP192R1;
+#elif defined(PSA_WANT_ECC_SECP_R1_224)
+    return MBEDTLS_ECP_DP_SECP224R1;
+#elif defined(PSA_WANT_ECC_SECP_R1_256)
+    return MBEDTLS_ECP_DP_SECP256R1;
+#elif defined(PSA_WANT_ECC_SECP_R1_384)
+    return MBEDTLS_ECP_DP_SECP384R1;
+#elif defined(PSA_WANT_ECC_SECP_R1_521)
+    return MBEDTLS_ECP_DP_SECP521R1;
+#elif defined(PSA_WANT_ECC_SECP_K1_192)
+    return MBEDTLS_ECP_DP_SECP192K1;
+#elif defined(PSA_WANT_ECC_SECP_K1_224)
+    return MBEDTLS_ECP_DP_SECP224K1;
+#elif defined(PSA_WANT_ECC_SECP_K1_256)
+    return MBEDTLS_ECP_DP_SECP256K1;
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+    return MBEDTLS_ECP_DP_BP256R1;
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+    return MBEDTLS_ECP_DP_BP384R1;
+#elif defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+    return MBEDTLS_ECP_DP_BP512R1;
+#elif defined(PSA_WANT_ECC_MONTGOMERY_255)
+    return MBEDTLS_ECP_DP_CURVE25519;
+#elif defined(PSA_WANT_ECC_MONTGOMERY_448)
+    return MBEDTLS_ECP_DP_CURVE448;
+#else
+    return 0;
+#endif
+}
+#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PK_HAVE_ECC_KEYS) */
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
+                             mbedtls_pk_context *pk, psa_key_type_t *psa_type)
+{
+    if (pk_type == MBEDTLS_PK_NONE) {
+        return 0;
+    }
+    TEST_EQUAL(mbedtls_pk_setup(pk, mbedtls_pk_info_from_type(pk_type)), 0);
+
+    switch (pk_type) {
+#if defined(MBEDTLS_RSA_C)
+        case MBEDTLS_PK_RSA:
+        {
+            *psa_type = PSA_KEY_TYPE_RSA_KEY_PAIR;
+            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
+            if (want_pair) {
+#if defined(MBEDTLS_GENPRIME)
+                TEST_EQUAL(mbedtls_rsa_gen_key(
+                               rsa,
+                               mbedtls_test_rnd_std_rand, NULL,
+                               MBEDTLS_RSA_GEN_KEY_MIN_BITS, 65537), 0);
+#else
+                TEST_FAIL("I don't know how to create an RSA key pair in this configuration.");
+#endif
+            } else {
+                unsigned char N[PSA_BITS_TO_BYTES(MBEDTLS_RSA_GEN_KEY_MIN_BITS)] = { 0xff };
+                N[sizeof(N) - 1] = 0x03;
+                const unsigned char E[1] = { 0x03 };
+                TEST_EQUAL(mbedtls_rsa_import_raw(rsa,
+                                                  N, sizeof(N),
+                                                  NULL, 0, NULL, 0, NULL, 0,
+                                                  E, sizeof(E)), 0);
+                TEST_EQUAL(mbedtls_rsa_complete(rsa), 0);
+            }
+            break;
+        }
+#endif /* MBEDTLS_RSA_C */
+
+#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
+        case MBEDTLS_PK_ECKEY:
+        case MBEDTLS_PK_ECKEY_DH:
+        case MBEDTLS_PK_ECDSA:
+        {
+            mbedtls_ecp_group_id grp_id = ecc_pick_grp_id();
+            size_t bits;
+            *psa_type = PSA_KEY_TYPE_ECC_KEY_PAIR(mbedtls_ecc_group_to_psa(grp_id, &bits));
+            TEST_EQUAL(pk_genkey(pk, grp_id), 0);
+            if (!want_pair) {
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+                psa_key_attributes_t pub_attributes = PSA_KEY_ATTRIBUTES_INIT;
+                psa_set_key_type(&pub_attributes,
+                                 PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type));
+                psa_set_key_usage_flags(&pub_attributes,
+                                        PSA_KEY_USAGE_EXPORT |
+                                        PSA_KEY_USAGE_COPY |
+                                        PSA_KEY_USAGE_VERIFY_MESSAGE |
+                                        PSA_KEY_USAGE_VERIFY_HASH);
+                psa_set_key_algorithm(&pub_attributes, PSA_ALG_ECDSA_ANY);
+                PSA_ASSERT(psa_destroy_key(pk->priv_id));
+                pk->priv_id = MBEDTLS_SVC_KEY_ID_INIT;
+#else
+                mbedtls_ecp_keypair *ec = mbedtls_pk_ec_rw(*pk);
+                mbedtls_mpi_free(&ec->d);
+#endif
+            }
+            break;
+        }
+#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
+
+        default:
+            TEST_FAIL("Unknown PK type in test data");
+            break;
+    }
+
+    if (!want_pair) {
+        *psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(*psa_type);
+    }
+    return 0;
+
+exit:
+    return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
+}
+#endif
+
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
 /*
@@ -1263,6 +1433,14 @@ void pk_rsa_alt()
     TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
     TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
 
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
+                                             PSA_KEY_USAGE_ENCRYPT,
+                                             &attributes),
+               MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
+
     /* Test signature */
 #if SIZE_MAX > UINT_MAX
     TEST_ASSERT(mbedtls_pk_sign(&alt, MBEDTLS_MD_NONE, hash, SIZE_MAX,
@@ -1569,3 +1747,180 @@ exit:
     PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+void pk_get_psa_attributes(int pk_type, int from_pair,
+                           int usage_arg,
+                           int to_pair, int expected_alg)
+{
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_usage_t usage = usage_arg;
+
+    PSA_INIT();
+
+    psa_key_type_t expected_psa_type = 0;
+    TEST_EQUAL(pk_setup_for_type(pk_type, from_pair,
+                                 &pk, &expected_psa_type), 0);
+    if (!to_pair) {
+        expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type);
+    }
+
+    psa_key_lifetime_t lifetime = PSA_KEY_LIFETIME_VOLATILE; //TODO: diversity
+    mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; //TODO: diversity
+    psa_set_key_id(&attributes, key_id);
+    psa_set_key_lifetime(&attributes, lifetime);
+    psa_set_key_enrollment_algorithm(&attributes, 42);
+    psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage);
+
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    /* When the resulting algorithm is ECDSA, the compile-time configuration
+     * can cause it to be either deterministic or randomized ECDSA.
+     * Rather than have two near-identical sets of test data depending on
+     * the configuration, always use randomized in the test data and
+     * tweak the expected result here. */
+    if (expected_alg == PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
+        expected_alg = PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_ANY_HASH);
+    }
+#endif
+
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0);
+
+    TEST_EQUAL(psa_get_key_lifetime(&attributes), lifetime);
+    TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
+                                         key_id));
+    TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
+    TEST_EQUAL(psa_get_key_bits(&attributes),
+               mbedtls_pk_get_bitlen(&pk));
+    TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
+    TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+    TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+
+exit:
+    mbedtls_pk_free(&pk);
+    psa_reset_key_attributes(&attributes);
+    PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_GENPRIME */
+void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
+                                   int usage_arg,
+                                   int to_pair, int expected_alg)
+{
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    psa_key_usage_t usage = usage_arg;
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+
+    PSA_INIT();
+
+    psa_key_type_t expected_psa_type = 0;
+    TEST_EQUAL(pk_setup_for_type(MBEDTLS_PK_RSA, from_pair,
+                                 &pk, &expected_psa_type), 0);
+    mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
+    TEST_EQUAL(mbedtls_rsa_set_padding(rsa, MBEDTLS_RSA_PKCS_V21, md_type), 0);
+    if (!to_pair) {
+        expected_psa_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(expected_psa_type);
+    }
+    psa_key_usage_t expected_usage = pk_get_psa_attributes_implied_usage(usage);
+
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes), 0);
+
+    TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE);
+    TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
+                                         MBEDTLS_SVC_KEY_ID_INIT));
+    TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
+    TEST_EQUAL(psa_get_key_bits(&attributes),
+               mbedtls_pk_get_bitlen(&pk));
+    TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
+    TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+    TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+
+exit:
+    mbedtls_pk_free(&pk);
+    psa_reset_key_attributes(&attributes);
+    PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+void pk_get_psa_attributes_fail(int pk_type, int from_pair,
+                                int usage_arg,
+                                int expected_ret)
+{
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    psa_key_usage_t usage = usage_arg;
+
+    PSA_INIT();
+
+    psa_key_type_t expected_psa_type;
+    TEST_EQUAL(pk_setup_for_type(pk_type, from_pair,
+                                 &pk, &expected_psa_type), 0);
+
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes),
+               expected_ret);
+
+exit:
+    mbedtls_pk_free(&pk);
+    psa_reset_key_attributes(&attributes);
+    PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_USE_PSA_CRYPTO */
+void pk_get_psa_attributes_opaque(int from_type_arg, int from_bits_arg,
+                                  int from_usage_arg, int from_alg_arg,
+                                  int usage_arg,
+                                  int expected_ret,
+                                  int to_pair, int expected_usage_arg)
+{
+    mbedtls_pk_context pk;
+    mbedtls_pk_init(&pk);
+    psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+    mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
+    psa_key_type_t from_type = from_type_arg;
+    size_t bits = from_bits_arg;
+    psa_key_usage_t from_usage = from_usage_arg;
+    psa_algorithm_t alg = from_alg_arg;
+    psa_key_usage_t usage = usage_arg;
+    psa_key_usage_t expected_usage = expected_usage_arg;
+
+    PSA_INIT();
+
+    psa_set_key_type(&attributes, from_type);
+    psa_set_key_bits(&attributes, bits);
+    psa_set_key_usage_flags(&attributes, from_usage);
+    psa_set_key_algorithm(&attributes, alg);
+    psa_set_key_enrollment_algorithm(&attributes, 42);
+    //TODO: test with persistent key
+    PSA_ASSERT(psa_generate_key(&attributes, &key_id));
+    TEST_EQUAL(mbedtls_pk_setup_opaque(&pk, key_id), 0);
+
+    psa_key_type_t expected_psa_type =
+        to_pair ? from_type : PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(from_type);
+
+    TEST_EQUAL(mbedtls_pk_get_psa_attributes(&pk, usage, &attributes),
+               expected_ret);
+
+    if (expected_ret == 0) {
+        TEST_EQUAL(psa_get_key_lifetime(&attributes), PSA_KEY_LIFETIME_VOLATILE);
+        TEST_ASSERT(mbedtls_svc_key_id_equal(psa_get_key_id(&attributes),
+                                             MBEDTLS_SVC_KEY_ID_INIT));
+        TEST_EQUAL(psa_get_key_type(&attributes), expected_psa_type);
+        TEST_EQUAL(psa_get_key_bits(&attributes), bits);
+        TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
+        TEST_EQUAL(psa_get_key_algorithm(&attributes), alg);
+        TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+    }
+
+exit:
+    mbedtls_pk_free(&pk);
+    psa_destroy_key(key_id);
+    psa_reset_key_attributes(&attributes);
+    PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_pkcs5.data b/tests/suites/test_suite_pkcs5.data
index f3ea5536f..52e682321 100644
--- a/tests/suites/test_suite_pkcs5.data
+++ b/tests/suites/test_suite_pkcs5.data
@@ -126,6 +126,18 @@ PBES2 Encrypt, pad=8 (PKCS7 padding disabled)
 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_CIPHER_PADDING_PKCS7
 pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D5510101010101010101010101010101010":138:MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE:""
 
+PBES2 Encrypt, AES-128-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e"
+
+PBES2 Encrypt, AES-192-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94"
+
+PBES2 Encrypt, AES-256-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_CIPHER_PADDING_PKCS7
+pbes2_encrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629":96:0:"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566"
+
 PBES2 Decrypt (OK)
 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC
 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FD980E1C5741FC0DB7":144:0:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF"
@@ -142,6 +154,18 @@ PBES2 Decrypt (Invalid padding & PKCS7 padding enabled)
 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
 pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E04082ED7F24A1D516DD702020800301406082A864886F70D030704088A4FCC9DCC394910":"70617373776f7264":"1B60098D4834CA752D37B430E70B7A085CFF86E21F4849F969DD1DF623342662443F8BD1252BF83CEF6917551B08EF55A69C8F2BFFC93BCB2DFE2E354DA28F896D1BD1BFB972A1251219A6EC7183B0A4CF2C4998449ED786CAE2138437289EB2203974000C38619DA57A4E685D29649284602BD1806131772DA11A682674DC22B2CF109128DDB7FDA3488A7144097565":144:MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH:"308187020100301306072A8648CE3D020106082A8648CE3D030107046D306B0201010420F12A1320760270A83CBFFD53F6031EF76A5D86C8A204F2C30CA9EBF51F0F0EA7A1440342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF060606060607"
 
+PBES2 Decrypt AES-128-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"301B06092A864886F70D01050C300E0408010203040506070802022710301D060960864801650304010204102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"0c953c3a9be1502f4d1df1b82df9d99a61ebd2f60ed570d16b241f70b9e61f329174747d052efe5c39bec9d0f7404f84af242914e2ecb74e6e36e8b4147bd0a092a82df789aa3351e0de9f75b285ccb742806526771c8353ffb66176188b556e":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
+
+PBES2 Decrypt AES-192-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302a06092A864886F70D01050C301d0408010203040506070802022710020118300a06082A864886F70D0209301D060960864801650304011604102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7c648a9df9759ba49283c261269a71bc06d45f6c24ab6431d77b2ecec1fd6d1aa751bd05b1c026fc8ff91baeb1b1838aa0f825b23be79bc09331d0607181e234dfea4ab3cbf7997747516486b6865e85de95dc9b64d45462197c891b31af6c94":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
+
+PBES2 Decrypt AES-256-CBC (OK, generated with OpenSSL)
+depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pbes2_decrypt:MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:"302706092A864886F70D01050C301a0408010203040506070802022710300a06082A864886F70D0209301D060960864801650304012A04102F904F75B47B48A618068D79BD9A826C":"50617373776F726450617373776F726450617373776F7264":"7077e6e8e679962c6feda69c704d58507d143cf77be284f773dfcaa4a5f5e7c1cd5527204916302d435071c01126f4aa76205ce61998d7b8fdf065a77d4a77634376b9968e4722c27f2ac85d79565ff4fca9204d3e4bc8c5bd53c1785bb6e566":96:0:"5468697320697320612066696c6520746f20626520656e6372797074656420776974682050424553322c20776974682061206b65792067656e657261746564207573696e67206120707266202853484132353629"
+
 PBES2 Decrypt (bad params tag)
 depends_on:MBEDTLS_MD_CAN_SHA1:MBEDTLS_DES_C
 pbes2_decrypt:MBEDTLS_ASN1_SEQUENCE:"":"":"":0:MBEDTLS_ERR_PKCS5_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:""
diff --git a/tests/suites/test_suite_pkcs7.function b/tests/suites/test_suite_pkcs7.function
index 65384a855..4c8bf233e 100644
--- a/tests/suites/test_suite_pkcs7.function
+++ b/tests/suites/test_suite_pkcs7.function
@@ -4,6 +4,7 @@
 #include "mbedtls/x509.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
+#include "x509_internal.h"
 #include "mbedtls/oid.h"
 #include "sys/types.h"
 #include "sys/stat.h"
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 638773587..707da7f38 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -890,6 +890,30 @@ Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit
 depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
+Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #99.4 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #99.5 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.pem":"PolarSSLTest":0
+
+Parse RSA Key #99.6 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes128cbc_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #99.7 (PKCS#8 encrypted v2 PBKDF2 AES-192-CBC hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes192cbc_sha384.der":"PolarSSLTest":0
+
+Parse RSA Key #99.8 (PKCS#8 encrypted v2 PBKDF2 AES-256-CBC hmacWithSHA384 DER, 2048-bit)
+depends_on:MBEDTLS_AES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_aes256cbc_sha384.der":"PolarSSLTest":0
+
 Parse Public RSA Key #1 (PKCS#8 wrapped)
 depends_on:MBEDTLS_PEM_PARSE_C
 pk_parse_public_keyfile_rsa:"data_files/rsa_pkcs8_2048_public.pem":0
@@ -1120,78 +1144,6 @@ pk_parse_key:"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 Key ASN1 (First tag not Sequence)
 pk_parse_key:"020100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
 
