Merge pull request #10074 from bjwtaylor/rng-documentation Add ChangeLog for rng

commit: 8ab3d8c25d4c364c0423338bdd69bccc61447be2 [log] [tgz]
author: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Apr 14 10:03:58 2025 +0000
committer: GitHub <noreply@github.com> Mon Apr 14 10:03:58 2025 +0000
tree: 22d6e591044a51bfc963688bb9486e3134e18a28
parent: a3d27b54fc9dd5d4f030e3e46e637015a863362c [diff]
parent: b430f8235cd71e48cd67998da615614dde7db47b [diff]
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
index c203112..15f44aa 100644
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md

@@ -7,6 +7,12 @@
 
 ---
 
+**WARNING:** if the bug you are reporting has or may have security implications,
+we ask that you report it privately to
+<mbed-tls-security@lists.trustedfirmware.org>
+so that we can prepare and release a fix before publishing the details.
+See [SECURITY.md](https://github.com/Mbed-TLS/mbedtls/blob/development/SECURITY.md).
+
 ### Summary
 
 
@@ -25,6 +31,10 @@
 
 ### Actual behavior
 
+**WARNING:* if the actual behaviour suggests memory corruption (like a crash or an error
+from a memory checker), then the bug should be assumed to have security
+implications (until proven otherwise), and we ask what you report it privately,
+see the note at the top of this template.
 
 
 ### Steps to reproduce

diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
index a637fe4..e48e44b 100644
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md

@@ -14,7 +14,6 @@
 - [ ] **TF-PSA-Crypto PR** provided # | not required because: 
 - [ ] **framework PR** provided Mbed-TLS/mbedtls-framework# | not required
 - [ ] **3.6 PR** provided # | not required because: 
-- [ ] **2.28 PR** provided # | not required because: 
 - **tests**  provided | not required because: 
 
 

diff --git a/.gitignore b/.gitignore
index 2917cfb..9226eec 100644
--- a/.gitignore
+++ b/.gitignore

@@ -1,7 +1,5 @@
 # Random seed file created by test scripts and sample programs
 seedfile
-# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
-00000000ffffff52.psa_its
 # Log files created by all.sh to reduce the logs in case a component runs
 # successfully
 quiet-make.*

diff --git a/BRANCHES.md b/BRANCHES.md
index bcceda8..49f7e28 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md

@@ -11,7 +11,6 @@
   as well as all the new features and bug fixes and security fixes.
 - One or more long-time support (LTS) branches: these only get bug fixes and
   security fixes. Currently, the supported LTS branches are:
-- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28).
 - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6).
 
 We retain a number of historical branches, whose names are prefixed by `archive/`,
@@ -108,8 +107,5 @@
 - [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
  maintained until March 2027, see
   <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0>.
-- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
- maintained until the end of 2024, see
-  <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8>.
 
 Users are urged to always use the latest version of a maintained branch.

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 9f23c3b..a099356 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt

@@ -420,20 +420,22 @@
     if(GEN_FILES)
         add_custom_command(
             OUTPUT
-                ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+                ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test
             COMMAND
                 "${MBEDTLS_PYTHON_EXECUTABLE}"
                 "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
                 "--output"
-                "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+                "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h"
             DEPENDS
                 ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
         )
         add_custom_target(mbedtls_test_keys_header
-            DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
+            DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_keys.h)
         add_dependencies(mbedtls_test mbedtls_test_keys_header)
     endif()
     target_include_directories(mbedtls_test
+        PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include
         PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
         PRIVATE tests/include
         PRIVATE include
@@ -454,20 +456,22 @@
     if(GEN_FILES)
         add_custom_command(
             OUTPUT
-                ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
+                ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h
+            COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test
             COMMAND
                 "${MBEDTLS_PYTHON_EXECUTABLE}"
                 "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
                 "--output"
-                "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
+                "${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h"
             DEPENDS
                 ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
         )
         add_custom_target(mbedtls_test_certs_header
-            DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
+            DEPENDS ${CMAKE_CURRENT_BINARY_DIR}/tests/include/test/test_certs.h)
         add_dependencies(mbedtls_test_helpers mbedtls_test_certs_header)
     endif()
     target_include_directories(mbedtls_test_helpers
+        PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/tests/include
         PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
         PRIVATE tests/include
         PRIVATE include

diff --git a/ChangeLog.d/9964.txt b/ChangeLog.d/9964.txt
new file mode 100644
index 0000000..ca0cc4b
--- /dev/null
+++ b/ChangeLog.d/9964.txt

@@ -0,0 +1,25 @@
+Removals
+    * Removal of the following sample programs:
+          pkey/rsa_genkey.c
+          pkey/pk_decrypt.c
+          pkey/dh_genprime.c
+          pkey/rsa_verify.c
+          pkey/mpi_demo.c
+          pkey/rsa_decrypt.c
+          pkey/key_app.c
+          pkey/dh_server.c
+          pkey/ecdh_curve25519.c
+          pkey/pk_encrypt.c
+          pkey/rsa_sign.c
+          pkey/key_app_writer.c
+          pkey/dh_client.c
+          pkey/ecdsa.c
+          pkey/rsa_encrypt.c
+          wince_main.c
+          aes/crypt_and_hash.c
+          random/gen_random_ctr_drbg.c
+          random/gen_entropy.c
+          hash/md_hmac_demo.c
+          hash/hello.c
+          hash/generic_sum.c
+          cipher/cipher_aead_demo.c

diff --git a/ChangeLog.d/mbedtls_ssl_set_hostname.txt b/ChangeLog.d/mbedtls_ssl_set_hostname.txt
new file mode 100644
index 0000000..250a5ba
--- /dev/null
+++ b/ChangeLog.d/mbedtls_ssl_set_hostname.txt

@@ -0,0 +1,16 @@
+Default behavior changes
+   * In TLS clients, if mbedtls_ssl_set_hostname() has not been called,
+     mbedtls_ssl_handshake() now fails with
+     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+     if certificate-based authentication of the server is attempted.
+     This is because authenticating a server without knowing what name
+     to expect is usually insecure.
+
+Security
+   * Note that TLS clients should generally call mbedtls_ssl_set_hostname()
+     if they use certificate authentication (i.e. not pre-shared keys).
+     Otherwise, in many scenarios, the server could be impersonated.
+     The library will now prevent the handshake and return
+     MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+     if mbedtls_ssl_set_hostname() has not been called.
+     Reported by Daniel Stenberg.

diff --git a/ChangeLog.d/tls12-check-finished-calc.txt b/ChangeLog.d/tls12-check-finished-calc.txt
new file mode 100644
index 0000000..cd52d32
--- /dev/null
+++ b/ChangeLog.d/tls12-check-finished-calc.txt

@@ -0,0 +1,6 @@
+Security
+   * Fix a vulnerability in the TLS 1.2 handshake. If memory allocation failed
+     or there was a cryptographic hardware failure when calculating the
+     Finished message, it could be calculated incorrectly. This would break
+     the security guarantees of the TLS handshake.
+     CVE-2025-27810

diff --git a/README.md b/README.md
index 448f372..fc1536e 100644
--- a/README.md
+++ b/README.md

@@ -79,7 +79,7 @@
 * If not cross-compiling, running `make` with any target, or just `make`, will automatically generate required files.
 * On non-Windows systems, when not cross-compiling, CMake will generate the required files automatically.
 * Run `make generated_files` to generate all the configuration-independent files.
-* On Unix/POSIX systems, run `tests/scripts/check-generated-files.sh -u` to generate all the configuration-independent files.
+* On Unix/POSIX systems, run `framework/scripts/make_generated_files.py` to generate all the configuration-independent files.
 * On Windows, run `scripts\make_generated_files.bat` to generate all the configuration-independent files.
 
 ### Make

diff --git a/framework b/framework
index 72b5acd..a39ba59 160000
--- a/framework
+++ b/framework

@@ -1 +1 @@
-Subproject commit 72b5acd590097ee9d108b024bf727d752d18f97d
+Subproject commit a39ba59344fd4f1d0ee267ca414b9420d5dca9f5

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 6c37fc3..e724aa2 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -165,6 +165,39 @@
 #define MBEDTLS_ERR_SSL_VERSION_MISMATCH                  -0x5F00
 /** Invalid value in SSL config */
 #define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80
+/* Error space gap */
+/** Attempt to verify a certificate without an expected hostname.
+ * This is usually insecure.
+ *
+ * In TLS clients, when a client authenticates a server through its
+ * certificate, the client normally checks three things:
+ * - the certificate chain must be valid;
+ * - the chain must start from a trusted CA;
+ * - the certificate must cover the server name that is expected by the client.
+ *
+ * Omitting any of these checks is generally insecure, and can allow a
+ * malicious server to impersonate a legitimate server.
+ *
+ * The third check may be safely skipped in some unusual scenarios,
+ * such as networks where eavesdropping is a risk but not active attacks,
+ * or a private PKI where the client equally trusts all servers that are
+ * accredited by the root CA.
+ *
+ * You should call mbedtls_ssl_set_hostname() with the expected server name
+ * before starting a TLS handshake on a client (unless the client is
+ * set up to only use PSK-based authentication, which does not rely on the
+ * host name). If you have determined that server name verification is not
+ * required for security in your scenario, call mbedtls_ssl_set_hostname()
+ * with \p NULL as the server name.
+ *
+ * This error is raised if all of the following conditions are met:
+ *
+ * - A TLS client is configured with the authentication mode
+ *   #MBEDTLS_SSL_VERIFY_REQUIRED (default).
+ * - Certificate authentication is enabled.
+ * - The client does not call mbedtls_ssl_set_hostname().
+ */
+#define MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME  -0x5D80
 
 /*
  * Constants from RFC 8446 for TLS 1.3 PSK modes
@@ -1222,8 +1255,8 @@
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_EARLY_DATA) && defined(MBEDTLS_SSL_ALPN) && defined(MBEDTLS_SSL_SRV_C)
-    char *ticket_alpn;                      /*!< ALPN negotiated in the session
-                                                 during which the ticket was generated. */
+    char *MBEDTLS_PRIVATE(ticket_alpn);           /*!< ALPN negotiated in the session
+                                                       during which the ticket was generated. */
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
@@ -1405,10 +1438,6 @@
     void(*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
     void *MBEDTLS_PRIVATE(p_dbg);                    /*!< context for the debug function     */
 
-    /** Callback for getting (pseudo-)random numbers                        */
-    int(*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_rng);                    /*!< context for the RNG function       */
-
     /** Callback to retrieve a session from the cache                       */
     mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
     /** Callback to store a session into the cache                          */
@@ -1586,6 +1615,14 @@
      * Miscellaneous
      */
     int MBEDTLS_PRIVATE(state);                  /*!< SSL handshake: current state     */
+
+    /** Mask of `MBEDTLS_SSL_CONTEXT_FLAG_XXX`.
+     * See `mbedtls_ssl_context_flags_t` in ssl_misc.h.
+     *
+     * This field is not saved by mbedtls_ssl_session_save().
+     */
+    uint32_t MBEDTLS_PRIVATE(flags);
+
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
     int MBEDTLS_PRIVATE(renego_status);          /*!< Initial, in progress, pending?   */
     int MBEDTLS_PRIVATE(renego_records_seen);    /*!< Records since renego request, or with DTLS,
@@ -1893,6 +1930,17 @@
  * \note           The PSA crypto subsystem must have been initialized by
  *                 calling psa_crypto_init() before calling this function.
  *
+ * \note           After setting up a client context, if certificate-based
+ *                 authentication is enabled, you should call
+ *                 mbedtls_ssl_set_hostname() to specifiy the expected
+ *                 name of the server. Otherwise, if server authentication
+ *                 is required (which is the case by default) and the
+ *                 selected key exchange involves a certificate (i.e. is not
+ *                 based on a pre-shared key), the certificate authentication
+ *                 will fail. See
+ *                 #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ *                 for more information.
+ *
  * \param ssl      SSL context
  * \param conf     SSL configuration to use
  *
@@ -2061,17 +2109,6 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /**
- * \brief          Set the random number generator callback
- *
- * \param conf     SSL configuration
- * \param f_rng    RNG function (mandatory)
- * \param p_rng    RNG parameter
- */
-void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
-                          int (*f_rng)(void *, unsigned char *, size_t),
-                          void *p_rng);
-
-/**
  * \brief          Set the debug callback
  *
  *                 The callback has the following argument:
@@ -3753,16 +3790,29 @@
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
  * \brief          Set or reset the hostname to check against the received
- *                 server certificate. It sets the ServerName TLS extension,
- *                 too, if that extension is enabled. (client-side only)
+ *                 peer certificate. On a client, this also sets the
+ *                 ServerName TLS extension, if that extension is enabled.
+ *                 On a TLS 1.3 client, this also sets the server name in
+ *                 the session resumption ticket, if that feature is enabled.
  *
  * \param ssl      SSL context
- * \param hostname the server hostname, may be NULL to clear hostname
-
- * \note           Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ * \param hostname The server hostname. This may be \c NULL to clear
+ *                 the hostname.
  *
- * \return         0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
- *                 allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
+ * \note           Maximum hostname length #MBEDTLS_SSL_MAX_HOST_NAME_LEN.
+ *
+ * \note           If the hostname is \c NULL on a client, then the server
+ *                 is not authenticated: it only needs to have a valid
+ *                 certificate, not a certificate matching its name.
+ *                 Therefore you should always call this function on a client,
+ *                 unless the connection is set up to only allow
+ *                 pre-shared keys, or in scenarios where server
+ *                 impersonation is not a concern. See the documentation of
+ *                 #MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME
+ *                 for more details.
+ *
+ * \return         0 if successful, #MBEDTLS_ERR_SSL_ALLOC_FAILED on
+ *                 allocation failure, #MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
  *                 too long input hostname.
  *
  *                 Hostname set to the one provided on success (cleared

diff --git a/library/Makefile b/library/Makefile
index 61b2623..1c0e4d9 100644
--- a/library/Makefile
+++ b/library/Makefile

@@ -113,7 +113,6 @@
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto.o \
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_client.o \
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_driver_wrappers_no_static.o \
-	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_se.o \
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_slot_management.o \
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_crypto_storage.o \
 	     $(TF_PSA_CRYPTO_CORE_PATH)/psa_its_file.o \

diff --git a/library/ssl_client.c b/library/ssl_client.c
index be4d621..cb57a97 100644
--- a/library/ssl_client.c
+++ b/library/ssl_client.c

@@ -725,9 +725,8 @@
 #endif /* MBEDTLS_HAVE_TIME */
     }
 
-    ret = ssl->conf->f_rng(ssl->conf->p_rng,
-                           randbytes + gmt_unix_time_len,
-                           MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
+    ret = psa_generate_random(randbytes + gmt_unix_time_len,
+                              MBEDTLS_CLIENT_HELLO_RANDOM_LEN - gmt_unix_time_len);
     return ret;
 }
 