-Key ASN1 (RSAPrivateKey, incorrect version tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"300100":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, version tag missing)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, invalid version)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3003020101":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct version, incorrect tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"300402010000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct format+values, minimal modulus size (128 bit))
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0
-
-Key ASN1 (RSAPrivateKey, correct format, modulus too small (127 bit))
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct format, modulus even)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct format, d == 0)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct format, d == p == q == 0)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, trailing garbage)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3064020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c00":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, n wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, e wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, d wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, p wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, q wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, dp wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, dq wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
-Key ASN1 (RSAPrivateKey, correct values, qp wrong tag)
-depends_on:MBEDTLS_RSA_C
-pk_parse_key:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
-
 Key ASN1 (ECPrivateKey, empty parameters)
 depends_on:MBEDTLS_PK_HAVE_ECC_KEYS
 pk_parse_key:"30070201010400a000":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index d416b8724..14afef6e9 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -41,6 +41,33 @@ void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
         TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
         rsa = mbedtls_pk_rsa(ctx);
         TEST_EQUAL(mbedtls_rsa_check_privkey(rsa), 0);
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_SIGN_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_SIGN_MESSAGE,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_DECRYPT,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_MESSAGE,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_ENCRYPT,
+                                                 &attributes), 0);
+#endif
     }
 
 exit:
@@ -68,6 +95,21 @@ void pk_parse_public_keyfile_rsa(char *key_file, int result)
         TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_RSA));
         rsa = mbedtls_pk_rsa(ctx);
         TEST_EQUAL(mbedtls_rsa_check_pubkey(rsa), 0);
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_ENCRYPT,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_MESSAGE,
+                                                 &attributes), 0);
+#endif
     }
 
 exit:
@@ -100,6 +142,17 @@ void pk_parse_public_keyfile_ec(char *key_file, int result)
         eckey = mbedtls_pk_ec_ro(ctx);
         TEST_EQUAL(mbedtls_ecp_check_pubkey(&eckey->grp, &eckey->Q), 0);
 #endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_MESSAGE,
+                                                 &attributes), 0);
+#endif
     }
 
 exit:
@@ -124,11 +177,34 @@ void pk_parse_keyfile_ec(char *key_file, char *password, int result)
 
     if (res == 0) {
         TEST_ASSERT(mbedtls_pk_can_do(&ctx, MBEDTLS_PK_ECKEY));
-#if defined(MBEDTLS_ECP_C)
+#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
+        /* PSA keys are already checked on import so nothing to do here. */
+#else
         const mbedtls_ecp_keypair *eckey = mbedtls_pk_ec_ro(ctx);
         TEST_EQUAL(mbedtls_ecp_check_privkey(&eckey->grp, &eckey->d), 0);
-#else
-        /* PSA keys are already checked on import so nothing to do here. */
+#endif
+
+#if defined(MBEDTLS_PSA_CRYPTO_C)
+        psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_SIGN_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_SIGN_MESSAGE,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_DERIVE,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_HASH,
+                                                 &attributes), 0);
+        psa_reset_key_attributes(&attributes);
+        TEST_EQUAL(mbedtls_pk_get_psa_attributes(&ctx,
+                                                 PSA_KEY_USAGE_VERIFY_MESSAGE,
+                                                 &attributes), 0);
 #endif
     }
 
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 733909ebc..c7600903f 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -1,5 +1,5 @@
 /* BEGIN_HEADER */
-#include "mbedtls/pk.h"
+#include "pk_internal.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "psa/crypto_sizes.h"
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 3dd386652..34af94a25 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -496,178 +496,168 @@ PSA import/export RSA keypair: policy forbids export (sign), opaque
 depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:PSA_CRYPTO_DRIVER_TEST
 import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b24":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_VOLATILE, TEST_DRIVER_LOCATION ):1024:0:PSA_ERROR_NOT_PERMITTED:1
 
-# Test PEM import. Note that this is not a PSA feature, it's an Mbed TLS
-# extension which we may drop in the future.
-PSA import/export RSA public key: import PEM
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY:MBEDTLS_PEM_PARSE_C
-import_export:"2d2d2d2d2d424547494e205055424c4943204b45592d2d2d2d2d0a4d4947664d413047435371475349623344514542415155414134474e4144434269514b4267514376425830356275685074312f6274634b7850482f6c706c53710a69714a4843315165346636777353306c7835635255784a4a34524b574b41517475376242494e46454e5354765441357548596c57377249486576456a536433750a355553447641624378686c497a514b7941756557727232553036664c2b466e43775947634d6b79344b357a545474346d4f69712f2f6b637a384865476e6f5a670a3939614454615539615137336d46397277774944415141420a2d2d2d2d2d454e44205055424c4943204b45592d2d2d2d2d0a00":PSA_KEY_TYPE_RSA_PUBLIC_KEY:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0
-
-PSA import/export RSA keypair: import PEM
-depends_on:PSA_WANT_ALG_RSA_PKCS1V15_SIGN:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT:MBEDTLS_PEM_PARSE_C
-import_export:"3082025e02010002818100af057d396ee84fb75fdbb5c2b13c7fe5a654aa8aa2470b541ee1feb0b12d25c79711531249e1129628042dbbb6c120d1443524ef4c0e6e1d8956eeb2077af12349ddeee54483bc06c2c61948cd02b202e796aebd94d3a7cbf859c2c1819c324cb82b9cd34ede263a2abffe4733f077869e8660f7d6834da53d690ef7985f6bc3020301000102818100874bf0ffc2f2a71d14671ddd0171c954d7fdbf50281e4f6d99ea0e1ebcf82faa58e7b595ffb293d1abe17f110b37c48cc0f36c37e84d876621d327f64bbe08457d3ec4098ba2fa0a319fba411c2841ed7be83196a8cdf9daa5d00694bc335fc4c32217fe0488bce9cb7202e59468b1ead119000477db2ca797fac19eda3f58c1024100e2ab760841bb9d30a81d222de1eb7381d82214407f1b975cbbfe4e1a9467fd98adbd78f607836ca5be1928b9d160d97fd45c12d6b52e2c9871a174c66b488113024100c5ab27602159ae7d6f20c3c2ee851e46dc112e689e28d5fcbbf990a99ef8a90b8bb44fd36467e7fc1789ceb663abda338652c3c73f111774902e840565927091024100b6cdbd354f7df579a63b48b3643e353b84898777b48b15f94e0bfc0567a6ae5911d57ad6409cf7647bf96264e9bd87eb95e263b7110b9a1f9f94acced0fafa4d024071195eec37e8d257decfc672b07ae639f10cbb9b0c739d0c809968d644a94e3fd6ed9287077a14583f379058f76a8aecd43c62dc8c0f41766650d725275ac4a1024100bb32d133edc2e048d463388b7be9cb4be29f4b6250be603e70e3647501c97ddde20a4e71be95fd5e71784e25aca4baf25be5738aae59bbfe1c997781447a2b2400":PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_SIGN_RAW:0:1024:0:PSA_SUCCESS:0
-
 PSA import/export FFDH RFC7919 2048 key pair: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048
 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 2048 public key: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048
 import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 3072 key pair: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072
 import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 3072 public key: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072
 import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 4096 key pair: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096
 import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 4096 public key: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096
 import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 6144 key pair: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144
 import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 6144 public key: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144
 import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 8192 key pair: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192
 import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1
 
 PSA import/export FFDH RFC7919 8192 public key: good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192
 import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_SUCCESS:1
 
-PSA import/export FFDH RFC7919 2048 key pair: export not permitterd
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+PSA import/export FFDH RFC7919 2048 key pair: export not permitted
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048
 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_NOT_PERMITTED:1
 
 PSA import/export FFDH RFC7919 2040 key pair: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048
 import_with_data:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 2040 public key: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048
 import_with_data:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):2048:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 3064 key pair: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072
 import_with_data:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E9":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 3064 public key: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072
 import_with_data:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C8":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):3072:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 4088 key pair: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096
 import_with_data:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C655":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 4088 public key: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096
 import_with_data:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):4096:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 6136 key pair: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144
 import_with_data:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF1852":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 6136 public key: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144
 import_with_data:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE688":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):6144:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 8184 key pair: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192
 import_with_data:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE38788122":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 8184 public key: import invalid key length
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192
 import_with_data:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F02811":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):8192:PSA_ERROR_INVALID_ARGUMENT
 
 PSA import/export FFDH RFC7919 2048 key pair: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048
 import_export:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 2048 public key: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048
 import_export:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:2048:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 3072 key pair: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072
 import_export:"A13B0B091871DE0F21FA9031BFFB6F37C485F0553B0468169A04AC0E2710185C9D8B5C5FB01C2846CEBA007298CB0F208DA2CF551C5098281EB4490647B733636EE14F6F4540EA05434AC258090A575D10EF9523AA4B545D27851878FAA04361D9412E3B55645A52BE03EE2E6DF0F83DBA295363E68F7307B5A19E205B655E6CFE005217D69B2F521A61CE23C286426D11A09768B5657A32E9965A49AE2BF4476582A278B7515B3B46F70368F324724ED4A1F36364AB4D6E3ADCA53142834353A9EB37747D26680A4B8D9A30BADACD172872BC677212B328B47B117901B4EA22C8760D7B727FFF276FA4E36082A0605E590F732F24468201DD05BF4A5710C546FAE1B153F8668D6E1A9707340B82493CADCC0721032E627DB9AD3D04124FAA19BB7FBD38FFA4416C05741C688F21B11C63508F5A3F50C219D1A4F46F0D3CC74EBD762A241C328F20C7169566E5E8E60B8F4442497B92A65FE69CD12E57BB4F44ED11A6075541B50FD95BB0224621193779873711B6616F6D9E31DE7D7369E963":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 3072 public key: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072
 import_export:"57214B78F3045CA8996F024B97AFCE32F3B8D24A0F1A6E37F83559C3B07270F830D9EEB40E22BE7D53C8215832C024DF8602815D087CFD546392EC338C2683FF2329BEA2236E94184037284C8A8FE6DC9F56BBEC47C887953FE2AF8700A96ED13B1DD50EA7065C2D102DE1CF037699C47A3A96CC561C5B7E1D5DCE028BB8CEB15EC9B6A8D7E12224B95D893DA596B0C198C0E07C566C7A008C2F260D358DA9D2C2EFD7182B6B03501321408791769D567FC61BE2F9BEF8D58A82AEEA857F088FF89075B0263074FF403EA94673AA2C4728ED966B23BDEB1A240BBEE9343548E02755579FFB158F9BBB11525C5081C0681A969BC6D828F74CF577FA27AEA68A5E56E8505688653590CB9CAA5D76B40BD113764141E1DD7BB09A24023C0EDE10D2C8826FACCD4EC7B2896FE6F2A1E9925C0DFBEB48A4501D57B23A2F6624772664472B5FA76AD952EEE3AABEE33897324DA167ABCD13504F85114A57CA038629437333F6B2D93F8776C8B4ACED82696BEFBE802B3281A2E1FB32A940A4A714C853":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:3072:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 4096 key pair: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096
 import_export:"46EEB441AF38234285F3ED05BC650E370B051170543816366235B4460F6A45736145651F383B4C14AED4BC6E4A08AA1AFBEFBA457C2669362EFBF459F1447A64C25A502F8121362FF68D144BCE30592511FD902DD6338315447C21055DD9BC7AA8348445AF1E9B0C5B970500DABC792C004C897F32FD592CD383DC0B463A3E41E1357D6E5877CA1102A04C78EC3A8E5EACAFE04764D5003FFCA4D3510DF545679C104D53AA79904057FDEF019700081926A0F97686F8E45B8845827DE9FA4926071A1B0B7FD39648B72BA34B1917AC3855071A5EFCA7C45076F06833FD3B9E23ABC65F5DD1876E33D7F81750AB12E95C0385C85FAA7CF45BF14C271EE4BA454E02F4BE6DF3EC7316D0F5D32CAEA39F3558C27455CC9AA77EBC98E51CF4D2C1287714383F1396D51E8CD3C9419DB43136998EBA7A14194C3F86AF7B5CA1A8D50593ECE2073EDB1E28BABF813EE9F3FC653A83E37830B0EA71E62F9B09E549435601385925BE28B359915C2C3304BD210568A5A73582A95351E87767536B9966237696C767B86D3B00193D0659CE583C3D8508E37ED5D5EB75C22BFE65FC1C1B3EE96BC1144EFFC72799D14C7482FA7B0F631814672081C85023A35115F604F76E5E5CE778DD62D353DFF8F35498DFCA710D13BE45C6288F5E7D290E480E4B176B845142380E863A7B12083970ECF6E96D912F8E4CFA7FA0435790501107C65533":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 4096 public key: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096
 import_export:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:4096:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 6144 key pair: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144
 import_export:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 6144 public key: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144
 import_export:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:6144:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 8192 key pair: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192
 import_export:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export FFDH RFC7919 8192 public key: export buffer to small
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192
 import_export:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):0:PSA_ALG_FFDH:0:8192:0:PSA_ERROR_BUFFER_TOO_SMALL:1
 
 PSA import/export-public FFDH RFC7919 public key 2048 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_2048
 import_export_public_key:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"2898897F34E672DAE8E629C6AD5D525A8ECCF88CEEB2F7D456DBC726D4E4A473A57F530BB6A7A67D58A560C2FDF51C9E4826DB48F408150CEAFBD32766C03D277D611139AA9F4017B0125EEA089ECD906EA0854AC0A435507DEC05C3CF2F37F98ED987E13E4795BB44051F231753C9BA3023D1A9E969FD98AC21091F704F6AD5B49B2F95DE7FA0CC1B6D9FC1DAD308EB2D1B021D8EA99959BD0BBA3CD5AD33C4B4A608A74B42B6C0342CBCFE3F41ED0752389D7A982DE512514EEC4C6D1165D3C52485A02EF310E2A4C0B5197FADE3D6F768E81AA01926FEAE92040706A621676200F6F80B51D0B4CAC38A406778D81EF3CB68EAC2E9DC06ED8E47363CE260E0"
 
 PSA import/export-public FFDH RFC7919 key pair 2048 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_2048
 import_export_public_key:"2A45292441157B3C25572F76A5CDF960A7BDBF06731D783C5BF8920FB94CCC3D5DCCF86A3CB66B4E3AEDD23106222458ACF3F72C753CB67C2E19AD399566866FEBC16C3B4DC72773B4709047AE1AEC2D9107C2041B06B86A8F604465B26E0E753D6B10772798B3797232D950A36F2D4B33B04B36DE73AC6B8A7365015DF5745A1F892728B0CA947702C36E3BC646E72E23E80C345DBB014B7F93B36C80B4051F9A716D19B980861E86D62977466565462FBD3C1BB4EFD630DCCBEB351A7FA95602B7FE23903C7C7DC999950493BEC028AC42346858FAD969452DCF1DE9AD445F7F928D63B75FA86E8C1D722AB242D91995D3545A1791D72B0F384E74B45C7C01":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"AA396C4E08F47E499243FF17B3E0D019415A52FB6E31FCA71B2B9F46FE84E3A611757DD414A21E1BE8A8FFD60479348245918F7D771EC4A78733F627F72CE0FE1717EE3950B4DB7982577A332CC66C3F3EEB79CD604568644FD3EDAE35A08F3C75C7A99E1A24CB8B56CF7D102984568C0D93BAB9C760F22BB2AC3BEE62E532010E6EEB5A3FB2ABE1EEE1562C1C8D9AC8F781B7283C846B435F4BD4F437EE4D60B97B6EF6ECE675F199E6A40EEFFDC8C65F2973B662782FD2069AEFC026560FA57DE67474AD1A5C8837FF0644F6D0E79161DE5AC38B4837818A5EC38D335D6ECCCC1F9FC676D3548BA30635C5DB24C02BF86977E401E47C3262B81C84C340D729"
 
 PSA import/export-public FFDH RFC7919 public key 3072 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_3072
 import_export_public_key:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"8B6C629D0251EAA04FF127A9E2D748D744813E6F158F7BA3E4BBC50F928F9EFD689A7DDDA44023F0177DBDA344B2A9B9FED648F911118EA3C4ADBB6D3B1A85880BA80DD28B6E6FBB766D1B6858618013AAFA5A8FD4290E7D52FFD75682CB0EDD99B7AD314F4F4780F00114C344BA0574AD59975DD4FB0A93A46F1BBE98A52C21735381BCB8D3886F0345C4ABDFAD2C1B877E910D64AB4F57CCB419E386E3C81BD09E5755F88E7EA724967AD1C2E8D7AC2B2417CD6B0EB9C1366B413A461BF3249316B71912496EBA269A38E90CB324BA06BEA3B555D5E0D62EF817B2503017AD3D120EAC0CD61FB0A5C71E1C50FEEC90F4CFB11890AF21C2F1EDB501B2BB44AE3CED3C64204033144F293F696FEE4468623B3EFA405C2C00B9CD040B52442DA32C3C23E33930E4129390A5BCD061198C75AFE7DA8FF0EADA0DE931A5233C7C46D36C02B855315084CCDA54BFD155CEEA2C0C17AFB80987C54680828E1B9B2F6D2BB5FA3F7E70455CE8B66AC2D54762BB6D76CF6CE345BCD6CD2AF6A56010F512"
 