@@ -867,9 +866,9 @@
     if (session_id_len != session_negotiate->id_len) {
         session_negotiate->id_len = session_id_len;
         if (session_id_len > 0) {
-            ret = ssl->conf->f_rng(ssl->conf->p_rng,
-                                   session_negotiate->id,
-                                   session_id_len);
+
+            ret = psa_generate_random(session_negotiate->id,
+                                      session_id_len);
             if (ret != 0) {
                 MBEDTLS_SSL_DEBUG_RET(1, "creating session id failed", ret);
                 return ret;

diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index d12cee3..f52f784 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h

@@ -16,6 +16,9 @@
 #include "mbedtls/error.h"
 
 #include "mbedtls/ssl.h"
+#include "mbedtls/debug.h"
+#include "debug_internal.h"
+
 #include "mbedtls/cipher.h"
 
 #include "psa/crypto.h"
@@ -51,6 +54,22 @@
 #define MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED
 #endif
 
+/** Flag values for mbedtls_ssl_context::flags. */
+typedef enum {
+    /** Set if mbedtls_ssl_set_hostname() has been called. */
+    MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET = 1,
+} mbedtls_ssl_context_flags_t;
+
+/** Flags from ::mbedtls_ssl_context_flags_t to keep in
+ * mbedtls_ssl_session_reset().
+ *
+ * The flags that are in this list are kept until explicitly updated or
+ * until mbedtls_ssl_free(). The flags that are not listed here are
+ * reset to 0 in mbedtls_ssl_session_reset().
+ */
+#define MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION       \
+    (MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET)
+
 #define MBEDTLS_SSL_INITIAL_HANDSHAKE           0
 #define MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS   1   /* In progress */
 #define MBEDTLS_SSL_RENEGOTIATION_DONE          2   /* Done or aborted */
@@ -1288,12 +1307,30 @@
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_handshake_server_step(mbedtls_ssl_context *ssl);
 void mbedtls_ssl_handshake_wrapup(mbedtls_ssl_context *ssl);
+
+#if defined(MBEDTLS_DEBUG_C)
+/* Declared in "ssl_debug_helpers.h". We can't include this file from
+ * "ssl_misc.h" because it includes "ssl_misc.h" because it needs some
+ * type definitions. TODO: split the type definitions and the helper
+ * functions into different headers.
+ */
+const char *mbedtls_ssl_states_str(mbedtls_ssl_states state);
+#endif
+
 static inline void mbedtls_ssl_handshake_set_state(mbedtls_ssl_context *ssl,
                                                    mbedtls_ssl_states state)
 {
+    MBEDTLS_SSL_DEBUG_MSG(3, ("handshake state: %d (%s) -> %d (%s)",
+                              ssl->state, mbedtls_ssl_states_str(ssl->state),
+                              (int) state, mbedtls_ssl_states_str(state)));
     ssl->state = (int) state;
 }
 
+static inline void mbedtls_ssl_handshake_increment_state(mbedtls_ssl_context *ssl)
+{
+    mbedtls_ssl_handshake_set_state(ssl, ssl->state + 1);
+}
+
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_send_fatal_handshake_failure(mbedtls_ssl_context *ssl);
 
@@ -1721,9 +1758,7 @@
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
                             mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng);
+                            mbedtls_record *rec);
 MBEDTLS_CHECK_RETURN_CRITICAL
 int mbedtls_ssl_decrypt_buf(mbedtls_ssl_context const *ssl,
                             mbedtls_ssl_transform *transform,

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index f5ea8dd..dba8d74 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c

@@ -801,9 +801,7 @@
 
 int mbedtls_ssl_encrypt_buf(mbedtls_ssl_context *ssl,
                             mbedtls_ssl_transform *transform,
-                            mbedtls_record *rec,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng)
+                            mbedtls_record *rec)
 {
     mbedtls_ssl_mode_t ssl_mode;
     int auth_done = 0;
@@ -825,14 +823,6 @@
     ((void) ssl);
 #endif
 
-    /* The PRNG is used for dynamic IV generation that's used
-     * for CBC transformations in TLS 1.2. */
-#if !(defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-    defined(MBEDTLS_SSL_PROTO_TLS1_2))
-    ((void) f_rng);
-    ((void) p_rng);
-#endif
-
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> encrypt buf"));
 
     if (transform == NULL) {
@@ -1140,10 +1130,6 @@
          * Prepend per-record IV for block cipher in TLS v1.2 as per
          * Method 1 (6.2.3.2. in RFC4346 and RFC5246)
          */
-        if (f_rng == NULL) {
-            MBEDTLS_SSL_DEBUG_MSG(1, ("No PRNG provided to encrypt_record routine"));
-            return MBEDTLS_ERR_SSL_INTERNAL_ERROR;
-        }
 
         if (rec->data_offset < transform->ivlen) {
             MBEDTLS_SSL_DEBUG_MSG(1, ("Buffer provided for encrypted record not large enough"));
@@ -1153,7 +1139,7 @@
         /*
          * Generate IV
          */
-        ret = f_rng(p_rng, transform->iv_enc, transform->ivlen);
+        ret = psa_generate_random(transform->iv_enc, transform->ivlen);
         if (ret != 0) {
             return ret;
         }
@@ -2725,8 +2711,7 @@
             rec.cid_len = 0;
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
-            if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec,
-                                               ssl->conf->f_rng, ssl->conf->p_rng)) != 0) {
+            if ((ret = mbedtls_ssl_encrypt_buf(ssl, ssl->transform_out, &rec)) != 0) {
                 MBEDTLS_SSL_DEBUG_RET(1, "ssl_encrypt_buf", ret);
                 return ret;
             }
@@ -3714,6 +3699,7 @@
     rec->buf_len = rec->data_offset + rec->data_len;
 
     if (rec->data_len == 0) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("rejecting empty record"));
         return MBEDTLS_ERR_SSL_INVALID_RECORD;
     }
 
@@ -5059,7 +5045,7 @@
     ssl->out_msglen  = 1;
     ssl->out_msg[0]  = 1;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -5121,7 +5107,7 @@
 
     mbedtls_ssl_update_in_pointers(ssl);
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse change cipher spec"));
 

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 7eb181e..75dde2b 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1223,11 +1223,6 @@
         return ret;
     }
 
-    if (ssl->conf->f_rng == NULL) {
-        MBEDTLS_SSL_DEBUG_MSG(1, ("no RNG provided"));
-        return MBEDTLS_ERR_SSL_NO_RNG;
-    }
-
     /* Space for further checks */
 
     return 0;
@@ -1414,7 +1409,8 @@
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
-    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST);
+    ssl->flags &= MBEDTLS_SSL_CONTEXT_FLAGS_KEEP_AT_SESSION;
     ssl->tls_version = ssl->conf->max_tls_version;
 
     mbedtls_ssl_session_reset_msg_layer(ssl, partial);
@@ -1526,14 +1522,6 @@
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
-                          int (*f_rng)(void *, unsigned char *, size_t),
-                          void *p_rng)
-{
-    conf->f_rng      = f_rng;
-    conf->p_rng      = p_rng;
-}
-
 void mbedtls_ssl_conf_dbg(mbedtls_ssl_config *conf,
                           void (*f_dbg)(void *, int, const char *, int, const char *),
                           void  *p_dbg)
@@ -2468,6 +2456,31 @@
 }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
+
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
+/** Whether mbedtls_ssl_set_hostname() has been called.
+ *
+ * \param[in]   ssl     SSL context
+ *
+ * \return \c 1 if mbedtls_ssl_set_hostname() has been called on \p ssl
+ *         (including `mbedtls_ssl_set_hostname(ssl, NULL)`),
+ *         otherwise \c 0.
+ */
+static int mbedtls_ssl_has_set_hostname_been_called(
+    const mbedtls_ssl_context *ssl)
+{
+    return (ssl->flags & MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET) != 0;
+}
+#endif
+
+static void mbedtls_ssl_free_hostname(mbedtls_ssl_context *ssl)
+{
+    if (ssl->hostname != NULL) {
+        mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
+    }
+    ssl->hostname = NULL;
+}
+
 int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname)
 {
     /* Initialize to suppress unnecessary compiler warning */
@@ -2485,10 +2498,7 @@
 