 PSA import/export-public FFDH RFC7919 key pair 3072 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_3072
 import_export_public_key:"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"c6dbc8151d22313ab19feea7be0f22f798ff9bec21e9da9b5020b6028395d4a3258f3db0cee7adda3f56864863d4c565498d59b205bcbcc3fc098d78efd4e6b4e09b97971c6fd00cd2fa63bb0b3c7380cc1c19fbb34d077fda61c4a71c254242aa5870786b5d0fd3cb179f64f737eb7ab83b57ca70f93955f49b43869ca2ea441650f48a516137229be2926b02129de4089c9d129df7d76848ecda1bcecda1cf95df195e8e388ee70fac0f1c4d9b38e745b067ee88b32e6d59cb159a95852f18b121f85fedfbb6a2c6962ed70cc1ae471813e1bdc053abacccd1eec79359a6f15ec55d92bbf3890b912fbbb2c029407e1493315394a290f4ce81c0d9dccfbab386b745145cb173b9e08f018d309200691b72acafb313cebf483ff8810080bce9516aa5382a18c3c10965a33176d93d8c51f83d6fca7f606200bb7c779a891fd65dd7ed6972f6835f4e94d928f89f1d0ee204b1ef073a761c65241a76f254695ac31842600aa0753c94e6c805c24ed101bbb26c96928db1166a91c7fea8bc3b90"
 
 PSA import/export-public FFDH RFC7919 public key 4096 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_4096
 import_export_public_key:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"BF50F1FDD8B6B5332047A808088E669F06D6CA71A59CB7CA9FB48EB47E1F179C531B15382D2D0382D18CD77E1A517BAA4175D59795898DABECCA469981E4C69EBC62B35936791F6B03E37EF39945B80503113C97474967AB4832EBD7E30ED4EFA47B49080D69B88FD7BD33847B7E6A7D0024AAD08C829CDAA44EC7C6E4013E6321DD64975E323A9779EE99FA7B210232F20B198A3AB6A0FAC525785777A084AB71EB58367C04FE456EA3EF260C1091FDC94781485784D110CB0EBCF4ADE74FBED11D59FC53CD66B3743603B06587DC47D4DBBE46CAABA2EA3190D0D859D3B5B8AC604F069D178E551E85AC26AD2BEBD22A27E9D517DEF70DBE15ECB5679881D522228377BDFDAC76677B4AEC68853EBA16D72087184ECA46DB62D4DCAADFDB9BF0029CD6C7711DD94ADEC835FE7145F371DAE027711DAC6820720CDFA2A61C97CFE84576B8C462A1FBA5C15F4E3AB55E10285A4F64B7124ECFEB5F517A065A0F1F8D7AA0E5189BDE525A34E7B17B78F15BECCD02CFF8AFB3DDFCF8809B6FD34683D7E87F3810C9658F1A4BD8495C163FB2F012E82CF22183361ABE0035C9A974386DF07886348BFA1F69BA35A77E3903741B9BF8B300D4BF67AB4A25D26EF8ECBD8965A398A2D38538C6BF59636622A404DCA0CCABE06395D209E24FE9DE738152E3A049FADEF4FE9585F84197383DF7AAC40DE842B2333A4C29855C25D40B3B"
 
 PSA import/export-public FFDH RFC7919 key pair 4096 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_4096
 import_export_public_key:"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"e0c2e35be32adb92560e6557d07ba9bab295792063a2724f9e381e9f2644423e73efeb074ddee70388444bc1a67edfe496a6c38eafff45ec500278f9b896a6fb1de4a59461e6fcf1de17867018e0c362876ae107fd4287383989a4ab41cd44844b103cf58085aa52b49527df433446fa5c4665037475e8f78c8d64d5d60a462603d292d02c539329e9d48c25e05083fa98fd6a513c84f0e2ced9121c2f5922559abb5e2fe3081e6bf2256d6043af211a70fe48e371bf683b953f199821fe0fbe924151dc772e72db53492ba5613bcf5661b7ed419fa02f332443be5f8b97908800077306abf6fd796afdbbdbc2badb21501ccee5ed67635b3cf37819f5d1db5370d77960ac0535a029b0af1bf634679367d35db0e7f38bbe0a022392efefc6b8ccf1e9f53bd7ac28012f6bf5e3701476606eb4649c64377b1e0c418840486bb4a286ebaf685449061ee375487e9e9164d0a7c9327c7b667b1933dc3adb11358e76457d594c19b88e8a689107c641d3503a7639159f3cdae7f58398204d29895e84fb82e192b796866c27d8373a36c5c062a445f6fd515e561d7c2328e7424057229689fe7851432f706f21e114f74d21ca3b01f1aa57d2743f28f8dbfa5ef5c584de2012d82ee978bb7cd713001237e76b5ee12e3cc51393cbcfe1717cefdf885022f18e66661097fe1ce91d0508e1931cf3774bd83d8f068711e09943b82355"
 
 PSA import/export-public FFDH RFC7919 public key 6144 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_6144
 import_export_public_key:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D"
 
 PSA import/export-public FFDH RFC7919 key pair 6144 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_6144
 import_export_public_key:"E4012A5FD17FB739867A475501A75212E2C1DA5376693759A1B5FC1523927D0DBF907037232C43416B4AA925D65A154FC1E13F72C7643E431C480A7799F09F66F8CA816E66E82E75B79A6D2C4DB6CB6D7532B020FBC69D7BBE80881A7778C66BEFD4F01450BD8E1DA05FFB59D8331C6E3281E67EDF3EF557A5800D4C1683105EB0BEAC112BFB5421172A637092808765A1648C7AB8DF5F06B612057360F5FC31DB0BA347215DAE18375012019CEDE239E8C1EC5B53981C7835DE8220E18C6E4AB9804B6DEC78F04C2E433A382FB3FB0DE73F8E48ECC3C252A62BC279D6147F5D3D815170468BBD53AF489B4B6F02386F25CAB22B54C9A8178585484DD5885F3D7FC4FD389DAFAB3D6809E72220298A33558F0B441E1CEC15811E8765319BAE0B3F799A2EB86E9966CD889145273B870A0B07B65E0367146608C8F554C587014CEFDF0433370B300DF43AFD59D71F937B23CFF25F9A66BF53AD34125960504450E0F17C275C7DAD24CF527C3F05BC2F53B046563C55D8C40CDA448F102F0B5475F287704A424E76335034DE2847177C0E606A6249D152650E78B22A1A9FE3FC7789C1FE74463BBC5FC71E840294C8B45349A2D045CFE679575950B61F3882D57806F2A9644D8BB3790FA268742AC19C44E7F1724DBDD67A4D8A11E114C7E3EF74195428725A645D54CC9F1F48CA9A7E2EAF3C2261A7E4AE58F9A5D223A1C4922BE932250C49DAB04CE8DB0E3A4A9D87551A2D165B618E3954E980844DA3EE1450A7C9F533B09F085038B7C923F06BC679808682279107804328EE9B7286782C0CDF92333D38900467B039C950C684A60AF5667F343B4BAA658E68967F0EBBA72695AF073A5A08B647D855265544EC291B01ED6420D2FBF878E5B0BC46EB1F8A2C1BD6A945CD8CCB0035BD11023603C0202E1B05551E3E964FD9F1D470D5E4FA08CFDD9E1F11A99E14C550C1024F642147A3B01E58EE3E5D75D5DC4D538243521526CF615C8616172448C8F81F1B36E110C161C109D6308F1F29F188375611C943313945670247AF0C9AFDF25E3226AA07D442A8057FAEAF251D463434EF18524A":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"201757BBAC6FF53E1966C29822B5154F56E332DCE1370D3A117B380D9C63FBD98F027F434EFBE530581BB1A0ACEDF30D749854F6BFC3E2E9F24A75B9109DB1FC787BB2D1DEF56414E6585757C5F84394AE9D7DB98AAADB5BCE0E4E55397B54E5DFAEDFB8CA87E6CAF0FC40E77421129F8D020287E7BD0330F60A7B01257FE36E1270B27D39F96AA464AF60C9DF47979517D7E9F0F68F93138BDC06E8F6F0AB39C90DA731925D26E48C24383425B22244D092BB9D6E3192467A91B27F0073C507D0615C3042F7432903E83494C2214089BACEF60A2D670E9D0EA0DC2F882E6AB90EC26A0CC4F9ED3DAF3912304079AA2447573AC51AAD69F4DFA07A03780922B4C7BACB286767EF758454526319C92F1486FA75E63E8EB2CBCA2A11938FE0BC5A9B50584505E16A3C8E2A599F8E2192BEC986DA602AD980190955B4AC8EF86EAF6EAFCFF7438ACD4DF64E407E675C0A114E04A9360A4431B6C0AB249B023BE89A41DA36FDFAB0FA3247DD9280EC538F724C6AF8CECD22DA87E91959AC12B690175937B7DB09B12FEE5D018802A4E561AE4F671C5569C73E928BBD66A494BBEF7F0DE8F00FED7546068E7F82F6317106885F0138AFD399DF9A8FB83C345840129B485EAD2C570BDAC992515663FCF86769808DFEFB9426D6938E5799104F197D3A3BDFFF8C4BF5E736E8B78FDB01D6C61DEAC56BC9BC8073FD4BABCCFC6D15253CA7F9FBD06F41D3F490965671F778812F5237791223FF9A1E6DBE2DD318570786051A74E58FCD0AA1BAC8CEF0656A1AD230E0578F6EC60C275C7FBAF01053DFE093DF049531282BFE7E459236D9B7315DFDB72105BD2A1509238F1CC488F3CE8907C4F931EF89FAC9D6C7D624D6BE70169A283C97E95E28DA1B90A2311733565BB082BA845BE97EDAB6698EE25E35988149B61ED64F1F41D54CD2EECB8224A22C118666551067F607B5B5C569DC8AF082D3CF0782FFC638F149765F9BE50CC52C157A58936B3E0CAA89891C71F5B960A46020AC8B7F449C8753561812B9CE313A932D3F7FD7AEF526E6BA47FE569A180CB96C5C3081A73407B52D53C6FEE6886D"
 
 PSA import/export-public FFDH RFC7919 public key 8192 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY:PSA_WANT_DH_RFC7919_8192
 import_export_public_key:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187":PSA_KEY_TYPE_DH_PUBLIC_KEY(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187"
 
 PSA import/export-public FFDH RFC7919 key pair 8192 good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT:PSA_WANT_DH_RFC7919_8192
 import_export_public_key:"AE5FA06AE9400A03F48C0201F4BF53263185BA76D07AB16B74869F141AEB365EB162806840F7B97C12561F5C6B9EE27521009341E52672786E10CE1615447F30E4D17F1CA049643A8CFDAC3BF66FB93B6C5C4805287D4E63D5DC895535D993203F309908AC8ABC3A96F5EF4E72E7AF59B1DC9D014EECB5609E03045B5F3C3E6C372DC0639390065C53FC911269B27A5A630BB847C8823127839DB138146E3830087AEB2395F3D0147F0C1B26297A7E657A1A430DEE1CE93C3EBEFD155EECC2298E664D77CABBAA51555C7C65FAC2957CF238F9342A39063B2F9C291D3169923DD7C3C275C591196CA350421788A06077137ECF4C41544672E8DC9E634AAB8F30D4E44C4E3BD93076B35D0A0B37F00416035C621D37FBBB434B5E3D460BD64D41CCEE8C58CB6A586C3450CC264709D065B9874129720ECA3CA5F5920F47EE8E203CCA740EFA510F7541B1241D2E036E43258B1530704D4E3A5F6C0001FC4ED82535DF672602BD421884EF381D485D37734411890A6CCCD7009208C72318F6D558A8A508774666D12E50E6DA6EAB016B147D618D729B441835B7D7B85549501A4B66AF7021EB27857C9059EA301F37B24A5E364F39364F7D406625416B9A00C44730A18C35A7D66508C903320B552CA2651724B4422870320C517B7A0B4C031C692B2D7524D66AB3289460535C6F3EFE2E42378B2927691A008734D407EADC93206DCFEB2ED71AAF7696DEFE34EA307921735FC72B4DB6B70A3381936CD90E384D38DE3C07C4DA7D1DF945EA1796148C40FA29FB5D5F6B2B03311550082ACB87130742910BFA18821380F729791E66454E2289B41FD172A4046B6961374DB62944A7DD572DFFC9B413BCF42773EA14E3562633CF134429FC7AD4F176779302BB421B44AB716AD0752C7D3334648EA3721DB7862D37B1B4C75068B2AA6AF0646A3E758F456E61F894028679F67E6FB9404CC063C005B78E46079984C85FC7A55111B1A7C81A197CF258E60B975FD4307D3AEBEE965D5175F81621E7A67E92CCEE0A503FAD2ADEDBCE717CE1D16177727C3E2205CB6C51D348590A7537013D49765EBBA3BE0588A86B65CCECE87B732AEC3C395D3336349F9366638F567BAEEC782495972869E9084D7A1DA6B97055FBE86EA1979301B62A82501DA13A00523F5C1CD0A6742903ADD15F2670D956BB950B075422CA76485780554D62FA11A461772126334F47CA43CC731BD4F35F48381A341B17154D26492B6185819012D6BAD352AEF19646516E790E49E5BF0FE74ECA7C850D0D75AC74160B953B43211AA5355E967D6305B2E1FC1170A01E4D3715F706680C7F628D41594D8954532338B3F30B90EE2A2DB0C42C7AF348FF12E410F523F81BAD4F41ABF92488726C451E4FFC160BEFC518A44660256687164B2606DB65CA8F8B06EB08A75DFCC0AE387881224C":PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):PSA_ALG_FFDH:0:0:PSA_SUCCESS:"3D1EB2C023E54A123420B9587F6985AFFCF6FE75A2F1768866CBAA10ABD5B7448409EFCE8786C0BD1D325FBAC47119A846C63103DAA8BC5FAF427C69D07AFE2FA0064A8BE9C33E30E6926A57850248EAAD8F0FA887452FF1467064DBE4041950CBFF55763AB58E1F2300C9B133E5D0FBD18604B93EC16BEA9CE340AC92B18DC188629A5D7FEC64601334CDBFEBD8126BE4743440C9A48F03F37298548C2EF226D44C296F440EB1E5F1128F203120ACE6C45D3CA992998CCF68C301CC4A32CF852FA4C2968C62D4016AF526FCD61A56F2BF479743D1EB62AD21120563BC1CE0D0791920BB89D82473F4DE75BCF6A728490F071899F683FCA10DCF6D9605749810A901F1FAAF96DC6AA0AF1CAFCF61E8A51E9E7A1BF5D9E5FDD6D63ED824CFD4016EF0782946F44E44B1B72B4CF9D4CE5E57A93EB738AEC084F02BBA52C385BCC013C720B0B98B78580AFFA84B0D204866B3FA39D73EECF1E0E6921D5484D929C1ADC7975741A308BCB060A43DF556F278F56CBDBDCE07F7CC8292FB27B3CDDB286E4B5A92552308DD8001F4BABC67C56B8DC6E5C4ED8FC4724A89441433EDD58C68E513E1940F5E6DB512574D7A37974E5739E28C03FECA3134AD8817E1A52BEBDCF2EE1F7DC66B09742005902A977DB0D617B8F6CFD75508F00225BE362D53BCA0AF4BE0D2DAD0A64054CA1204E31217F82D4F95315E54AEBF3BF98E2667A35A0017799C5479F369D8692317CABBB78C07D8314153D22110EA7617091ED755041A6E201F1FD76BC258DF84260369BBB2A1A13B5D266844A25E9A8F1D1279C349E0113CAAAB0A3D4510367E754980328B937CF7BEAABDBA39F4EA3CDE5C9BB6ECDA5BC44CC9EB6BEE6F2FF3698FA393DD4F85507415622CD7C0802240F7CE22F75F2DBA7CB7217352B34C57921B975BF2E73B6DA6A34C11192338C80B986AA3707DA64324056FE7EE2C0754045C7BC596B68FFCB501C186F89D618A76144C9CB35B59370D1D3E668F10A9EF6C851F6AD3FA9FA776E9391F3F143D7928F816EE4F56F756BF450E1B4F87A7B19EFB02850C45F6F7BCC87AA8FF27C474269EB53F3F1E28DD4D6BF1C6B16AD97F10418596D1A3EC5F664773FCA1E93743005C7230D5F8549DAEE3472418A648B91834BA7A19834B48D7E6DB57F7BD92887C366D78532A2497D9B9F35D598E79026F586D4DC1577FDA2B9DD5877A521EB9F3C87DFD77F5EC690519E04E702CE3A5203920A7B891F764CB0B2DDEE7EB01CC55EB45F1BECD4514540F10F03ABBA3E4D627DCEF89F1FADF26034C2D7C36E6776C7163D99BF5CADEFDB142A6CD631D3B58269F0116B1016633B7CD4752E2F636614ABDD27592734B8BFF08E155C350808C6072C42E46F2AEDD83EA6FFBF3EA5AA809B0F9DABF6CD8E2E0E1BC998AAAA0698F44B1819B0D7A19C2067F071A932D10F0281187"
 
 PSA import: reject raw data key of length 0
@@ -5456,19 +5446,19 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY
 derive_input:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_DERIVATION_INPUT_SALT:PSA_KEY_TYPE_NONE:"":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":PSA_SUCCESS:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
 
 PSA key derivation: TLS12_ECJPAKE_TO_PMS, good input, output too short
-depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_SUCCESS:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_INVALID_ARGUMENT
 
 PSA key derivation: TLS12_ECJPAKE_TO_PMS, input[0]=0x02
-depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"02aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
 
 PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too short
-depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
 