     /* Now it's clear that we will overwrite the old hostname,
      * so we can free it safely */
-
-    if (ssl->hostname != NULL) {
-        mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
-    }
+    mbedtls_ssl_free_hostname(ssl);
 
     /* Passing NULL as hostname shall clear the old one */
 
@@ -2505,6 +2515,8 @@
         ssl->hostname[hostname_len] = '\0';
     }
 
+    ssl->flags |= MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET;
+
     return 0;
 }
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
@@ -4223,7 +4235,7 @@
 
         switch (ssl->state) {
             case MBEDTLS_SSL_HELLO_REQUEST:
-                ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+                mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
                 ret = 0;
                 break;
 
@@ -4374,7 +4386,7 @@
     }
 #endif
 
-    ssl->state = MBEDTLS_SSL_HELLO_REQUEST;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HELLO_REQUEST);
     ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS;
 
     if ((ret = mbedtls_ssl_handshake(ssl)) != 0) {
@@ -4479,6 +4491,7 @@
         ssl->conf->f_async_cancel(ssl);
         handshake->async_in_progress = 0;
     }
+
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 #if defined(PSA_WANT_ALG_SHA_256)
@@ -5131,7 +5144,7 @@
      * Most of them already set to the correct value by mbedtls_ssl_init() and
      * mbedtls_ssl_reset(), so we only need to set the remaining ones.
      */
-    ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
     ssl->tls_version = MBEDTLS_SSL_VERSION_TLS1_2;
 
     /* Adjust pointers for header fields of outgoing records to
@@ -5241,9 +5254,7 @@
     }
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    if (ssl->hostname != NULL) {
-        mbedtls_zeroize_and_free(ssl->hostname, strlen(ssl->hostname));
-    }
+    mbedtls_ssl_free_hostname(ssl);
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
@@ -6715,7 +6726,7 @@
 
     if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -6732,7 +6743,7 @@
 
     if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -6755,7 +6766,7 @@
 
     if (!mbedtls_ssl_ciphersuite_uses_srv_cert(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -6763,7 +6774,7 @@
     if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
         if (ssl->handshake->client_auth == 0) {
             MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate"));
-            ssl->state++;
+            mbedtls_ssl_handshake_increment_state(ssl);
             return 0;
         }
     }
@@ -6817,7 +6828,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -7271,7 +7282,7 @@
 exit:
 
     if (ret == 0) {
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
     }
 
 #if defined(MBEDTLS_SSL_ECP_RESTARTABLE_ENABLED)
@@ -7449,7 +7460,7 @@
 #endif
     mbedtls_ssl_handshake_wrapup_free_hs_transform(ssl);
 
-    ssl->state = MBEDTLS_SSL_HANDSHAKE_OVER;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_OVER);
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("<= handshake wrapup"));
 }
@@ -7466,6 +7477,7 @@
     ret = ssl->handshake->calc_finished(ssl, ssl->out_msg + 4, ssl->conf->endpoint);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+        return ret;
     }
 
     /*
@@ -7492,16 +7504,16 @@
     if (ssl->handshake->resume != 0) {
 #if defined(MBEDTLS_SSL_CLI_C)
         if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
         }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
         if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
-            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC);
         }
 #endif
     } else {
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
     }
 
     /*
@@ -7579,6 +7591,7 @@
     ret = ssl->handshake->calc_finished(ssl, buf, ssl->conf->endpoint ^ 1);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "calc_finished", ret);
+        return ret;
     }
 
     if ((ret = mbedtls_ssl_read_record(ssl, 1)) != 0) {
@@ -7626,16 +7639,16 @@
     if (ssl->handshake->resume != 0) {
 #if defined(MBEDTLS_SSL_CLI_C)
         if (ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT) {
-            ssl->state = MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC);
         }
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
         if (ssl->conf->endpoint == MBEDTLS_SSL_IS_SERVER) {
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
         }
 #endif
     } else {
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
     }
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
@@ -8759,6 +8772,25 @@
     return ret;
 }
 
+static int get_hostname_for_verification(mbedtls_ssl_context *ssl,
+                                         const char **hostname)
+{
+    if (!mbedtls_ssl_has_set_hostname_been_called(ssl)) {
+        MBEDTLS_SSL_DEBUG_MSG(1, ("Certificate verification without having set hostname"));
+        if (mbedtls_ssl_conf_get_endpoint(ssl->conf) == MBEDTLS_SSL_IS_CLIENT &&
+            ssl->conf->authmode == MBEDTLS_SSL_VERIFY_REQUIRED) {
+            return MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME;
+        }
+    }
+
+    *hostname = ssl->hostname;
+    if (*hostname == NULL) {
+        MBEDTLS_SSL_DEBUG_MSG(2, ("Certificate verification without CN verification"));
+    }
+
+    return 0;
+}
+
 int mbedtls_ssl_verify_certificate(mbedtls_ssl_context *ssl,
                                    int authmode,
                                    mbedtls_x509_crt *chain,
@@ -8784,7 +8816,13 @@
         p_vrfy = ssl->conf->p_vrfy;
     }
 
-    int ret = 0;
+    const char *hostname = "";
+    int ret = get_hostname_for_verification(ssl, &hostname);
+    if (ret != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "get_hostname_for_verification", ret);
+        return ret;
+    }
+
     int have_ca_chain_or_callback = 0;
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     if (ssl->conf->f_ca_cb != NULL) {
@@ -8797,7 +8835,7 @@
             ssl->conf->f_ca_cb,
             ssl->conf->p_ca_cb,
             ssl->conf->cert_profile,
-            ssl->hostname,
+            hostname,
             &ssl->session_negotiate->verify_result,
             f_vrfy, p_vrfy);
     } else
@@ -8824,7 +8862,7 @@
             chain,
             ca_chain, ca_crl,
             ssl->conf->cert_profile,
-            ssl->hostname,
+            hostname,
             &ssl->session_negotiate->verify_result,
             f_vrfy, p_vrfy, rs_ctx);
     }

diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index e0743e1..df7dfbf 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c

@@ -1118,7 +1118,7 @@
     ssl->handshake->cookie_len = cookie_len;
 
     /* Start over at ClientHello */
-    ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
     ret = mbedtls_ssl_reset_checksum(ssl);
     if (0 != ret) {
         MBEDTLS_SSL_DEBUG_RET(1, ("mbedtls_ssl_reset_checksum"), ret);
@@ -1327,7 +1327,7 @@
         ssl->session_negotiate->ciphersuite != i ||
         ssl->session_negotiate->id_len != n ||
         memcmp(ssl->session_negotiate->id, buf + 35, n) != 0) {
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         ssl->handshake->resume = 0;
 #if defined(MBEDTLS_HAVE_TIME)
         ssl->session_negotiate->start = mbedtls_time(NULL);
@@ -1336,7 +1336,7 @@
         ssl->session_negotiate->id_len = n;
         memcpy(ssl->session_negotiate->id, buf + 35, n);
     } else {
-        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
     }
 