 PSA key derivation: TLS12_ECJPAKE_TO_PMS, input too long
-depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
 derive_input:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_KEY_DERIVATION_INPUT_SECRET:PSA_KEY_TYPE_NONE:"04aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_ERROR_INVALID_ARGUMENT:0:UNUSED:"":UNUSED:0:UNUSED:"":UNUSED:PSA_KEY_TYPE_NONE:PSA_ERROR_BAD_STATE
 
 PSA key derivation: PBKDF2-HMAC-SHA256, good case, direct output
@@ -6324,6 +6314,53 @@ PSA key derivation: HKDF-Expand SHA-1, request too much capacity
 depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_1
 derive_set_capacity:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_1):255 * PSA_HASH_LENGTH(PSA_ALG_SHA_1) + 1:PSA_ERROR_INVALID_ARGUMENT
 
+# TLS 1.2 PRF does not have a maximum capacity therefore
+# derive_set_capacity negative test case is not added
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, request too much capacity
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):48U + 1U:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, request too much capacity
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_set_capacity:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):48U + 1U:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS 1.2 ECJPAKE-to-PMS, request too much capacity
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
+derive_set_capacity:PSA_ALG_TLS12_ECJPAKE_TO_PMS:PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: PBKDF2-HMAC-SHA256, request too much capacity
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_256) + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: PBKDF2-HMAC-SHA512, request too much capacity
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_512:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_512):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_512) + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, request too much capacity
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:4294967295ULL * 16 + 1:PSA_ERROR_INVALID_ARGUMENT
+
+PSA key derivation: TLS 1.2 PRF SHA-256, request maximum capacity
+depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_256
+derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):SIZE_MAX:PSA_SUCCESS
+
+PSA key derivation: TLS 1.2 PRF SHA-384, request maximum capacity
+depends_on:PSA_WANT_ALG_TLS12_PRF:PSA_WANT_ALG_SHA_384
+derive_set_capacity:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_384):SIZE_MAX:PSA_SUCCESS
+
+PSA key derivation: PBKDF2-HMAC-SHA256, request maximum capacity
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_256:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_256):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_256):PSA_SUCCESS
+
+PSA key derivation: PBKDF2-HMAC-SHA512, request maximum capacity
+depends_on:PSA_WANT_ALG_PBKDF2_HMAC:PSA_WANT_ALG_SHA_512:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_HMAC(PSA_ALG_SHA_512):4294967295ULL * PSA_HASH_LENGTH(PSA_ALG_SHA_512):PSA_SUCCESS
+
+PSA key derivation: PBKDF2-AES-CMAC-PRF-128, request maximum capacity
+depends_on:PSA_WANT_ALG_PBKDF2_AES_CMAC_PRF_128:PSA_WANT_ALG_CMAC:PSA_WANT_KEY_TYPE_AES:SIZE_MAX>=0xffffffffffffffff
+derive_set_capacity:PSA_ALG_PBKDF2_AES_CMAC_PRF_128:4294967295ULL * 16:PSA_SUCCESS
+
 PSA key derivation: over capacity 42: output 42+1
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 derive_output:PSA_ALG_HKDF(PSA_ALG_SHA_256):PSA_KEY_DERIVATION_INPUT_SALT:"000102030405060708090a0b0c":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_SECRET:"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":PSA_SUCCESS:PSA_KEY_DERIVATION_INPUT_INFO:"f0f1f2f3f4f5f6f7f8f9":PSA_SUCCESS:0:"":PSA_SUCCESS:"":42:"3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865":"ff":0:1:0
@@ -6520,17 +6557,69 @@ PSA key derivation: HKDF SHA-256, read maximum capacity minus 1
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
 
+PSA key derivation: HKDF SHA-512, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1
+
 PSA key derivation: HKDF SHA-256, read maximum capacity
 depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256
 derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
 
-PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity minus 1
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
+PSA key derivation: HKDF SHA-512, read maximum capacity
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512)
 
-PSA key derivation: TLS 1.2 PRF SHA-256, read maximum capacity
-depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PRF
-derive_full:PSA_ALG_TLS12_PRF(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
+PSA key derivation: HKDF-Extract SHA-256, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
+derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
+
+PSA key derivation: HKDF-Extract SHA-512, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1
+
+PSA key derivation: HKDF-Extract SHA-256, read maximum capacity
+depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_256
+derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256)
+
+PSA key derivation: HKDF-Extract SHA-512, read maximum capacity
+depends_on:PSA_WANT_ALG_HKDF_EXTRACT:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF_EXTRACT(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"":PSA_HASH_LENGTH(PSA_ALG_SHA_512)
+
+PSA key derivation: HKDF-Expand SHA-256, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
+derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256) - 1
+
+PSA key derivation: HKDF-Expand SHA-512, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512) - 1
+
+PSA key derivation: HKDF-Expand SHA-256, read maximum capacity
+depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_256
+derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_256):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_256)
+
+PSA key derivation: HKDF-Expand SHA-512, read maximum capacity
+depends_on:PSA_WANT_ALG_HKDF_EXPAND:PSA_WANT_ALG_SHA_512
+derive_full:PSA_ALG_HKDF_EXPAND(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"":"f0f1f2f3f4f5f6f7f8f9":255 * PSA_HASH_LENGTH(PSA_ALG_SHA_512)
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity minus 1
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":47
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-256, read maximum capacity
+depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48
+
+PSA key derivation: TLS 1.2 PSK-to-MS SHA-384, read maximum capacity
+depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_ALG_TLS12_PSK_TO_MS
+derive_full:PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384):"01020304":"5bc0b19b4a8b24b07afe7ec65c471e94a7d518fcef06c3574315255c52afe21b5bc0b19b872b9b26508458f03603744d575f463a11ae7f1b090c012606fd3e9f":"6d617374657220736563726574":48
+
+PSA key derivation: TLS 1.2 ECJPAKE-to-PMS, read maximum capacity
+depends_on:PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS:PSA_WANT_ALG_SHA_256
+derive_full:PSA_ALG_TLS12_ECJPAKE_TO_PMS:"deadbeef":"0409fc1accc230a205e4a208e64a8f204291f581a12756392da4b8c0cf5ef02b950000000000000000000000000000000000000000000000000000000000000000":"":PSA_HASH_LENGTH(PSA_ALG_SHA_256)
 
 PSA key derivation: HKDF SHA-256, exercise AES128-CTR
 depends_on:PSA_WANT_ALG_CTR:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES
@@ -7084,35 +7173,35 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE:PSA_WANT_ECC_
 raw_key_agreement:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_MONTGOMERY):"1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d":"9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0":"07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282bb60c0b56fd2464c335543936521c24403085d59a449a5037514a879d"
 
 PSA raw key agreement: FFDH 2048 bits
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"718ab2b5da3bc6e7767a98fb2c172bd74003fae2acffbc9a53d9b358401c1c748da36cab277e9397bc5eeec3010321d0f882d959eb097adddc99745526b213e30dc0df9fb1e4cd3fc27bfb1d6e89c715373439a66b9a13aa1334c84799827c17be1c36c1bc02fe60ea698da790fe4d2af710a435a1aae7fb11cd2a90a17ad87dde4f154b325dc47d8ea107a29d10a3bfa17149a1f9e8a1f7b680bfdca90fb0913c0b681670d904de49d7d000d24060330d4d2e4a2381d78c49e272d313174218561ceeb37e2ef824905d0fa42d13d49a73018411aeb749f7f4fc765bdc6db58bcebd995d4c949b0061f20759e1263d8f9ba3fd56afda07c178997256bb7d5230"
 
 PSA raw key agreement: FFDH 2048 bits (shared secred with leading zeros)
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"9156de25da686a831ca0645bfb49df73e4a126ab864393e943b3d12b7ad32cbf21709268bf918c4e03e9a3b54bd230d88f1ceaa2810fae5fd4091d31e76153daaf0da9168a7b39fa85acf618622efd1f70d5866e518f256d0ff90a0c468c41a329fb1dd837b18a4300be0f25b108fe7210705cdc0436df84592c1a8b372c5028d67ed5231f846452c942a5f087b3830aa139b0b045a7ae38903497e4ddd0585ce20504ff70e13dbadf77a73d5514eb9c38feeae3cb773311b360f8304f67cf3f2282e4aad47f1494b5823ae2196a23ca426426bef427e4056df1f9144b20bf0b1f6da451f8eead38fdc5bb71074e4d43e21bc6fa787a681c0ef92c633d73b348":"8a73c0f5d874a2afb718efa66f78c80adf713562145a9f5a1df5f2bb9ead8827eb518a769dc089364768b27b2e49ca465ec7c0710b3054ae256aec25de72bd435b3ede0e17ab50cc8ed102fa6a83a9f09454e59e218b894ee130fbd772fb95a83aba29c6b270daba1f3842b2eae2ad1eafe7945888a55cb459547d6cb0b276d25218df8948a86e49f3fefae9c5b30ca8a7fd1bac1c3a5cb4dedfbcbb5c6e5bafbdf8ffcb37d245260d00658450fad1ced83b5afedc43def222c7196f0531e101b3a777e5f5141597fe8c093485d0c8cc752b03e7f551ef3648b1da330fe3ba5dbbb9f11c1a44ef6c0c9c492b6140391254abb7ae8d3e77b4655ab6dd155ba2a1":"00a376f5bed9c27cfa7fa6e01ecd4094b6a189a6184270ea22cb5b2649a6c4b33682e0625536f7d61722fe85381d8ead8b283496db84f8e6b2eb7c5b015eb15c9bfa5eae290612e2aef4014d6bdce902f5907f73f6722d827b73297d14aa677ed1b75bc26785bb32cf60bed1d9467b2ac069ebe48ee9196bdbaa4565f9cfbff3c31e812c58d65bd5b4c45751d1439930d2ea237030307623a0b149a21077397ec5e2c50610c01f76cdec43ff2f9177a0b3a2b18de2a787d42b6f8bdacdcce49a6884f38c5a729e54ce616da439fc9fd6d7d266188b79e40800f22b8c21adcb1f8ffd2f5225e3dc4c485dc4df8184c04f0dea3b2c3f9b04e42e229fe1a24a77ba"
 
 PSA raw key agreement: FFDH 3072 bits
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"ff5de4e90966aadab8299ddbf8169af2c0d8d0d99a17b4a2e62ff55b36a69fe4566a775970dd0c2904465884b75b67756b0d04b68838e80d8bc84a741cd67d735ba7aec9b55a30cce1df81203fd5deb57bbec027846eb010054b4d5b911041f721358fc8acfc9c5f06d76932f42103adcde97d5607d93303a94fa9f9caea7108ce67a9ce866ef11b2b4ea8c2acb27340735ee8c64e7516e17bff3cf3ede166767f30cada892997f6b5309fc2cca54364678b93d044b4d8e5570e1f64127fcc21d8724fff275290d803df5fa413ec2f5231ce75a58f14a467cb80cc3c4f1f0a4a62ecc17c65f2723d3f7f804b2a02c91adbfea1b2bbbc9cf9a38df29da92a71375447c81c55b8fb4086f71d57e3260da06e08393f6329aa35e673a75545dee66d01e0c7243412c6e2043a984849b67095be3fb3bf39fff291639c57e44fda5d7c1898327c40c1815e88efe0330b4481e462d30e235f607dc9e53d99521f527d65bf3edb4d0332d6d074e652e84a2ffc5d75d1734b55f3b446db122af2a502f8a0"
 
 PSA raw key agreement: FFDH 3072 bits (shared secred with leading zeros)
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"1c357f078144dbbf6815e798fbc6d98037a65bbd01961c6eb82d1f97bd0993132cfbba209e95e8a231e3bed2616b41119cc5a2f97d5da71ac2d6d0a6617a4e7b5d61857627cbfa57161de3aa6a2afac23f50e4a35dca1a82376879e695892a88323af1c0728eb1a76b2d3a1684df3f91ced0728f954d5349981cec5e309137f6d4e837d22f24a13fbd7985e2169b61aae812a68a1a4b3427b1e9f8612002b5fd711b9c9518c777c4e554a5109c9f079b929d5895df748a24d659d39e787076a1f1d9237a89b52c296644165d2625c541ff5052371093046f4b6abc28d3d2fbb4eb1cd2aa3d393a030f71c7050681b017febccd3bb947c6dbecf6fca28adb2a0f06e7cd9a6aa6eda160f0a3098bdd7a719f31beda56ffa0e26a212834d0da1f53e0739ef3ddbd119ff61b497d420585e3a8ea7cc3370829297da76edd3fb701d8efff6116dd87e6e542e82a76ab76cf5a75eb4638e817679fe06a5a3f04e67a101d154f4c2ccbf70b8bec0e5663fdd838ac0f4a4da02f0071e514b6c6d0ff3358":"17ec74c211f655be646c2f006056230208dcff38644efc429591562f3869f867e7b79cdfb3e426fef60ca77d9fc80ea39e21ec060321bab3c7820177eba4242d0cd9f0301e4da7146608409add169ed05dfda2702a437f3e2b8cd162a0e50da2682433d50c37cc1aeabc5c7cd8fdd359381a8d192af00d7f41b8c049b1e552b832224b40f9d85c4307f0b76b0e2605858fb33e594ac1d0c04d358209ad47133e76fa8dafd0f2370b1944a4780138618eaf66f6d4961c584aa7a34bcc1c78bbd15e7f5a2b8beaa8f66819dc04eabe08b24cabfe69e2b78a12470162ba6703bbbcf34890b8af761d36c33e3b72f631dbc5dd6f1fbafca18a8498623ea00bd9aa6b426da30e2ebc27075eb589b237d1dc54e215a6b6ec40220f14e320b72c5f702ee496b53a63edd5620294d9be88a862544c561b4e175ff3c094ab3adacc579334cb95fa2d29b17fa483ba50d6270b6478ce4f26b564bec6ae82a60e2c15456c4610b6567ba7d91218b59a670c517179d30d743751ae3c3e777ec1f29af890b2ec":"00abc3c15e3f8156a2785949d76c96c22fffb49b0701c29fb6711b51af0ce2851a8b469b4cb25750e2c35938f848f31f179470e3271eb6b8780ad5d757a2c1353f825baf55e5c76fbf4c73d2f0cdab409e8c4f85c3001da101cc97bea764c72e844cfad5f00cb8a81a5bfce5a4bf62b68ff2d13515064b17f23b7f6e6a65440856715d2696fa1957cc022b29e38fdbb8c2a0a54e22595ed66bc4c74c36d525b60900c7427274a9d60ea289a04715a677fb9c71eb1dbb38e30f30b2af8fa24f18a5a13e9f6ee83aeb4ec3f9452986399e2673ada70826b0a84cf446a21cce41e5119bf50798bc5fc9ffca9febe4ffc9d64f1b8abae11c7c8f5da0da2288b0f7a8aed286af03d06cdb1914fc50054bdd46c289c18b14297c4254b39ab5fd719264841b981c6531a80ebc8a59ebdfec9ae0413f3f9795622fad3bd34778e539ae104b8a85918401b10a3802a81db413bddac66f83b6428a33fe5c217a2d0feef50c8ef933d6e3d0f10d8b8630c52c89ae78385716efbfb855729ad0e5ef39828e6b"
 
 PSA raw key agreement: FFDH 4096 bits
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"262392693c8ca0da404d0195742df69a6b87d22984765c91e3c9dbbc0293960cf1f9deb7a25998a91f8c6b9756224435fc143f31690af35eb211acffec542c8f8fbea3c9112d666639d40a699467bb195815b8b816363ca44baa4df22eca425fa9ab1471ddf045f4e252090663c1c536dd29623c324c7e18b694f83a6c655fb3d95d5a9831ccc9978f66916e95aff49d973f322e2b43f5632a19d79d615a56539aa2ec8f4441bbf4f8016f8c23407e371e9de212c6f1d7d3ca4093c2648451eef68c03aa251547e94046d5fbdffb5cdc0f713bc390111d6727fc1d11243046203ad6632d91c1df3efa77ce530ff26376a208349f2b18628422c9ae13ef84f4a15c1e05ce5fb92ff55547943db4727d091308deb85f54acb94d14411049924b79da131e736a9af42a3fa7139d0357925f430c6cd4330b01ff66f5f8cca26f4230d562f45d5f75bd6d133114449205263c5631f3d561e2ed81e6aa54376094757cbb6f6857c03574e9f6042dc80ea78be470b836c5371a3fae8c119f67c28f856fe70c2affb46574a4356e995a45bdf35e50a6f3a2556d3d1d7c42db8e63430933ffc4783d571908a1270a3cd20d87678cc288ccc183c7cd7512587536a8e15267dd5af0ad3b501ecebc0ecd9ecfd410ce356f9305e4a32cfcafa676da5b5a9ed9b13a5e4cfc06e87310ccdc3ed988699610d7d3125de13a8ac0b59f782859f0b1"
 
 PSA raw key agreement: FFDH 4096 bits (shared secred with leading zeros)
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"d39cf86d9d81011fc48d3bd489decd4cd520ba87e469b5899fae777109ff7b43c8c809814521a8d66ac33099c9bd2a8567a202c21a8b5457603ac1ce95ea9ae705efd69fb7c514295059938d818bb65b7c881d1ef9541346be2131143f51db13109e9a4fdff1ef2208839c89eb1c1d52018c77c33f5b7e73a747002997c75f4a3dcf15e7cd73938ece0cdefc9fcfa2c4b1c3416eb2fecc00ce328b0b2bead58493b3e8c25d3c0a675bf6ce2363917d1e74a7987a464709fcfcd1b512b67dc1023ade2cc027109169ffcb51625fbb0c607946a6009811be07047024bb6e517f388a99a08f2c73b7e0b779d8469797eb3153f2e5ddde2931a8f97c586e20c5e521b84d015a52f8e13d5fa34c32bc118b62d34cf157f1db40423f384a16a78c7e1569a5d754db6216f6412abfa7c440586c506d5be88d5172a311b8f16f70a06162dbab6ee09fea55c47f6538d3775d236cfa50824f5c8bafa44bcd9424aa620ef17466413f35aa6e6eb5c8d8a26a7ffd6e8bda2dc5ada4b296885635fc8a73933de059ff403fb0a322bf6daba24330a7be204c307f44260b4d34000d2142f79654360af82179f9d5e18e8f47c7d94a10fd077f011bdef578a2b57d5a382ca404f67fd3c59d95a3481f1311c7454bb45acba1e1c30acb6a9fbda70aea30a9ca76471dc46e504abae9a06eb9a8cfed83143cffef3c530b03185609a55484aaf9f677":"b7baa37aca4cd56e4107c3e428a7a568adbf678e741ad89f157f66803370618abfd8ec7c159d84a741c276ea119eaf2ec1bc4431a073d92de3dbca1287a37522b2ca4ef8c0a0fa76c1dd5f665d498ae62e5e2925b6d921d797d76d86e27ac8286643c19a2a2b1361fe7dd772766e9511127fd0cf92ad98099a9e1760ad969be0a7df4936f1b37455cbfe3a1ac9b3b83205594f018bb5f64970371d4e5396f4c5e8cf0cffaa4525ee811b39632551af470efc435fab26e3cbd643feb0113bf56fd4bced3ad743e55be2eaefa7d36833f56af570ff773a3a3cf649b1ef62fb300c4c5a70d70e4d6ba1ca405483f036092f5b9f94960306515fcd4a0d8a086d826c105924d05ce5ee3dd7c62d61d1a460772b169fd943824e0efffdde3f27439e112766780bca7b4c82a2c8fac1d18894fcbd40ea5f7f23aa27024870404cf1832cfa025df193f31aa275fc685fb348c321a2186adf32c9cd203cb4b1c49b8afffbfe11e1d443711a5a1da302fa0e52b5143e6ae7aa40ed4828d03a17443f04061f56c2d3b83298d617cd3a78cd84233dda83c4e541e9b98f0f4e7fed504f888ac929f0f3e00e3569e0f0aa95dd811297efa8af84c645d59bb6c2e968c1ba77772d858ff2d7448b65c723f6a87604ce938b670b612b3eebaa795593be2cac1d631c1b7d9baccb2cbebda6019eb42469ae4209a953f48c3cd438cd1b7b06c8c54819":"0053ad8c14e1ec87d76bf9127e084beaead313bf93f0f241442316af144097077da91c83d68c78692dd952036731624ec8ea8bf8bf85f7a278289f667bd5d92a6aa2e41337ee9e6089f8ead48ff7e179c80bedc10fa6e6e0c1511f33afe96f0890e6ef9b6f981f8337e60ada56ce0ed30ab1f6f8b72a3234cbc77db017c470d549173ae203cf73b4a5901a4edf713a866069bc7790e799becde1a088e8c3e3c41ac8f9c9abf8561af51f738577e183197c85e5d3ea5bfc6471577e7daa5cd3ed53f7e72849890d2d1f8ff0a830a1ce6283dd61e5e04b25183b42074e193cfde4ed2e35b25fb57715f74290a612d21e404394d9bc4116952cf962c14149287cf71d7c8bc26a9eac0231a0dfc4ed68fad9ceb195f82ca0012c8c9ff4350bb0a2da913af26fb0f0940541dc3ad788d3cc8512e0dfdf7e5f9604437492ed8b52c5b0eabfa04231a90abbf1b29298f33b55c4e94fe7af4aa94b572d4a7f4cd67de41b90f3224b9ce57d6656835560a8c8d22496d8dd15ac37866dc1b04cdbc23847e5f2bd8d1a5639c6e91612ceba11bd1125a75dbed89f01ba738bd27ca0a788fddcec35b823f986d5be1acc037f56d236eebedf8ec50e831f532194a62740ef45b49511abbe51b7179ec04b1aa752c0182dbef3e099579fdfe2624848bfa1c389a06039bff756d4cc0cb9cb4cc2fd382336afce62a20975409e0fc5a45e7a83416c"
 
 PSA raw key agreement: FFDH 6144 bits
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"ede0361026e81a9ad960f674de49449f12ee33c2dda7028c6b7fad7f8f8a7edc495621a6d13e47847873a954adfe7bb6a2ed7c9bc21f3b57458d9116ff4ed06cfca40e2002a70bca91a9a9e0475dd74be7d58453d3cc155ee0b0be20197e14674a7a6f8d903e211cbdbdad1e3383d0d1ae6b4d56837671589d8f151acb34bb4d1cdda55a0f9d1f70e80c61553fd0152bc871e930054efe763fdcd1f8fd1702afa61b3471e7a504612c58ab05ed581b34e2a884c5dd8d2aa919855351719e2cb290d00f0b161c104415f5579731072c1382508421c8d674113b2fe25a0e979455c8f145285ed3d32b744153d3ffab7625a3173440f026ecc62d9dd1bbdff6136f5d9d5245ff307eabfa91f6a10e7cf62a889975c0afd2f707eb8a43c2499c05029ca613edae2741f8e56b186a6390fbb0962323ed6c492620c1c8a24f9a89f15c00bd7263423e714db0fe0381556a15a8e4d1b7383d52fd524425e0200f9d410833330253306b1c23c15c08310bfc12b48131c120db8444d34dd951c5fd6df44e0eecbe92ad5f13641600db68d1d2c7d8ff460058c09d89d4febf2fcaacb40c900e19e4dc868a24ec61361c452541a0fb13da53d61b59806e0598985031e161a2e887420e4c6ce217587c72cd3a7b3085d2383112e1066277ed63e82ec16ac6dc7ce0ade255f30275b9798d4476f31d8d237c4d79b13da9dc6ceed7fe626e4da6eb6cfd234b8fdec4fd4520898b13a77aa034361c0d63edef55595e3e638b48c1c00e8c683c8cffd9fac2a33f73e04aff1f4624669057c7faf51f996e3d64bea3097b4810f99c8f078887be2440f67b249467eb26a03210b4d2baeaa8dc9746a14a6cfb45297e121eef8540eb438270403105c11ef4fed87127545b81e37ee1f942605a5a46253752351dee91d0a171031defa9dd20cbb942e3940fa43542f6fbcb0980f6ef2b36297527f7c0d47e36ea203ab924e937ca10e9d9e64c6419a061a300f86ffed0e2e72a1f73310efc00118dd315a6b01e19406471e071e4c153e2216d525195357fedf3d1f12d2c1ca659bbd1a6d1fa28b6bfb648deec17f8a894"
 
 PSA raw key agreement: FFDH 6144 bits (shared secred with leading zeros)
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144
 raw_key_agreement:PSA_ALG_FFDH:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"8bc903e9b5b0742e86d657f64082205c1d50268b8d1d9260e5474e8b686e63adfab13484cc24e35b6f43f5e998fcd7d92c4aece9eb30b0f51b7a2200911e6d38b41da23f04e37697b6a7ac053d15676b75538aefb6693be8eda8b7d07b7611fbc9673e98d8580131cd3462d8851ab00f5831497cb89b4fdfd597a4fc84a9fe1a28ca3ceb17b70334af2414fff73584f2a21fda89c10e2b23a4b454ea4cd6d901312e52a557d45b9350dc8e8b08eb31a73095f014efebf1336ea2c4938fd477f90da212c92eeba483d784b377514c3afb7e34f8dbd6d4ca281aa0bb9167d6d96894b225deccfee7453739becb849c1f381720a59836df967d6525876509515014e46b0a8b27afd304b5db238dfdbe14afb8fb1433b05a00654abede04978f84116e4e3e3a6bdc9ef558dbc1a9cc5c5ba1ee4bd8654845f04106d3b1b48b3208d109aa96609cad246e543d94683b8963e13597dc4aec21b0959e7e6d73efc91ff2b9b52f0e9189f0619264b9893f9289dd8e9bd6d3cbccf079ab8fbd525151e704bd517ee8f29505046620048a684883e6fb858ce7b9e72ea35ae4ad7ded04f39e37a3056b6b695ef2032cb5cf99e22ce5500ba0315aff86516c42b1288c94b46dc0548c7ba07c2b2ca8423b9ba4782c1d4626589ae2b325917484f8eda07f2071276d3fb78bb71a5c501396302eacd1b07b28487c580c5ec5be236e1ad4fcc434325b24a2409c236a85f7b9e0e66f6548a1814c519919d8215b0370b9b3256aa10a28a05f0d2265f6fa7842dfbc67c8f32e9fe12d0df647665ba9809349e5ef6911a4755330d004de03e598cbd7e2b80c259d9d66050177df8984263a7c53abb5ea3157945b727fbf1866649260e321a7ad5eaea41639b35ed6e98b74ab679eab93e5873857342fbb55cda604f57222555631741aa97d74b5eff885aa45ce5a25d34841aa0ea4ea317267e86c45f713c81c3de81cd6eb252053544a5dcacd9f7388704bda8acf83276975f03bffd403eaf199a7a1367d2e6b40c7d94e23679b6520eb40b5d61f5f56c6939f21a4f1dc00f13b5cdcaaf827c760a6e4a9c5601961":"b3795eb1aead05ed8b950e0a00fa12ac0ce4679e6f7715ffd8b5df04e5b068c82210482d3a377b224dc7aec1dfb7e4d635b9fbc22a5534b6a4cb50d3c39cd0dd5e0ec45ea69a3296b83ce89b5cc0c5e15e4934212e8c33ed23939912d0cd738eaa949f763450d5a07fb1540207065f1159a55af7f80bc48c49f88164cd4492b0020902c78295dacfe593fedc1914ddefebf45b5eccd6830681a80c853a3f2389798c391aab3baafd578ad0bf0dfe5b63fd05835e215c6850c0f61e48698053fec9281f0a11b45cc4e259b310a9720456c481031e0467401afeade395ab9b664d9fdb42f953aaf9fb6501c2e105868201ef26d58d31d473c676c751bd892a84a59441f92f7b6ba49a7e385b3d13f806e701a7c339d37e5596414631ed95908c7118f45250acb68f6f2d9ea4bfcb85dc75d21a03a5dc2b86d41cc55753a72a185ce94d20cb897f8759b4ba41e56fe9cf6edf7ee733581589b319e85300b7f479b093030e2d345584e2934dafddda62701404b628b2f25a15992b7ded6271fecb37b817316a908ede803285da3b57986196d59b164692384d469c09b4551b37862d588294a022db7deca641ae90f9a96d75612d55b673213419a450f7ccf78a2fdad291f6c905b5e1a0bbe90baec1c2706d7d81ea8f6d68d350004ea00f24009f6121650547e84b3edb66d969af206f5011ededee736eafe4100e4625ced482caf2cdf6b4465927d8fb138bebaeff652d6afa0fbfd03ea03cf70e80bd95ade41443b85bfa1c56f770f123ba3666412cc2c6997de49e90d7d9fa1722894d6c4f7dfa349e9a9c400eb59b4ce4f6a64763359ed1bf2327f552052070bd4bd2fc1a816e8eddf72645e7fb0ef10bf9c5dee2b386ee2258c99f8ec5b91d8e043b9411870c6f02d2df7863359e46e732e3ffc398993a232d812f934737c503f9d3532d4126c72d5dabf8ff9d6da214fb9571ad180935cb6d01ec1404c85346d9ca858adff2a8ae87ae2d9b99c3ea1557a801703bade1d349410304dfaca488cd5b90086dbee91d60c7dba504721fd54b38fa0835cf70b2f48837430476d5fe8349ad1f2f38":"00e17befd66905acec575c87804c61c047abc9a724db6337e34975980eb0395cf4da8c956c823fa23c52b901bb58a9d26eff282dc6a0f588d71a1636bb919ca1d564f400d7a8e909cc9c59cbaf18f09d5a2101a7afd32687657a3cd1b00148cc84411ff3f07609acc8c07eed678162d1d69280f1072674dfc1d6819d45d8710e2be12402b06b846d68f4088895ce64243f24156c1be33031dac21fb60916ebfdc3939a6bcb012c66c7ef748e30f43bcc08e13c5dea85703a4928166501bb1eec25e61ba5c187531bd982fb310e56656cadfe4f7f756c8b71062388d50cbb70a7d07220912891c4c736ef1ec6390d4bc12803f20c8f1ffa7f41996ce3c8ab792753165fc25d2c1b373f5664c38ed688b4d096a34bf2669e8245bb55ad4c0ad51206fd082969bef351c271b103aa1592889536a2b9ed18e02035a457735317bdca6b7f7104af64d30270c732cfff302d7b82c1a602f16194ea62290c1ed35e93911a62743b3d1bee83c01669320408f2219f2d53c926acf014150ab47ddcee73c6159b368ab26f4da25c5440f79fb898473bdc2b7c333cff7cc5f8332b43ba1a49c327bc5b5ad9459afabf5e9c8421cee51ec0a6821e7af83af0ba2857ef2dd1417b250e2e1e14045883a26e3c70404c53998daf94d8452ade76e0e886324cc6301cdd40d04be33c59ba11bb7e5ef62186647d3891b221bd955e109f5b9b3dc625b44cbc3359e8b2dc4b90171d4a0a47537e095e0108827b3228e6ba325e935a2eb2eb82985443c7691ac208d55ca8d7200adef6c9b9e224190f672efbba75554a4c72af539c70d0bb7af67ada46a2c46311a91bd67d7ce724581695f6b4b2c0a58cd23b84873a76556bf573e447fcf583395895600aca30340ba327b44df33b1aa5c51f515c542c37fd9dba35534f94383300c23ceb8426e46ada509e03dd06fc2ea3fc6b973ef02dd6cb6adc36d76158c21dd8975c0eaa3d50082b53d328acd5894a1229c27aabd513ff6d8de6e2e780ef8342182182f85a89e6697452166f4e012a6f3f137c8d2a5e279e1f490995d9618f177acfac9f16f65bb89c2087e7b5"
 
 PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160
@@ -7144,51 +7233,51 @@ depends_on:PSA_WANT_ALG_ECDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):"c88f01f510d9ac3f70a292daa2316de544e9aab8afe84049c62a9c57862d1433":"04d12dfb5289c8d4f81208b70270398c342296970a0bccb74c736fc7554494bf6356fbf3ca366cc23e8157854c13c58d6aac23f046ada30f8353e74f33039872ab":"3bf511eebadf44c1f7b0282a1262fe4ddd9da23bb1555cfda591ac46b088c4417883c010f6e37cd6942c63bd8a65d8648c736bf8330b539760e18db13888d992":""
 
 PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 256+0
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada":""
 
 PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 255+1
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27a":"da"
 
 PSA key agreement: FFDH RFC7919 2048 key + HKDF-SHA256: read 1+255
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_2048
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"4bd2bd426bda18aa94501942095ffe5a9affed1535b942f3449bce8e90f9e57f512c8fdda496c3ac051d951be206365fb5dd03a7d7db5236b98ddfa68237a45ef4513b381a82863cdb6521b44e10aa45de28d040326c5d95e9399ae25f6cad681f1cbf8c71934b91d5c8765f56d3978544784f297aa60afadd824e4b9525867fea33d873c379e3e7bd48528ec89aa01691b57df1c87c871b955331697e6a64db0837e1d24c80e2770179a98cae9da54d21cc5af4cc7b713b04554e2cdf417d78f12e8c749a2669e036a5b89eda7b087eb911c629f16128ab04f0ee7a3a9bec5772cfc68bbd0b492a781b36d26c2ec1f83953e192247e52714c3f32f0635f698c":"6d34e084b8d0e253a894237be9977e1a821b556ed4bc01cda691a927885979b59e55a30daa2a707769474b760e9f1c10544b2ce74b26efa4f069e05ce70471bf6b7e6c08a16fa880930790204e8b482478de0682ce3f58450a4e15abc14d05e13ef773a10a3e8bf2219f8ab556c88dc2a301b362c2d4e94bf2f0006bb36d15a5096ed1342f3f111ccf123ceae9bdc7bc0cde5edc9f0203f35f8a98aff6d75975357733a429364ed3aca32acaf9f857ef751e0e246140eebdfc2b403b644e42c48922f7f6cdaa6a2ef9ddfa54fb83657492f9f9a2c8aa4831601f9b11663e94d968d8be6e121aee2c79156e44aaa650bb26083983a76cc5883538d4794855ded1":"8f":"6f6b349b2c11a941882de0d6bd0dfde68d596c1f0b85d15cf94d651f99e1527e829d95fec5ffac32da6c5367785e735f126e1f2a326e8edcd6192452ce0ef7a11c541feb6b7b81bcb8c15a5db04ab407e8776426227ec335c2840c2a909d7914b158754dde8980dbdf607d63f0b9778f81df82836529b2e27f4a81a390bdbf848ee16817fa80d745bf93626ad0e19930fcde46a034a25f168c14e006a7d4e3cb2fce48797b5b2edb0a6c4995cf1ec0dc32d218a4b52d929ff1fa50b63af9b2c0e7045bbb7f7a0f976d1da8a2617294a67cd0f763e5bc50e1037ba5b49a02f3b1b5b6509bb0e2cfd67ff49da0e6fec01c06a219cb943151fa095bf5dda27ada"
 
 PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 256+0
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6":""
 
 PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 255+1
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73d":"c6"
 
 PSA key agreement: FFDH RFC7919 3072 key + HKDF-SHA256: read 1+255
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_3072
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"c60a421e82deb778eb468760296ee4faa0b58ef058966fc457e8015185bb6c500677bf5a5a88bd8dedb5307ccc3c980a2bbe9a439c6b0c7af6c961e5b9c06f47212fc0e726da2f5bdd3542fba74e1dc2294caa1f363d942a92a391acd84aecd045a4a318db00785129ba171b31651b0e930eb8110a642dd63ef5ae1bb8c6e3b3971507c4057530d51ca14182e884974e20723dbfdd5778fa0ec78fbab26811c097f0dd291ccd7a6967caf5163fa04ba921448e1d3ec8de4ff3bc87dfdc35e53ba1bd4310fc9c98f68332ea0483ec051900e438fa3e5bcbf901771c740114922a7d9a74257befca7f9b62b2991ef6c58dbb1e516bb1ee18c8709f134ab7bb2077ec03356279a46f2978e6a89df22b0120223f6996c290607e98ecf14c36e2db62e80575329f4787ddc7b72856cbb0c4fa2dec9b391698832f559cbef49979c72e63cb3dad5d948f1c00219b47359fa75ec3fd352aa0223773e246c2fce492200b3a6e213e5e30d69cf3f56af43b0c09c0d647784b2f209c4fd1abb74b035d1ad4":"c9185bfe9b6379e0cbded54f23ed487b2a692c697cd1de74c739264ffb26a8d48aca7169c2b8716f493777e79e1a4517f79af50666e57fa821b5982a37aaf92d00805dc92df7afcd60256442264ff368e15012b847f85c7b4c3eacc4bf5c0c49f3018f19ec09a82c11c30cfcd60b07dd59e262e0387cd6473e2ec926af0bbf8d91f7b2dd6564cb5971dfaccf12c044f7c423f4e7309268925a03b51dde987906b40236046d2515e6be4524b27ee7675f2f58be2d2177f1624dab1118d265b8221969dc34686155d6c15390fd42c394ca2f7a3f403364a507b0a8c105c2f1022d321cf5621dfa7a28185856a26e952dc14ee4763fd1ea27b94284880fd86e2f1a6215aa3bff98bbe1b93d397a20647edcb38f043b9dd06f81c62e4caf74dae77b511977c07ccaac5fee2529e867b36bfa2e1488186bab1c7990fcd4c30ce7c9c536f6c3c2b9d2ac4065a4fa7577ff86dbb2df8eed95713e85457b4a52251aefe1bb1b4c8eda66002eeda7d28af37f00673dba3f9f57d1a416abdbeccf75a7a102":"d9":"f28018a351a7483e40752ef75085e44eddc029a61f8702e4f33a0ff6d5153696a01ce519e7489f19abb13417800e9daed64bb366e08c706b75025d57c4a1e29717d8d2f28ec23a59ea667863b9ab0e8e5a01140df46df7f36aed84852f9b09bb0a8552a2454c936b50f1a9db290a039336e431bf3b58eeb1b6ca7eaac7dfca12a5cec02a648807cf14a112fc47ca1201133a39e0d361308a76aa313ca1e7d5118e27c7f2ee4aac78b29eccb8888ef1cf6a389df7ae25daef1c8c89184d1cce78a7d61831920b43b08122996090a0e790070d002a56227be45a06c070632e832901a71b3515c77439b094321da0b4b5f37ecdbec3a9f6f8a1635c5beec73dc6"
 
 PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 256+0
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87":""
 
 PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 255+1
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de":"87"
 
 PSA key agreement: FFDH RFC7919 4096 key + HKDF-SHA256: read 1+255
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_4096
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"f085888f40e34d91c989fadcb9c3e8be8f4a270d75b90d78c9b3d7569e09662b7767d90112a4a339bc42e661bd0e464b26ba4eb07dee300dfdc38373ec17a5a4e86f3f4b5ae6c9700f8381ac93b564bc0b1ce64e03bb825aa21a8e87e572ccb13a5a7b2942e4b91a321c5b5cf87b8bad4042c5b8ba971870061f7bb0869e57205bd64ed41026d5093227eb9fc4abca6160376b9b9ebbf431b6cc7a362726f553ffcca07ab3fed69a60c1a3d6d7caf989c57dad04eae71dc7e5da1bd6a65d3f4509959f61741ad91b6bdc98c0cae835cea940048d325f1db5e6217b8a0c977741511c967330819115d325a6da3ac003b66364e52351b34de0e954d5df7301ac0c2772c461872b72c9c3bc810789d16d22f57fd57338487ff66fd01434fa08a57eb7b089686cda86c9dc9220e11409c5ecd7b2988c151ee24e19a5c5685b4824c60a29ee363e75f783d97a57cda08a9e2152769957163272b3d5e82cdcda71300566356c411dc01a2c24507693c819755568ea461b755e89e9ab150e243ae97d5878f58ba87be9a6bab3726e962f92e2305999cafd65aa32f486ccf2edea46ab4b4cd7e3130f2e69102e6a4d7104db2f9a66d0ddb4faa3ae34b3bac6007bdfc66541bc3f45db3eb730ba80e102850604fd64e3cf047825246264ad8e1e716aa44a99275aab9ebf0b26f703af7460a8e502088a311d7c571bf0905031ea6561a928":"f614318e0c2cc96ef5b9cb576e411c7319f9ac4caa626307c110018ff7e5082894147a1989166983f181ffa0ed062d7561af3ad26ef7339faedbcc6d41d3b53bb71f21de285c83af911a9dfc68e6efe5e067b36a5e761dea0b243e5d9af351aea1cd22841062c6beaeac0e66138c9562e3efc922bddb2f2709075ee4356337597fe9bb16c5b21de3017d06a18e98b606931c6a1d96f60fd22c920dbf18210178f844c9c0646a779db31eed21c29dff3556fe6f608c6db80e86229fa05117c624094a7d0c106718e9534de55b469ed03dd545c80b2134f10a073fa1d6b366f46727f630685ca916c84d28417b1753af57248445f81573de06bfb17bf6f3f6e5e72723390719e881d54ce3a76a79e4c3cd78f293f5ca90ca31038c4ae0f6df379177a96ceb0e55a85669335dc634f67d138c40b58474dffa4695c017ff75db55b37d9627836fad1813a9dd13e61ad99b96a488cb49348e1e75aefbad5eac288387381e6d7908c16b42c8f071c24b518feb1b4d38a538e4346e0b88c526125ae5b2fcf8e0f42608f5c5ef47b6b225122d5b6c94c2cf42767ff3df1f29461d72b7fe4eb2273c857d18daf33ed0cce043a5c389d116ba02a9ba5c8140d11c52249019749417950f444529a635592b137d30ee6f15fee89695d99e5f322d2e94c00d43d24aa63e0e68c27566d19e211f7f24e1cb72940cc9dd0b0cf34f69f03ee32be7":"01":"ef64db547f29894000820395bbe27406c2c6482207d6bd3f517802b02726478627a4d965c9f062626ec5b6bea63abdfa71f6de07509edf1240d420d4f0ae3d439bfa6758d6831335688b5d78082f394ed26d171426ef7649363a951a789c463afe76d1cd55f58b4b7ab2db2ee8091e7b1f3148b2352fde97b9928bf417047e9eff62ad76ab117ba9fb35605a71973be36e71a4d2aec600255a75eba63983bd0750d5080d380d00d91248470b9850d3e8e5bb464732ddb838427c1685e337694774229a0d4ffec532220e75aa289bc9c62c0621851c4c4e7325a3eb02bd195ceb855dec066ed250238ee546fa45aa00661bbb8dddc006a40c976243af58de87"
 
 PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 256+0
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c":""
 
 PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 255+1
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"105d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce0":"8c"
 
 PSA key agreement: FFDH RFC7919 6144 key + HKDF-SHA256: read 1+255
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT:PSA_WANT_DH_RFC7919_6144
 key_agreement_output:PSA_ALG_KEY_AGREEMENT(PSA_ALG_FFDH, PSA_ALG_HKDF(PSA_ALG_SHA_256)):PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):"bbaec0a6c20e67aa77bd9db1f682b20227d3e17944ccf9ea639e437202309c29dc876a8d209e81e59e1d7584284089c4ffb3356e28acca6c94164752e7e331cee7fccdb3d08604a5faaf91c02cab4ea6ad2926e28d1dee9fadd437b2b8a5116c689869c0972529e4c362aaa8427c95f42d8a60c1f38f9f672c837a097bcd1a8c068c11a33ce36517915dae1ba47e2646aef079e6c84b9656991ef0f6ceb9f7f95c97e7232cc5c41c0335aed99169133702cb8d95ef1e9eb5af583f3469a77277243fe61f16dd5b4f9f4972e3d30050f289f891daf8146ff87cf2845c419dfe2ca0525c5e2e8fc6566d7118fadaf0103b24319061f862e2584e5fba1063d55365b78379820d335ee924ac0871ceb3a2a339fba250011371b53426bab5f48e9704b7a9e77d14d5f6cafcfbdb45463e6935be31bc87eafd9b6d228a5b76c2baa6364f450a4ac557dd07ed4b1a13f5603e2b3bb270e831f0f2950f52c52d866fdaeb748a4cbb6f20b332795fffb8cf77a34ef75d8105973f1fdada6a3b050a28c12268104a8f1cce9a86ebce1749a97e9e5f00608229799aa5b7a356fca7b8bb5c7829cb18a136836bb37f5165deb89b33f0b69c473236025bc649d382d008fbc7c8c84390b9d86b173e45fa1e162e0eabd7914f2ec4c26d5350be064fc0d68bf16446188dd4a76ac1267a63b764070b48342a884891eeddbba95257348764c646aef160523af105a719aedb041a28b81516dbe89e80592f687eb341aff447a4165ac145889ae3e8a14c948c82b581b35d8f7d1c4f5e0f838773a472ad0025b1ca0b1c8bfe58c42079194b9aa9c5a1139472e7f917655a3ae297c9a8e3bfa6e108242a5ac01b92a9e94d7b51fbe2732d68f1ec5c12607add5e9bddbe5a4837e9fa16a66b5d83456df4f9febb14158dc5ea467b7cc288fe58f28cade38fa3d4c8864c3cb93bda6d39ad28f7dab8b8c0be34f675d268d82ba6a2e22ba49a5e7de5d08edae35ec17d1419288719a4f82dfb7aad6f7b68c4216c69b83af7438771622e48381841d1fcb6081d41b1b84eae37912b34dc8df1794bb47ad87f94d9c841aa98":"31b48495f611fd0205994fc523bfbc6b72949417f28392d30c1c98878bde0ca467ab6d6fe58522df9749154f95c9683f9590c295cd2b62ff9c59f2a71aaa3f7cb72761740cdcac8994c3623e8c07e2991dac60c2ccba818623013467cfca64f9a3b58523d4a4982571365db08aa9de048303c2a48d1c02c9aafc2ecd6eaae1c5bce8314503d0711d755b59134cbfc773250690121f58fc5171ea34fe88e753d5ab3da23e0557aa326b408c2f55aad2b6f40504509c2203f353bcb17e7b2c61fdcba04c3f8c136ef5d14c38ded6ff0455f59f3052b52b2d45f76a2c3b4b09af388a57ebd9d33393853b83b8033b6973cf662907e62380b66b4ce04b82ab8fcd35f40083a330587e27daa0f84c21fc5d04af03104785f85cb880ae61024cf6cfd1dc14149fdff6653968458fb5761cf2cbf8263e915099eb209d1d149bd7a5b4e48b108f07a1f7c17aa4cbf7b3aa25075956f93f127d46b6392834e7781e46f0e2d1ba14ce2f2d91f9db106bf94c7110ace1bf6105cd9351031e0ec7b52a599ae41256581c1379be5882c352c750709c1b8d37cd8d1442ae5547db0f5a1371eca211f028428572a0fcc4c0852ec1f9be4de14a32536087f520cdeaf54c52b203bb6ff0008b2099fb0e1dff4547563a71db416c5b97ef8e7677d8edd15a2ae75dc64b817117fe5e0478cfa1a18e15cb44cfcc990c5f01127b3906187c18562c876631a046a70015e84b6c553be23168e572cedb5912a6505ff8bb65722cc0e9556e967600711b8d8a8e414811c9809aa3e15f680fdbb2b2297e414824fda530b501b278c35f3f0f0ac61da3262de7b8aa44e31544c593c8521f8ce4921b8d7df7d7382c97718efd03650caa5620bc0e6fb9753dfe26c78b0b6a3231391b9324ee6b7c81b45e7e90e5573ab6cb263b114d78eaba7eb2bc668dd57b6eef126abcdf8355656beac58ddbaeb0551a4083fd5a2bd0e405d35737b7c3c6f0f0190403c13b57e3ef7b6b76206725758523ef98e4053fb8e05147a74577b61b0935dc5eb699945d3290e78bcc9015c9c3210ffed7d6e96c6c8202e46ad37155d07f3e8c2d9a":"10":"5d324ec021d57640dee474c442f3a25390de6ff13175f70fad977003bd78fcdfeda87d2a5cc8447b9729990b11e7949c6ebb37a2d3c2fa69a85d79d216a6a489c8c5186576c112ca94c1bce156b819fb010a4168e8c91e777b87dceb0de4f1828c45297e3b513f4ff57bfb874a7c0d3cd709332922394bcddbc0bf959668810ce1ec8dbff662ea620b9ee7186cdde9845185ea87ded242fbffb7f526d875b6b1dbd09a4008b4d2c1034621a75efd6140c7d6fc883d79f7c3b7f7ae21b74e62a9c26f682c9dd48cacdc7f0c4ec5eb32a5c505aa5949d4008ece502bca5612f84ae73164acd2d3399cc9aee5cf615de62dd31c63a407f5c988b5c61a124ce08c"
 
 PSA generate random: 0 bytes
@@ -7349,23 +7438,23 @@ PSA generate key: RSA, e=2
 generate_key_rsa:PSA_VENDOR_RSA_GENERATE_MIN_KEY_BITS:"02":PSA_ERROR_INVALID_ARGUMENT
 
 PSA generate key: FFDH, 2048 bits, good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_2048
 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
 
 PSA generate key: FFDH, 3072 bits, good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_3072
 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):3072:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
 
 PSA generate key: FFDH, 4096 bits, good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_4096
 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
 
 PSA generate key: FFDH, 6144 bits, good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_6144
 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):6144:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
 
 PSA generate key: FFDH, 8192 bits, good
-depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE
+depends_on:PSA_WANT_ALG_FFDH:PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE:PSA_WANT_DH_RFC7919_8192
 generate_key:PSA_KEY_TYPE_DH_KEY_PAIR(PSA_DH_FAMILY_RFC7919):8192:PSA_KEY_USAGE_EXPORT:PSA_ALG_FFDH:PSA_SUCCESS:0
 