     MBEDTLS_SSL_DEBUG_MSG(3, ("%s session has been resumed",
@@ -1839,7 +1839,7 @@
         }
 
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse server key exchange"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
     ((void) p);
@@ -2147,7 +2147,7 @@
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
 
 exit:
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse server key exchange"));
 
@@ -2165,7 +2165,7 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -2192,7 +2192,7 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate request"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -2210,7 +2210,7 @@
         return MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE;
     }
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
     ssl->handshake->client_auth =
         (ssl->in_msg[0] == MBEDTLS_SSL_HS_CERTIFICATE_REQUEST);
 
@@ -2381,7 +2381,7 @@
         return MBEDTLS_ERR_SSL_DECODE_ERROR;
     }
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@@ -2683,7 +2683,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -2712,7 +2712,7 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -2754,14 +2754,14 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
     if (ssl->handshake->client_auth == 0 ||
         mbedtls_ssl_own_cert(ssl) == NULL) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -2843,7 +2843,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_CERTIFICATE_VERIFY;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -2917,7 +2917,7 @@
 
     /* We're not waiting for a NewSessionTicket message any more */
     ssl->handshake->new_session_ticket = 0;
-    ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
 
     /*
      * Zero-length ticket means the server changed his mind and doesn't want
@@ -2978,13 +2978,13 @@
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
     if (ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
         ssl->handshake->new_session_ticket != 0) {
-        ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_NEW_SESSION_TICKET);
     }
 #endif
 
     switch (ssl->state) {
         case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
             break;
 
         /*
@@ -3069,7 +3069,7 @@
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
             MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:

diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 84d5994..2b2b49f 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c

@@ -1597,7 +1597,7 @@
     ssl->session_negotiate->ciphersuite = ciphersuites[i];
     ssl->handshake->ciphersuite_info = ciphersuite_info;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@@ -2015,7 +2015,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST;
 
-    ssl->state = MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT;
+    mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -2133,14 +2133,14 @@
     MBEDTLS_SSL_DEBUG_MSG(3, ("server hello, current time: %" MBEDTLS_PRINTF_LONGLONG,
                               (long long) t));
 #else
-    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 4)) != 0) {
+    if ((ret = psa_generate_random(p, 4)) != 0) {
         return ret;
     }
 
     p += 4;
 #endif /* MBEDTLS_HAVE_TIME */
 
-    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 20)) != 0) {
+    if ((ret = psa_generate_random(p, 20)) != 0) {
         return ret;
     }
     p += 20;
@@ -2166,7 +2166,7 @@
     } else
 #endif
     {
-        if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, p, 8)) != 0) {
+        if ((ret = psa_generate_random(p, 8)) != 0) {
             return ret;
         }
     }
@@ -2183,7 +2183,7 @@
          * New session, create a new session id,
          * unless we're about to issue a session ticket
          */
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
 
 #if defined(MBEDTLS_HAVE_TIME)
         ssl->session_negotiate->start = mbedtls_time(NULL);
@@ -2197,8 +2197,8 @@
 #endif /* MBEDTLS_SSL_SESSION_TICKETS */
         {
             ssl->session_negotiate->id_len = n = 32;
-            if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, ssl->session_negotiate->id,
-                                        n)) != 0) {
+            if ((ret = psa_generate_random(ssl->session_negotiate->id,
+                                           n)) != 0) {
                 return ret;
             }
         }
@@ -2207,7 +2207,7 @@
          * Resuming a session
          */
         n = ssl->session_negotiate->id_len;
-        ssl->state = MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC;
+        mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC);
 
         if ((ret = mbedtls_ssl_derive_keys(ssl)) != 0) {
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_derive_keys", ret);
@@ -2333,7 +2333,7 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write certificate request"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -2356,7 +2356,7 @@
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("=> write certificate request"));
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     if (ssl->handshake->sni_authmode != MBEDTLS_SSL_VERIFY_UNSET) {
@@ -3080,7 +3080,7 @@
         /* Key exchanges not involving ephemeral keys don't use
          * ServerKeyExchange, so end here. */
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip write server key exchange"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
@@ -3134,7 +3134,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     if ((ret = mbedtls_ssl_write_handshake_msg(ssl)) != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_handshake_msg", ret);
@@ -3156,7 +3156,7 @@
     ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
     ssl->out_msg[0]  = MBEDTLS_SSL_HS_SERVER_HELLO_DONE;
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
     if (ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
@@ -3461,7 +3461,7 @@
         return ret;
     }
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     MBEDTLS_SSL_DEBUG_MSG(2, ("<= parse client key exchange"));
 
@@ -3479,7 +3479,7 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
@@ -3505,20 +3505,20 @@
 
     if (!mbedtls_ssl_ciphersuite_cert_req_allowed(ciphersuite_info)) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 
 #if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
     if (ssl->session_negotiate->peer_cert == NULL) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 #else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     if (ssl->session_negotiate->peer_cert_digest == NULL) {
         MBEDTLS_SSL_DEBUG_MSG(2, ("<= skip parse certificate verify"));
-        ssl->state++;
+        mbedtls_ssl_handshake_increment_state(ssl);
         return 0;
     }
 #endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -3530,7 +3530,7 @@
         return ret;
     }
 
-    ssl->state++;
+    mbedtls_ssl_handshake_increment_state(ssl);
 
     /* Process the message contents */
     if (ssl->in_msgtype != MBEDTLS_SSL_MSG_HANDSHAKE ||
@@ -3714,7 +3714,7 @@
 
     switch (ssl->state) {
         case MBEDTLS_SSL_HELLO_REQUEST:
-            ssl->state = MBEDTLS_SSL_CLIENT_HELLO;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_CLIENT_HELLO);
             break;
 
         /*
@@ -3803,7 +3803,7 @@
 
         case MBEDTLS_SSL_FLUSH_BUFFERS:
             MBEDTLS_SSL_DEBUG_MSG(2, ("handshake: done"));
-            ssl->state = MBEDTLS_SSL_HANDSHAKE_WRAPUP;
+            mbedtls_ssl_handshake_set_state(ssl, MBEDTLS_SSL_HANDSHAKE_WRAPUP);
             break;
 
         case MBEDTLS_SSL_HANDSHAKE_WRAPUP:

diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 1dde4ab..dc50bee 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c

@@ -1996,9 +1996,9 @@
     unsigned char *server_randbytes =
         ssl->handshake->randbytes + MBEDTLS_CLIENT_HELLO_RANDOM_LEN;
 
-    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng, server_randbytes,
-                                MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
-        MBEDTLS_SSL_DEBUG_RET(1, "f_rng", ret);
+    if ((ret = psa_generate_random(server_randbytes,
+                                   MBEDTLS_SERVER_HELLO_RANDOM_LEN)) != 0) {
+        MBEDTLS_SSL_DEBUG_RET(1, "psa_generate_random", ret);
         return ret;
     }
 
@@ -3172,9 +3172,8 @@
 #endif
 
     /* Generate ticket_age_add */
-    if ((ret = ssl->conf->f_rng(ssl->conf->p_rng,
-                                (unsigned char *) &session->ticket_age_add,
-                                sizeof(session->ticket_age_add)) != 0)) {
+    if ((ret = psa_generate_random((unsigned char *) &session->ticket_age_add,
+                                   sizeof(session->ticket_age_add)) != 0)) {
         MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_age_add", ret);
         return ret;
     }
@@ -3182,7 +3181,7 @@
                               (unsigned int) session->ticket_age_add));
 