 PSA generate key: FFDH, 1024 bits, invalid bits
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 889a3b008..95e7a2dbb 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -8459,7 +8459,7 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE */
-void derive_set_capacity(int alg_arg, int capacity_arg,
+void derive_set_capacity(int alg_arg, int64_t capacity_arg,
                          int expected_status_arg)
 {
     psa_algorithm_t alg = alg_arg;
@@ -8940,7 +8940,7 @@ void derive_full(int alg_arg,
     psa_algorithm_t alg = alg_arg;
     size_t requested_capacity = requested_capacity_arg;
     psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
-    unsigned char output_buffer[16];
+    unsigned char output_buffer[32];
     size_t expected_capacity = requested_capacity;
     size_t current_capacity;
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
new file mode 100644
index 000000000..807007b5e
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -0,0 +1,167 @@
+ECDSA Raw -> DER, 256bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA Raw -> DER, 256bit, DER buffer too small
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ECDSA Raw -> DER, 256bit, Null r
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA Raw -> DER, 256bit, Null s
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA Raw -> DER, 256bit, r with MSb set
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA Raw -> DER, 256bit, s with MSb set
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"304502201111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA Raw -> DER, 256bit, both r and s with MSb set
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"A111111111111111111111111111111111111111111111111111111111111111A222222222222222222222222222222222222222222222222222222222222222":"3046022100A111111111111111111111111111111111111111111111111111111111111111022100A222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA Raw -> DER, 256bit, r and s only 1 byte of data
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000022":"3006020111020122":0
+
+ECDSA Raw -> DER, 256bit, r and s only 1 byte of data with MSb set
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"000000000000000000000000000000000000000000000000000000000000009100000000000000000000000000000000000000000000000000000000000000A2":"300802020091020200A2":0
+
+ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte shorter)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte shorter)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA Raw -> DER, 256bit, Invalid raw signature (r 1 byte longer)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"1111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA Raw -> DER, 256bit, Invalid raw signature (r and s 1 byte longer)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der:256:"111111111111111111111111111111111111111111111111111111111111111111222222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA DER -> Raw, 256bit, Raw buffer too small
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
+ECDSA DER -> Raw, 256bit, Wrong sequence tag
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+ECDSA DER -> Raw, 256bit, Invalid sequence length
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30ff0220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_LENGTH
+
+ECDSA DER -> Raw, 256bit, Wrong integer tag
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440120111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte smaller than the actual size)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440219111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+ECDSA DER -> Raw, 256bit, Wrong r integer length (1 byte larger than the actual size)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440221111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte smaller than the actual size)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102192222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+ECDSA DER -> Raw, 256bit, Wrong s integer length (1 byte larger than the actual size)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102212222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+ECDSA DER -> Raw, 256bit, r size 1 byte larger than allowed for output raw coordinate
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3045022111111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, r with MSb set
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA DER -> Raw, 256bit, Invalid r all zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220000000000000000000000000000000000000000000000000000000000000000002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid s all zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102200000000000000000000000000000000000000000000000000000000000000000":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Valid r only 1 zero byte
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"302502010002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA DER -> Raw, 256bit, Valid s only 1 zero byte
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"302502201111111111111111111111111111111111111111111111111111111111111111020100":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":0
+
+ECDSA DER -> Raw, 256bit, Invalid 0-length r
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3024020002202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid 0-length s
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3024022011111111111111111111111111111111111111111111111111111111111111110200":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid r 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027020300000102202222222222222222222222222222222222222222222222222222222222222222":"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid s 2 leading zeros
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"3027022011111111111111111111111111111111111111111111111111111111111111110203000001":"11111111111111111111111111111111111111111111111111111111111111110000000000000000000000000000000000000000000000000000000000000000":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 256bit, Invalid r: MSb set without leading zero
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_der_to_raw:256:"30440220911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
+ECDSA Raw -> DER, 512bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512
+ecdsa_raw_to_der:512:"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0
+
+# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
+ECDSA DER -> Raw, 512bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512
+ecdsa_der_to_raw:512:"308184024011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0
+
+# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
+ECDSA Raw -> DER, 521bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521
+ecdsa_raw_to_der:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0
+
+# 512/521 bit sizes are useful to test sequence's length encoded with 2 bytes.
+ECDSA DER -> Raw, 521bit, Success
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521
+ecdsa_der_to_raw:521:"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":0
+
+ECDSA Raw -> DER, 256bit, Incremental DER buffer sizes
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der_incremental:256:"91111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"3045022100911111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222"
+
+ECDSA Raw -> DER, 512bit, Incremental DER buffer sizes
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 512
+ecdsa_raw_to_der_incremental:512:"9111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818502410091111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111024022222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222"
+
+ECDSA Raw -> DER, 521bit, Incremental DER buffer sizes
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 521
+ecdsa_raw_to_der_incremental:521:"011111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"30818802420111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111110242012222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222"
+
+ECDSA Raw -> DER, 256bit, DER buffer of minimal length (1 byte per integer)
+depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
+ecdsa_raw_to_der_incremental:256:"00000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000002":"3006020101020102"
diff --git a/tests/suites/test_suite_psa_crypto_util.function b/tests/suites/test_suite_psa_crypto_util.function
new file mode 100644
index 000000000..2d8915e54
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_util.function
@@ -0,0 +1,91 @@
+/* BEGIN_HEADER */
+#include <test/helpers.h>
+#include <mbedtls/psa_util.h>
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */
+void ecdsa_raw_to_der(int key_bits, data_t *input, data_t *exp_result, int exp_ret)
+{
+    unsigned char *tmp_buf = NULL;
+    size_t tmp_buf_len = exp_result->len;
+    size_t ret_len;
+
+    TEST_CALLOC(tmp_buf, tmp_buf_len);
+
+    TEST_EQUAL(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                        tmp_buf, tmp_buf_len, &ret_len), exp_ret);
+
+    if (exp_ret == 0) {
+        ASSERT_COMPARE(exp_result->x, exp_result->len, tmp_buf, ret_len);
+    }
+
+exit:
+    mbedtls_free(tmp_buf);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */
+void ecdsa_raw_to_der_incremental(int key_bits, data_t *input, data_t *exp_result)
+{
+    unsigned char *tmp_buf = NULL;
+    size_t ret_len;
+    size_t i;
+
+    /* Test with an output buffer smaller than required (expexted to fail). */
+    for (i = 1; i < exp_result->len; i++) {
+        TEST_CALLOC(tmp_buf, i);
+        TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                             tmp_buf, i, &ret_len) != 0);
+        mbedtls_free(tmp_buf);
+        tmp_buf = NULL;
+    }
+    /* Test with an output buffer larger/equal than required (expexted to
+     * succeed). */
+    for (i = exp_result->len; i < (2 * exp_result->len); i++) {
+        TEST_CALLOC(tmp_buf, i);
+        TEST_ASSERT(mbedtls_ecdsa_raw_to_der(key_bits, input->x, input->len,
+                                             tmp_buf, i, &ret_len) == 0);
+        mbedtls_free(tmp_buf);
+        tmp_buf = NULL;
+    }
+
+exit:
+    mbedtls_free(tmp_buf);
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_UTIL_HAVE_ECDSA */
+void ecdsa_der_to_raw(int key_bits, data_t *input, data_t *exp_result, int exp_ret)
+{
+    unsigned char *in_buf = NULL;
+    size_t in_buf_len;
+    unsigned char *out_buf = NULL;
+    size_t out_buf_len = exp_result->len;
+    size_t ret_len;
+
+    TEST_CALLOC(out_buf, out_buf_len);
+
+    /* Verify that parsing of truncated input always fails. */
+    for (in_buf_len = 1; in_buf_len < input->len; in_buf_len++) {
+        /* We alloc a copy of input buffer with limited length so that sanitizers
+         * can detect overreads. */
+        TEST_CALLOC(in_buf, in_buf_len);
+        memcpy(in_buf, input->x, in_buf_len);
+        TEST_ASSERT(mbedtls_ecdsa_der_to_raw(key_bits, in_buf, in_buf_len,
+                                             out_buf, out_buf_len, &ret_len) != 0);
+        mbedtls_free(in_buf);
+        in_buf = NULL;
+    }
+
+    TEST_EQUAL(mbedtls_ecdsa_der_to_raw(key_bits, input->x, input->len,
+                                        out_buf, out_buf_len, &ret_len), exp_ret);
+
+    if (exp_ret == 0) {
+        ASSERT_COMPARE(exp_result->x, exp_result->len, out_buf, ret_len);
+    }
+
+exit:
+    mbedtls_free(in_buf);
+    mbedtls_free(out_buf);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index 0a60f314e..b89d1583c 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -615,3 +615,120 @@ rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V1
 RSA Selftest
 depends_on:MBEDTLS_SELF_TEST
 rsa_selftest:
+
+RSA parse/write PKCS#1 private key - 1024 bits
+rsa_parse_write_pkcs1_key:0:"3082025d020100028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb702030100010281801e97247066217ff6303881341a259c4bcd3e147f87f1a714045e80a06b541847e2ce54a78801d21b302fd33f616d6ed7cfa8a262ef5e23257a1642b5fc5a61577f7dba2324e687a10b25751c78996e72d5a8c3bc4e33e4a2a96b2b44b6685e85c37200a34381269250b59f65468ea4288713c4ae3e0e064e524a53a5d7e1ec91024100cbd11d9aad72bfb8db4e6bc7c6910661b3f38fbfa368d6dba0cd6c9aa3a716c03fa374bf8b2e7ba73a216d6ded9468fbaa3d130ee376190cc41ef30419a7da1d024100c7c0e189209483f36ee00a67474960c6ddf0d3a63ca0c76955fe9f358435a5e5318c35397c4245042e0dfabf8decedfd36e4d211349b8ecc4c1baac83f30d4e3024008e692f2644cb48eb01516a3dcca0c8b4bbe81328f424ecfbc8ffc042ccd6932f014854eb017519315f8cbbc973979f4339503360d3ce50f27a96a576d7f65090241009c9b4ef74870c7a6b215ba7250446a385fc6b0d8d30da669a23f172948f71a923f2f528738316894a75ad46d1be3568ec05bd38a23b995d1fc1570e6c00c13cb0241008716c9fa7d2295f34f5849b7c593d1adcec72556ed1044cd79c868c890620b143874a8208a65b7c5e235ccaae4c2492107af513fb2cbb682a3e8119af028f7a8"
+
+RSA parse/write PKCS#1 public key - 1024 bits
+rsa_parse_write_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001"
+
+RSA parse/write PKCS#1 private key - 2048 bits
+rsa_parse_write_pkcs1_key:0:"308204a40201000282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d102030100010282010100d25c964f769d3aad0210ac04da5c90a9136b27e41a47108a86d0beff6341330640bf4dddb39e82134b97a12da58ae3165988f94ad4687148cfc6f5c4e6a7804316d3eddf496f807f4c7b17ffe9e3a1e3a2408c857bf32ff2137584284242a7a96c1780229f7bd7aca82d10f2afc48d4620e1e35e35fa52be3e97b16dad6e84dbdfab4e7e21c7c2e5e5cd1c936f6c221e806bd14afa77b3eefc62e984aa2d391da408aaec0dbd2eade3023ebac77e3416cd67491d60053d317c6c8665be5c33961c379309d37d0a653d1859a6abfe195644d474739dbc44f62e623505f9460d9d8defafb12f4149d5baaf798f1345f565430cd7c096c24ca8d02d13fe90c20c5102818100f116cfdbfc0d5b3528cbfada1b21d4292ff188d41a4b22e658a9e29f610adf5fcb3329b0f567ba5029195fd648d06cc2174638f2f18ff0e0251e283e0a0b1f792751925efb617af3405083245c673dae77edc811fd668769d28ac1bee36261658a32f56a5e1b9b9e4f4fa7da55adeeb08c92f1de89f6186bd9c6d1e721638d2d02818100ea51e8798225e4ee77aa08e2f5ee0f8b847edd4c34d9bf7b8cf339b61d5bd22d504c5ab5f17572850f39018736474a449186e783dfda35da95902c8eaaec4bebb8ab6c057c678f37cd53fc1a12e5ace83d2a44d72195d565b3e8c12f89f2523fe37e52adbafde783be361fcd1f021aaaabf860febd8c5726c7089622ccca73b50281807d8248b7d76204a78a13970650b5adc3bb67dcb9beee7abebc4dc4e3001c2ee9a9d97accdb1523137431f78890e3a09af28ee63ae3b2f1cd5ec57261c9ccbc97cff651630d2f5458aa94bf910061e6e49b1eb8d754ba39a8c7a8e0f04564041c5e73e4fb78fe9a673216dfe57451563fa70f20c79fbef43bc166160463877609028180693b0fa44206b2a145ac5f014e60f32a3cfe9c73b4e8754e0f26cc2c35531f38aa6f1fedc5da70ebc0c261255003041f771b96ad6ac29c9ce5be31c4808e4e2a366d05be10f89121065d49428c6a0914e32330774ce5f5480f5be02671551a0b07279c09d9885d8894cbc9cc5cb89d3138b9fb156c1ab2a8ff89a3a34d453e6102818100aff57dd813fd064d8d1a5e8c7ea7e534dff6963a9b5b1c4da12219268c0500288901bbd36edb8071679bcd9d0d8deacfaa52e4b3659f4a69a5c5322f104524f83eb4b94bf6f02b5ad7c2ccd9bc5688f4e18ff2a70ae7638a83f2f87d8ecc9e0eebf2283f809670c8a0b79e1a576a6c9c04d4d71b75647c818a23873cdc0d77bf"
+
+RSA parse/write PKCS#1 public key - 2048 bits
+rsa_parse_write_pkcs1_key:1:"3082010a0282010100dcabfd25f3b7d67155e5c2520518570e95754ef883a973f94b2b0fb2d7ad733a3b0976c6314770eaf728304ee61e0dfe91811fc4a8219fbc3687cb3cfca54b58804d1ed4de985dc827374cb31b7b23225e130858d6b812dee6a356a8f8d211ba0930d0ec38193cee0a186f4a760cc3aa40e1d04fe4a14506ed279a9080aedd2676a4026bcb1ee24b2c00853bffcc04b5fb3e542626c2b2c54a62f3d6e01df95544fdf85c22cc0846275cb9cdfe73876e94e532ced0bca9876de74ff1edc9c8ac89aa8586aa34ca6f44c972d1e73aaddae168a5e67ec69cd14f206155e6e1161e7aa6754e947d5d26ee5f8789598a79ea4ff0263e2b8bf90641320771955007d10203010001"
+
+RSA parse private key - incorrect version tag
+rsa_parse_pkcs1_key:0:"300100":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - version tag missing
+rsa_parse_pkcs1_key:0:"3000":MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+RSA parse private key - invalid version
+rsa_parse_pkcs1_key:0:"3003020101":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse private key - correct version, incorrect tag
+rsa_parse_pkcs1_key:0:"300402010000":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct format+values, minimal modulus size (128 bit)
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":0
+
+RSA parse private key - missing SEQUENCE
+rsa_parse_pkcs1_key:0:"020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct format, modulus too small (127 bit)
+rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
+
+RSA parse private key - correct format, modulus even
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857002030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse private key - correct format, d == 0
+rsa_parse_pkcs1_key:0:"30630201000211007c8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse private key - correct format, d == p == q == 0
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571020301000102110000000000000000000000000000000000020900000000000000000002090000000000000000000209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse private key - correct values, extra integer inside the SEQUENCE
+rsa_parse_pkcs1_key:0:"3066020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+RSA parse private key - correct values, extra integer outside the SEQUENCE
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c020100":0
+
+RSA parse private key - correct values, n wrong tag
+rsa_parse_pkcs1_key:0:"3063020100FF1100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, e wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c8571FF030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, d wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c85710203010001FF11009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, p wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201FF0900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, q wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61FF0900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, dp wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a211FF09009471f14c26428401020813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, dq wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401FF0813425f060c4b72210208052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse private key - correct values, qp wrong tag
+rsa_parse_pkcs1_key:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b7221FF08052b93d01747a87c":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - missing SEQUENCE
+rsa_parse_pkcs1_key:1:"028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - wrong initial tag
+rsa_parse_pkcs1_key:1:"318189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - wrong modulus tag
+rsa_parse_pkcs1_key:1:"308189038181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - wrong public exponent tag
+rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70303010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - modulus 0
+rsa_parse_pkcs1_key:1:"3081890281810000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000203010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse public key - public exponent 0
+rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203000000":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse public key - wrong sequence length
+rsa_parse_pkcs1_key:1:"308188028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+RSA parse public key - wrong modulus length
+rsa_parse_pkcs1_key:1:"308189028180009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+
+RSA parse public key - wrong public exponent length
+rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70202010001":MBEDTLS_ERR_RSA_BAD_INPUT_DATA
+
+RSA parse public key - missing modulus
+rsa_parse_pkcs1_key:1:"30050203010001":MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+RSA parse public key - missing public exponent
+rsa_parse_pkcs1_key:1:"308184028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb7":MBEDTLS_ERR_ASN1_OUT_OF_DATA
+
+RSA parse public key - correct values, extra integer inside the SEQUENCE
+rsa_parse_pkcs1_key:1:"30818c028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+
+RSA parse public key - correct values, extra integer outside the SEQUENCE
+rsa_parse_pkcs1_key:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001020100":0
+
+RSA priv key write - incremental output buffer size
+rsa_key_write_incremental:0:"3063020100021100cc8ab070369ede72920e5a51523c857102030100010211009a6318982a7231de1894c54aa4909201020900f3058fd8dc484d61020900d7770dbd8b78a2110209009471f14c26428401020813425f060c4b72210208052b93d01747a87c"
+
+RSA priv public key write - incremental output buffer size
+rsa_key_write_incremental:1:"308189028181009f091e6968b474f76f0e9c237c1d895996ae704b4f6d706acec8d2daac6209bf524aa3f658d0283adba1077f6cbe92e425dcde52290b239cade91be86c88425434986806e85734e159768f3dfea932baaa9409d25bace8ee9dce0cdde0903207299de575ae60feccf0daf82334ab83638539b0da74072f253acea8afc8e66bb70203010001"
diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function
index 37bed6dcd..2f700289a 100644
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@@ -1,6 +1,7 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
 #include "rsa_alt_helpers.h"
+#include "rsa_internal.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -1371,6 +1372,112 @@ exit:
 }
 /* END_CASE */
 