     /* Generate ticket_nonce */
-    ret = ssl->conf->f_rng(ssl->conf->p_rng, ticket_nonce, ticket_nonce_size);
+    ret = psa_generate_random(ticket_nonce, ticket_nonce_size);
     if (ret != 0) {
         MBEDTLS_SSL_DEBUG_RET(1, "generate_ticket_nonce", ret);
         return ret;

diff --git a/programs/.gitignore b/programs/.gitignore
index 939e405..7eaf38d 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore

@@ -5,36 +5,14 @@
 *.sln
 *.vcxproj
 
-aes/crypt_and_hash
-cipher/cipher_aead_demo
-hash/generic_sum
-hash/hello
-hash/md_hmac_demo
 hash/md5sum
 hash/sha1sum
 hash/sha2sum
-pkey/dh_client
-pkey/dh_genprime
-pkey/dh_server
-pkey/ecdh_curve25519
-pkey/ecdsa
 pkey/gen_key
-pkey/key_app
-pkey/key_app_writer
-pkey/mpi_demo
-pkey/pk_decrypt
-pkey/pk_encrypt
 pkey/pk_sign
 pkey/pk_verify
-pkey/rsa_decrypt
-pkey/rsa_encrypt
-pkey/rsa_genkey
-pkey/rsa_sign
 pkey/rsa_sign_pss
-pkey/rsa_verify
 pkey/rsa_verify_pss
-random/gen_entropy
-random/gen_random_ctr_drbg
 ssl/dtls_client
 ssl/dtls_server
 ssl/mini_client

diff --git a/programs/CMakeLists.txt b/programs/CMakeLists.txt
index 2c23c48..1e5b2a4 100644
--- a/programs/CMakeLists.txt
+++ b/programs/CMakeLists.txt

@@ -1,14 +1,10 @@
 set(programs_target "${MBEDTLS_TARGET_PREFIX}programs")
 add_custom_target(${programs_target})
 
-add_subdirectory(aes)
-add_subdirectory(cipher)
 if (NOT WIN32)
     add_subdirectory(fuzz)
 endif()
-add_subdirectory(hash)
 add_subdirectory(pkey)
-add_subdirectory(random)
 add_subdirectory(ssl)
 add_subdirectory(test)
 add_subdirectory(util)

diff --git a/programs/Makefile b/programs/Makefile
index 9a4237c..b264290 100644
--- a/programs/Makefile
+++ b/programs/Makefile

@@ -36,28 +36,10 @@
 ## Note: Variables cannot be used to define an apps path. This cannot be
 ## substituted by the script generate_visualc_files.pl.
 APPS = \
-	aes/crypt_and_hash \
-	cipher/cipher_aead_demo \
-	hash/generic_sum \
-	hash/hello \
-	hash/md_hmac_demo \
-	pkey/dh_genprime \
-	pkey/ecdh_curve25519 \
-	pkey/ecdsa \
 	pkey/gen_key \
-	pkey/key_app \
-	pkey/key_app_writer \
-	pkey/mpi_demo \
-	pkey/pk_decrypt \
-	pkey/pk_encrypt \
 	pkey/pk_sign \
 	pkey/pk_verify \
-	pkey/rsa_decrypt \
-	pkey/rsa_encrypt \
-	pkey/rsa_genkey \
-	pkey/rsa_sign \
 	pkey/rsa_sign_pss \
-	pkey/rsa_verify \
 	pkey/rsa_verify_pss \
 	../tf-psa-crypto/programs/psa/aead_demo \
 	../tf-psa-crypto/programs/psa/crypto_examples \
@@ -65,8 +47,6 @@
 	../tf-psa-crypto/programs/psa/key_ladder_demo \
 	../tf-psa-crypto/programs/psa/psa_constant_names \
 	../tf-psa-crypto/programs/psa/psa_hash \
-	random/gen_entropy \
-	random/gen_random_ctr_drbg \
 	ssl/dtls_client \
 	ssl/dtls_server \
 	ssl/mini_client \
@@ -155,62 +135,10 @@
 	echo "  Gen   $@"
 	$(PERL) ../scripts/generate_query_config.pl
 
-aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
-	echo "  CC    aes/crypt_and_hash.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-cipher/cipher_aead_demo$(EXEXT): cipher/cipher_aead_demo.c $(DEP)
-	echo "  CC    cipher/cipher_aead_demo.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) cipher/cipher_aead_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-hash/generic_sum$(EXEXT): hash/generic_sum.c $(DEP)
-	echo "  CC    hash/generic_sum.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/generic_sum.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-hash/hello$(EXEXT): hash/hello.c $(DEP)
-	echo "  CC    hash/hello.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/hello.c       $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-hash/md_hmac_demo$(EXEXT): hash/md_hmac_demo.c $(DEP)
-	echo "  CC    hash/md_hmac_demo.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) hash/md_hmac_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/dh_genprime$(EXEXT): pkey/dh_genprime.c $(DEP)
-	echo "  CC    pkey/dh_genprime.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/dh_genprime.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/ecdh_curve25519$(EXEXT): pkey/ecdh_curve25519.c $(DEP)
-	echo "  CC    pkey/ecdh_curve25519.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdh_curve25519.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/ecdsa$(EXEXT): pkey/ecdsa.c $(DEP)
-	echo "  CC    pkey/ecdsa.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/ecdsa.c       $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/gen_key$(EXEXT): pkey/gen_key.c $(DEP)
 	echo "  CC    pkey/gen_key.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/gen_key.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-pkey/key_app$(EXEXT): pkey/key_app.c $(DEP)
-	echo "  CC    pkey/key_app.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/key_app_writer$(EXEXT): pkey/key_app_writer.c $(DEP)
-	echo "  CC    pkey/key_app_writer.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/key_app_writer.c   $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/mpi_demo$(EXEXT): pkey/mpi_demo.c $(DEP)
-	echo "  CC    pkey/mpi_demo.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/mpi_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_decrypt$(EXEXT): pkey/pk_decrypt.c $(DEP)
-	echo "  CC    pkey/pk_decrypt.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_decrypt.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/pk_encrypt$(EXEXT): pkey/pk_encrypt.c $(DEP)
-	echo "  CC    pkey/pk_encrypt.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_encrypt.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/pk_sign$(EXEXT): pkey/pk_sign.c $(DEP)
 	echo "  CC    pkey/pk_sign.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_sign.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -219,18 +147,6 @@
 	echo "  CC    pkey/pk_verify.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/pk_verify.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-pkey/rsa_genkey$(EXEXT): pkey/rsa_genkey.c $(DEP)
-	echo "  CC    pkey/rsa_genkey.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_genkey.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_sign$(EXEXT): pkey/rsa_sign.c $(DEP)
-	echo "  CC    pkey/rsa_sign.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_verify$(EXEXT): pkey/rsa_verify.c $(DEP)
-	echo "  CC    pkey/rsa_verify.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 pkey/rsa_sign_pss$(EXEXT): pkey/rsa_sign_pss.c $(DEP)
 	echo "  CC    pkey/rsa_sign_pss.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_sign_pss.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -239,14 +155,6 @@
 	echo "  CC    pkey/rsa_verify_pss.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_verify_pss.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-pkey/rsa_decrypt$(EXEXT): pkey/rsa_decrypt.c $(DEP)
-	echo "  CC    pkey/rsa_decrypt.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_decrypt.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-pkey/rsa_encrypt$(EXEXT): pkey/rsa_encrypt.c $(DEP)
-	echo "  CC    pkey/rsa_encrypt.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) pkey/rsa_encrypt.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 ../tf-psa-crypto/programs/psa/aead_demo$(EXEXT): ../tf-psa-crypto/programs/psa/aead_demo.c $(DEP)
 	echo "  CC    psa/aead_demo.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/aead_demo.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
@@ -271,14 +179,6 @@
 	echo "  CC    psa/psa_hash.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ../tf-psa-crypto/programs/psa/psa_hash.c    $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
 
-random/gen_entropy$(EXEXT): random/gen_entropy.c $(DEP)
-	echo "  CC    random/gen_entropy.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_entropy.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
-random/gen_random_ctr_drbg$(EXEXT): random/gen_random_ctr_drbg.c $(DEP)
-	echo "  CC    random/gen_random_ctr_drbg.c"
-	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) random/gen_random_ctr_drbg.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
-
 ssl/dtls_client$(EXEXT): ssl/dtls_client.c $(DEP)
 	echo "  CC    ssl/dtls_client.c"
 	$(CC) $(LOCAL_CFLAGS) $(CFLAGS) ssl/dtls_client.c  $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

diff --git a/programs/README.md b/programs/README.md
index 2d9c187..9239e8a 100644
--- a/programs/README.md
+++ b/programs/README.md

@@ -3,61 +3,16 @@
 
 This subdirectory mostly contains sample programs that illustrate specific features of the library, as well as a few test and support programs.
 
-## Symmetric cryptography (AES) examples
-
-* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
-
-## Hash (digest) examples
-
-* [`hash/generic_sum.c`](hash/generic_sum.c): file hash calculator and verifier, demonstrating the message digest (`md`) interface.
-
-* [`hash/hello.c`](hash/hello.c): hello-world program for MD5.
-
-## Public-key cryptography examples
-
 ### Generic public-key cryptography (`pk`) examples
 
 * [`pkey/gen_key.c`](pkey/gen_key.c): generates a key for any of the supported public-key algorithms (RSA or ECC) and writes it to a file that can be used by the other pk sample programs.
 
-* [`pkey/key_app.c`](pkey/key_app.c): loads a PEM or DER public key or private key file and dumps its content.
-
-* [`pkey/key_app_writer.c`](pkey/key_app_writer.c): loads a PEM or DER public key or private key file and writes it to a new PEM or DER file.
-
-* [`pkey/pk_encrypt.c`](pkey/pk_encrypt.c), [`pkey/pk_decrypt.c`](pkey/pk_decrypt.c): loads a PEM or DER public/private key file and uses the key to encrypt/decrypt a short string through the generic public-key interface.
-
 * [`pkey/pk_sign.c`](pkey/pk_sign.c), [`pkey/pk_verify.c`](pkey/pk_verify.c): loads a PEM or DER private/public key file and uses the key to sign/verify a short string.
 
 ### ECDSA and RSA signature examples
 
-* [`pkey/ecdsa.c`](pkey/ecdsa.c): generates an ECDSA key, signs a fixed message and verifies the signature.
-
-* [`pkey/rsa_encrypt.c`](pkey/rsa_encrypt.c), [`pkey/rsa_decrypt.c`](pkey/rsa_decrypt.c): loads an RSA public/private key and uses it to encrypt/decrypt a short string through the low-level RSA interface.
-
-* [`pkey/rsa_genkey.c`](pkey/rsa_genkey.c): generates an RSA key and writes it to a file that can be used with the other RSA sample programs.
-
-* [`pkey/rsa_sign.c`](pkey/rsa_sign.c), [`pkey/rsa_verify.c`](pkey/rsa_verify.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSA PKCS#1 v1.5 algorithm.
-
 * [`pkey/rsa_sign_pss.c`](pkey/rsa_sign_pss.c), [`pkey/rsa_verify_pss.c`](pkey/rsa_verify_pss.c): loads an RSA private/public key and uses it to sign/verify a short string with the RSASSA-PSS algorithm.
 
-### Diffie-Hellman key exchange examples
-
-* [`pkey/ecdh_curve25519.c`](pkey/ecdh_curve25519.c): demonstration of a elliptic curve Diffie-Hellman (ECDH) key agreement.
-
-### Bignum (`mpi`) usage examples
-
-* [`pkey/dh_genprime.c`](pkey/dh_genprime.c): shows how to use the bignum (`mpi`) interface to generate Diffie-Hellman parameters.
-
-* [`pkey/mpi_demo.c`](pkey/mpi_demo.c): demonstrates operations on big integers.
-
-## Random number generator (RNG) examples
-
-* [`random/gen_entropy.c`](random/gen_entropy.c): shows how to use the default entropy sources to generate random data.
-  Note: most applications should only use the entropy generator to seed a cryptographic pseudorandom generator, as illustrated by `random/gen_random_ctr_drbg.c`.
-
-* [`random/gen_random_ctr_drbg.c`](random/gen_random_ctr_drbg.c): shows how to use the default entropy sources to seed a pseudorandom generator, and how to use the resulting random generator to generate random data.
-
-## SSL/TLS examples
-
 ### SSL/TLS sample applications
 
 * [`ssl/dtls_client.c`](ssl/dtls_client.c): a simple DTLS client program, which sends one datagram to the server and reads one datagram in response.

diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
deleted file mode 100644
index c5128b1..0000000
--- a/programs/aes/CMakeLists.txt
+++ /dev/null

@@ -1,15 +0,0 @@
-set(executables
-    crypt_and_hash
-)
-add_dependencies(${programs_target} ${executables})
-
-foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables}
-        DESTINATION "bin"
-        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
deleted file mode 100644
index e3bfb3c..0000000
--- a/programs/aes/crypt_and_hash.c
+++ /dev/null