+/* BEGIN_CASE */
+void rsa_parse_pkcs1_key(int is_public, data_t *input, int exp_ret_val)
+{
+    mbedtls_rsa_context rsa_ctx;
+
+    mbedtls_rsa_init(&rsa_ctx);
+
+    if (is_public) {
+        TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), exp_ret_val);
+    } else {
+        TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), exp_ret_val);
+    }
+
+exit:
+    mbedtls_rsa_free(&rsa_ctx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void rsa_parse_write_pkcs1_key(int is_public, data_t *input)
+{
+    mbedtls_rsa_context rsa_ctx;
+    unsigned char *output_buf = NULL;
+    unsigned char *output_end, *output_p;
+    size_t output_len;
+
+    mbedtls_rsa_init(&rsa_ctx);
+
+    TEST_CALLOC(output_buf, input->len);
+    output_end = output_buf + input->len;
+    output_p = output_end;
+
+    /* Parse the key and write it back to output_buf. */
+    if (is_public) {
+        TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0);
+        TEST_EQUAL(mbedtls_rsa_write_pubkey(&rsa_ctx, output_buf, &output_p), input->len);
+    } else {
+        TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0);
+        TEST_EQUAL(mbedtls_rsa_write_key(&rsa_ctx, output_buf, &output_p), input->len);
+    }
+    output_len = output_end - output_p;
+
+    /* Check that the written key matches with the one provided in input. */
+    TEST_MEMORY_COMPARE(output_p, output_len, input->x, input->len);
+
+exit:
+    mbedtls_free(output_buf);
+    mbedtls_rsa_free(&rsa_ctx);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void rsa_key_write_incremental(int is_public, data_t *input)
+{
+    mbedtls_rsa_context rsa_ctx;
+    unsigned char *buf = NULL, *end, *p;
+    size_t i, written_data;
+
+    mbedtls_rsa_init(&rsa_ctx);
+
+    /* This is supposed to succeed as the real target of this test are the
+     * write attempt below. */
+    if (is_public) {
+        TEST_EQUAL(mbedtls_rsa_parse_pubkey(&rsa_ctx, input->x, input->len), 0);
+    } else {
+        TEST_EQUAL(mbedtls_rsa_parse_key(&rsa_ctx, input->x, input->len), 0);
+    }
+
+    /* Test with an output buffer smaller than required. */
+    for (i = 1; i < input->len; i++) {
+        TEST_CALLOC(buf, i);
+        end = buf + i;
+        p = end;
+        /* We don't care much about the return value as long as it fails. */
+        if (is_public) {
+            TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) != 0);
+        } else {
+            TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) != 0);
+        }
+        mbedtls_free(buf);
+        buf = NULL;
+    }
+
+    /* Test with an output buffer equal or larger than what it is strictly required. */
+    for (i = input->len; i < (2 * input->len); i++) {
+        TEST_CALLOC(buf, i);
+        end = buf + i;
+        p = end;
+        /* This time all write functions must succeed. */
+        if (is_public) {
+            TEST_ASSERT(mbedtls_rsa_write_pubkey(&rsa_ctx, buf, &p) > 0);
+        } else {
+            TEST_ASSERT(mbedtls_rsa_write_key(&rsa_ctx, buf, &p) > 0);
+        }
+        written_data = (end - p);
+        TEST_MEMORY_COMPARE(p, written_data, input->x, input->len);
+        mbedtls_free(buf);
+        buf = NULL;
+    }
+
+exit:
+    mbedtls_free(buf);
+    mbedtls_rsa_free(&rsa_ctx);
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
 void rsa_selftest()
 {
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index de998e3ff..86945cc7b 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3270,3 +3270,15 @@ ssl_ecjpake_set_password:1
 
 Test Elliptic curves' info parsing
 elliptic_curve_get_properties
+
+TLS 1.3 resume session with ticket
+tls13_resume_session_with_ticket
+
+TLS 1.3 early data, reference
+tls13_early_data:TEST_EARLY_DATA_REFERENCE
+
+TLS 1.3 early data, deprotect and discard
+tls13_early_data:TEST_EARLY_DATA_DEPROTECT_AND_DISCARD
+
+TLS 1.3 early data, discard after HRR
+tls13_early_data:TEST_EARLY_DATA_DISCARD_AFTER_HRR
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 8a03d1b97..8687a4d6f 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -12,6 +12,54 @@
 
 #define SSL_MESSAGE_QUEUE_INIT      { NULL, 0, 0, 0 }
 
+/* Mnemonics for the early data test scenarios */
+#define TEST_EARLY_DATA_REFERENCE 0
+#define TEST_EARLY_DATA_DEPROTECT_AND_DISCARD 1
+#define TEST_EARLY_DATA_DISCARD_AFTER_HRR 2
+
+#if (!defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
+    defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_CLI_C) && \
+    defined(MBEDTLS_SSL_SRV_C) && defined(MBEDTLS_DEBUG_C) && \
+    defined(MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE) && \
+    defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED) && \
+    defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED) && \
+    defined(MBEDTLS_MD_CAN_SHA256) && \
+    defined(MBEDTLS_ECP_HAVE_SECP256R1) && defined(MBEDTLS_ECP_HAVE_SECP384R1) && \
+    defined(MBEDTLS_PK_CAN_ECDSA_VERIFY) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+/*
+ * The implementation of the function should be based on
+ * mbedtls_ssl_write_early_data() eventually. The current version aims at
+ * removing the dependency on mbedtls_ssl_write_early_data() for the
+ * development and testing of reading early data.
+ */
+static int write_early_data(mbedtls_ssl_context *ssl,
+                            unsigned char *buf, size_t len)
+{
+    int ret = mbedtls_ssl_get_max_out_record_payload(ssl);
+
+    TEST_ASSERT(ret > 0);
+    TEST_ASSERT(len <= (size_t) ret);
+
+    ret = mbedtls_ssl_flush_output(ssl);
+    TEST_EQUAL(ret, 0);
+    TEST_EQUAL(ssl->out_left, 0);
+
+    ssl->out_msglen = len;
+    ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
+    if (len > 0) {
+        memcpy(ssl->out_msg, buf, len);
+    }
+
+    ret = mbedtls_ssl_write_record(ssl, 1);
+    TEST_EQUAL(ret, 0);
+
+    ret = len;
+
+exit:
+    return ret;
+}
+#endif
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -3519,3 +3567,270 @@ exit:
     MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
+void tls13_resume_session_with_ticket()
+{
+    int ret = -1;
+    unsigned char buf[64];
+    mbedtls_test_ssl_endpoint client_ep, server_ep;
+    mbedtls_test_handshake_test_options client_options;
+    mbedtls_test_handshake_test_options server_options;
+    mbedtls_ssl_session saved_session;
+
+    /*
+     * Test set-up
+     */
+    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
+    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
+    mbedtls_test_init_handshake_options(&client_options);
+    mbedtls_test_init_handshake_options(&server_options);
+    mbedtls_ssl_session_init(&saved_session);
+
+    PSA_INIT();
+
+    client_options.pk_alg = MBEDTLS_PK_ECDSA;
+    ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
+                                         &client_options, NULL, NULL, NULL,
+                                         NULL);
+    TEST_EQUAL(ret, 0);
+
+    server_options.pk_alg = MBEDTLS_PK_ECDSA;
+    ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
+                                         &server_options, NULL, NULL, NULL,
+                                         NULL);
+    mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
+                                        mbedtls_test_ticket_write,
+                                        mbedtls_test_ticket_parse,
+                                        NULL);
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
+                                           &(server_ep.socket), 1024);
+    TEST_EQUAL(ret, 0);
+
+    /*
+     * Run initial handshake: ephemeral key exchange mode, certificate with
+     * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
+     * algorithm. Then, get the ticket sent by the server at the end of its
+     * handshake sequence.
+     */
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(server_ep.ssl), &(client_ep.ssl),
+                   MBEDTLS_SSL_HANDSHAKE_OVER), 0);
+
+    do {
+        ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
+    } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
+
+    /*
+     * Save client session and reset the SSL context of the two endpoints.
+     */
+    ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
+    TEST_EQUAL(ret, 0);
+
+    /*
+     * Set saved session on client side and handshake using the ticket
+     * included in that session.
+     */
+
+    ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
+    TEST_EQUAL(ret, 0);
+
+    /*
+     * Run the handshake up to MBEDTLS_SSL_HANDSHAKE_WRAPUP and not
+     * MBEDTLS_SSL_HANDSHAKE_OVER to preserve handshake data for the checks
+     * below.
+     */
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(server_ep.ssl), &(client_ep.ssl),
+                   MBEDTLS_SSL_HANDSHAKE_WRAPUP), 0);
+
+    TEST_EQUAL(server_ep.ssl.handshake->resume, 1);
+    TEST_EQUAL(server_ep.ssl.handshake->new_session_tickets_count, 1);
+    TEST_EQUAL(server_ep.ssl.handshake->key_exchange_mode,
+               MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL);
+
+exit:
+    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_free_handshake_options(&client_options);
+    mbedtls_test_free_handshake_options(&server_options);
+    mbedtls_ssl_session_free(&saved_session);
+    PSA_DONE();
+}
+/* END_CASE */
+
+/*
+ * The !MBEDTLS_SSL_PROTO_TLS1_2 dependency of tls13_early_data() below is
+ * a temporary workaround to not run the test in Windows-2013 where there is
+ * an issue with mbedtls_vsnprintf().
+ */
+/* BEGIN_CASE depends_on:!MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_EARLY_DATA:MBEDTLS_SSL_CLI_C:MBEDTLS_SSL_SRV_C:MBEDTLS_DEBUG_C:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_VERIFY:MBEDTLS_SSL_SESSION_TICKETS */
+void tls13_early_data(int scenario)
+{
+    int ret = -1;
+    unsigned char buf[64];
+    const char *early_data = "This is early data.";
+    size_t early_data_len = strlen(early_data);
+    mbedtls_test_ssl_endpoint client_ep, server_ep;
+    mbedtls_test_handshake_test_options client_options;
+    mbedtls_test_handshake_test_options server_options;
+    mbedtls_ssl_session saved_session;
+    mbedtls_test_ssl_log_pattern server_pattern = { NULL, 0 };
+    uint16_t group_list[3] = {
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1,
+        MBEDTLS_SSL_IANA_TLS_GROUP_NONE
+    };
+
+    /*
+     * Test set-up
+     */
+    mbedtls_platform_zeroize(&client_ep, sizeof(client_ep));
+    mbedtls_platform_zeroize(&server_ep, sizeof(server_ep));
+    mbedtls_test_init_handshake_options(&client_options);
+    mbedtls_test_init_handshake_options(&server_options);
+    mbedtls_ssl_session_init(&saved_session);
+
+    PSA_INIT();
+
+    client_options.pk_alg = MBEDTLS_PK_ECDSA;
+    ret = mbedtls_test_ssl_endpoint_init(&client_ep, MBEDTLS_SSL_IS_CLIENT,
+                                         &client_options, NULL, NULL, NULL,
+                                         group_list);
+    TEST_EQUAL(ret, 0);
+    mbedtls_ssl_conf_early_data(&client_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
+
+    server_options.pk_alg = MBEDTLS_PK_ECDSA;
+    server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
+    server_options.srv_log_obj = &server_pattern;
+    ret = mbedtls_test_ssl_endpoint_init(&server_ep, MBEDTLS_SSL_IS_SERVER,
+                                         &server_options, NULL, NULL, NULL,
+                                         group_list);
+    TEST_EQUAL(ret, 0);
+    mbedtls_ssl_conf_early_data(&server_ep.conf, MBEDTLS_SSL_EARLY_DATA_ENABLED);
+    mbedtls_ssl_conf_session_tickets_cb(&server_ep.conf,
+                                        mbedtls_test_ticket_write,
+                                        mbedtls_test_ticket_parse,
+                                        NULL);
+
+    ret = mbedtls_test_mock_socket_connect(&(client_ep.socket),
+                                           &(server_ep.socket), 1024);
+    TEST_EQUAL(ret, 0);
+
+    /*
+     * Run initial handshake: ephemeral key exchange mode, certificate with
+     * SECP256R1 key, CA certificate with SECP384R1 key, ECDSA signature
+     * algorithm. Then, get the ticket sent by the server at the end of its
+     * handshake sequence.
+     */
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(server_ep.ssl), &(client_ep.ssl),
+                   MBEDTLS_SSL_HANDSHAKE_OVER), 0);
+
+    do {
+        ret = mbedtls_ssl_read(&(client_ep.ssl), buf, sizeof(buf));
+    } while (ret != MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET);
+
+    /*
+     * Save client session and reset the SSL context of the two endpoints.
+     */
+    ret = mbedtls_ssl_get_session(&(client_ep.ssl), &saved_session);
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_ssl_session_reset(&(client_ep.ssl));
+    TEST_EQUAL(ret, 0);
+
+    ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
+    TEST_EQUAL(ret, 0);
+
+    /*
+     * Set saved session on client side and start handshake using the ticket
+     * included in that session.
+     */
+
+    ret = mbedtls_ssl_set_session(&(client_ep.ssl), &saved_session);
+    TEST_EQUAL(ret, 0);
+
+    switch (scenario) {
+        case TEST_EARLY_DATA_REFERENCE:
+            break;
+
+        case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD:
+            mbedtls_debug_set_threshold(3);
+            server_pattern.pattern =
+                "EarlyData: deprotect and discard app data records.";
+            mbedtls_ssl_conf_early_data(&server_ep.conf,
+                                        MBEDTLS_SSL_EARLY_DATA_DISABLED);
+            break;
+
+        case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
+            mbedtls_debug_set_threshold(3);
+            server_pattern.pattern =
+                "EarlyData: Ignore application message before 2nd ClientHello";
+            mbedtls_ssl_conf_groups(&server_ep.conf, group_list + 1);
+            /*
+             * Need to reset again to reconstruct the group list in the
+             * handshake structure from the configured one.
+             */
+            ret = mbedtls_ssl_session_reset(&(server_ep.ssl));
+            TEST_EQUAL(ret, 0);
+            break;
+
+        default:
+            TEST_FAIL("Unknown scenario.");
+    }
+
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(client_ep.ssl), &(server_ep.ssl),
+                   MBEDTLS_SSL_SERVER_HELLO), 0);
+
+    TEST_ASSERT(client_ep.ssl.early_data_status !=
+                MBEDTLS_SSL_EARLY_DATA_STATUS_NOT_SENT);
+
+    ret = write_early_data(&(client_ep.ssl), (unsigned char *) early_data,
+                           early_data_len);
+    TEST_EQUAL(ret, early_data_len);
+
+    ret = mbedtls_test_move_handshake_to_state(
+        &(server_ep.ssl), &(client_ep.ssl),
+        MBEDTLS_SSL_HANDSHAKE_WRAPUP);
+
+    switch (scenario) {
+        case TEST_EARLY_DATA_REFERENCE:
+            TEST_EQUAL(ret, MBEDTLS_ERR_SSL_RECEIVED_EARLY_DATA);
+            TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 1);
+            TEST_EQUAL(mbedtls_ssl_read_early_data(&(server_ep.ssl),
+                                                   buf, sizeof(buf)), early_data_len);
+            TEST_MEMORY_COMPARE(buf, early_data_len, early_data, early_data_len);
+            break;
+
+        case TEST_EARLY_DATA_DEPROTECT_AND_DISCARD: /* Intentional fallthrough */
+        case TEST_EARLY_DATA_DISCARD_AFTER_HRR:
+            TEST_EQUAL(ret, 0);
+            TEST_EQUAL(server_ep.ssl.handshake->early_data_accepted, 0);
+            TEST_EQUAL(server_pattern.counter, 1);
+            break;
+    }
+
+    TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+                   &(server_ep.ssl), &(client_ep.ssl),
+                   MBEDTLS_SSL_HANDSHAKE_OVER), 0);
+
+exit:
+    mbedtls_test_ssl_endpoint_free(&client_ep, NULL);
+    mbedtls_test_ssl_endpoint_free(&server_ep, NULL);
+    mbedtls_test_free_handshake_options(&client_options);
+    mbedtls_test_free_handshake_options(&server_options);
+    mbedtls_ssl_session_free(&saved_session);
+    mbedtls_debug_set_threshold(0);
+    PSA_DONE();
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 261c220ee..b9ae20c56 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1774,7 +1774,7 @@ x509parse_crt:"307d3068a0030201008204deadbeef300d06092a864886f70d01010b0500300c3
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring length)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
-x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
+x509parse_crt:"308180306ba0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA
 
 X509 CRT ASN1 (TBS, inv SubPubKeyInfo, inv internal bitstring tag)
 depends_on:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA256
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index c2a2f556d..66477e0d1 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -4,6 +4,7 @@
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_crl.h"
 #include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/base64.h"
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 1d8b87ce2..3d84c729f 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -2,6 +2,7 @@
 #include "mbedtls/bignum.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/x509_csr.h"
+#include "x509_internal.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/rsa.h"