@@ -1,578 +0,0 @@
-/*
- *  \brief  Generic file encryption program using generic wrappers for configured
- *          security.
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/* Enable definition of fileno() even when compiling with -std=c99. Must be
- * set before mbedtls_config.h, which pulls in glibc's features.h indirectly.
- * Harmless on other platforms. */
-#define _POSIX_C_SOURCE 200112L
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_CIPHER_C) && defined(MBEDTLS_MD_C) && \
-    defined(MBEDTLS_FS_IO)
-#include "mbedtls/cipher.h"
-#include "mbedtls/md.h"
-#include "mbedtls/platform_util.h"
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#endif
-
-#if defined(_WIN32)
-#include <windows.h>
-#if !defined(_WIN32_WCE)
-#include <io.h>
-#endif
-#else
-#include <sys/types.h>
-#include <unistd.h>
-#endif
-
-#define MODE_ENCRYPT    0
-#define MODE_DECRYPT    1
-
-#define USAGE   \
-    "\n  crypt_and_hash <mode> <input filename> <output filename> <cipher> <mbedtls_md> <key>\n" \
-    "\n   <mode>: 0 = encrypt, 1 = decrypt\n" \
-    "\n  example: crypt_and_hash 0 file file.aes AES-128-CBC SHA1 hex:E76B2413958B00E193\n" \
-    "\n"
-
-#if !defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C) || \
-    !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_CIPHER_C and/or MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    int ret = 1, i;
-    unsigned n;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    int mode;
-    size_t keylen, ilen, olen;
-    FILE *fkey, *fin = NULL, *fout = NULL;
-
-    char *p;
-    unsigned char IV[16];
-    unsigned char key[512];
-    unsigned char digest[MBEDTLS_MD_MAX_SIZE];
-    unsigned char buffer[1024];
-    unsigned char output[1024];
-    unsigned char diff;
-
-    const mbedtls_cipher_info_t *cipher_info;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_cipher_context_t cipher_ctx;
-    mbedtls_md_context_t md_ctx;
-    mbedtls_cipher_mode_t cipher_mode;
-    unsigned int cipher_block_size;
-    unsigned char md_size;
-#if defined(_WIN32_WCE)
-    long filesize, offset;
-#elif defined(_WIN32)
-    LARGE_INTEGER li_size;
-    __int64 filesize, offset;
-#else
-    off_t filesize, offset;
-#endif
-
-    mbedtls_cipher_init(&cipher_ctx);
-    mbedtls_md_init(&md_ctx);
-
-    /*
-     * Parse the command-line arguments.
-     */
-    if (argc != 7) {
-        const int *list;
-
-        mbedtls_printf(USAGE);
-
-        mbedtls_printf("Available ciphers:\n");
-        list = mbedtls_cipher_list();
-        while (*list) {
-            cipher_info = mbedtls_cipher_info_from_type(*list);
-            const char *name = mbedtls_cipher_info_get_name(cipher_info);
-
-            if (name) {
-                mbedtls_printf("  %s\n", mbedtls_cipher_info_get_name(cipher_info));
-            }
-            list++;
-        }
-
-        mbedtls_printf("\nAvailable message digests:\n");
-        list = mbedtls_md_list();
-        while (*list) {
-            md_info = mbedtls_md_info_from_type(*list);
-            mbedtls_printf("  %s\n", mbedtls_md_get_name(md_info));
-            list++;
-        }
-
-        goto exit;
-    }
-
-    mode = atoi(argv[1]);
-
-    if (mode != MODE_ENCRYPT && mode != MODE_DECRYPT) {
-        mbedtls_fprintf(stderr, "invalid operation mode\n");
-        goto exit;
-    }
-
-    if (strcmp(argv[2], argv[3]) == 0) {
-        mbedtls_fprintf(stderr, "input and output filenames must differ\n");
-        goto exit;
-    }
-
-    if ((fin = fopen(argv[2], "rb")) == NULL) {
-        mbedtls_fprintf(stderr, "fopen(%s,rb) failed\n", argv[2]);
-        goto exit;
-    }
-
-    if ((fout = fopen(argv[3], "wb+")) == NULL) {
-        mbedtls_fprintf(stderr, "fopen(%s,wb+) failed\n", argv[3]);
-        goto exit;
-    }
-
-    /* Ensure no stdio buffering of secrets, as such buffers cannot be wiped. */
-    mbedtls_setbuf(fin, NULL);
-    mbedtls_setbuf(fout, NULL);
-
-    /*
-     * Read the Cipher and MD from the command line
-     */
-    cipher_info = mbedtls_cipher_info_from_string(argv[4]);
-    if (cipher_info == NULL) {
-        mbedtls_fprintf(stderr, "Cipher '%s' not found\n", argv[4]);
-        goto exit;
-    }
-    if ((ret = mbedtls_cipher_setup(&cipher_ctx, cipher_info)) != 0) {
-        mbedtls_fprintf(stderr, "mbedtls_cipher_setup failed\n");
-        goto exit;
-    }
-
-    md_info = mbedtls_md_info_from_string(argv[5]);
-    if (md_info == NULL) {
-        mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[5]);
-        goto exit;
-    }
-
-    if (mbedtls_md_setup(&md_ctx, md_info, 1) != 0) {
-        mbedtls_fprintf(stderr, "mbedtls_md_setup failed\n");
-        goto exit;
-    }
-
-    /*
-     * Read the secret key from file or command line
-     */
-    if ((fkey = fopen(argv[6], "rb")) != NULL) {
-        keylen = fread(key, 1, sizeof(key), fkey);
-        fclose(fkey);
-    } else {
-        if (memcmp(argv[6], "hex:", 4) == 0) {
-            p = &argv[6][4];
-            keylen = 0;
-
-            while (sscanf(p, "%02X", (unsigned int *) &n) > 0 &&
-                   keylen < (int) sizeof(key)) {
-                key[keylen++] = (unsigned char) n;
-                p += 2;
-            }
-        } else {
-            keylen = strlen(argv[6]);
-
-            if (keylen > (int) sizeof(key)) {
-                keylen = (int) sizeof(key);
-            }
-
-            memcpy(key, argv[6], keylen);
-        }
-    }
-
-#if defined(_WIN32_WCE)
-    filesize = fseek(fin, 0L, SEEK_END);
-#else
-#if defined(_WIN32)
-    /*
-     * Support large files (> 2Gb) on Win32
-     */
-    li_size.QuadPart = 0;
-    li_size.LowPart  =
-        SetFilePointer((HANDLE) _get_osfhandle(_fileno(fin)),
-                       li_size.LowPart, &li_size.HighPart, FILE_END);
-
-    if (li_size.LowPart == 0xFFFFFFFF && GetLastError() != NO_ERROR) {
-        mbedtls_fprintf(stderr, "SetFilePointer(0,FILE_END) failed\n");
-        goto exit;
-    }
-
-    filesize = li_size.QuadPart;
-#else
-    if ((filesize = lseek(fileno(fin), 0, SEEK_END)) < 0) {
-        perror("lseek");
-        goto exit;
-    }
-#endif
-#endif
-
-    if (fseek(fin, 0, SEEK_SET) < 0) {
-        mbedtls_fprintf(stderr, "fseek(0,SEEK_SET) failed\n");
-        goto exit;
-    }
-
-    md_size = mbedtls_md_get_size(md_info);
-    cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx);
-
-    if (mode == MODE_ENCRYPT) {
-        /*
-         * Generate the initialization vector as:
-         * IV = MD( filesize || filename )[0..15]
-         */
-        for (i = 0; i < 8; i++) {
-            buffer[i] = (unsigned char) (filesize >> (i << 3));
-        }
-
-        p = argv[2];
-
-        if (mbedtls_md_starts(&md_ctx) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_md_update(&md_ctx, buffer, 8) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_md_update(&md_ctx, (unsigned char *) p, strlen(p))
-            != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_md_finish(&md_ctx, digest) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
-            goto exit;
-        }
-
-        memcpy(IV, digest, 16);
-
-        /*
-         * Append the IV at the beginning of the output.
-         */
-        if (fwrite(IV, 1, 16, fout) != 16) {
-            mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", 16);
-            goto exit;
-        }
-
-        /*
-         * Hash the IV and the secret key together 8192 times
-         * using the result to setup the AES context and HMAC.
-         */
-        memset(digest, 0,  32);
-        memcpy(digest, IV, 16);
-
-        for (i = 0; i < 8192; i++) {
-            if (mbedtls_md_starts(&md_ctx) != 0) {
-                mbedtls_fprintf(stderr,
-                                "mbedtls_md_starts() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
-                mbedtls_fprintf(stderr,
-                                "mbedtls_md_update() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
-                mbedtls_fprintf(stderr,
-                                "mbedtls_md_update() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_finish(&md_ctx, digest) != 0) {
-                mbedtls_fprintf(stderr,
-                                "mbedtls_md_finish() returned error\n");
-                goto exit;
-            }
-
-        }
-
-        if (mbedtls_cipher_setkey(&cipher_ctx,
-                                  digest,
-                                  (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
-                                  MBEDTLS_ENCRYPT) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
-            goto exit;
-        }
-
-        if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
-            goto exit;
-        }
-
-        /*
-         * Encrypt and write the ciphertext.
-         */
-        for (offset = 0; offset < filesize; offset += cipher_block_size) {
-            ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
-                   cipher_block_size : (unsigned int) (filesize - offset);
-
-            if (fread(buffer, 1, ilen, fin) != ilen) {
-                mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
-                goto exit;
-            }
-
-            if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output, &olen) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
-                goto exit;
-            }
-
-            if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
-                goto exit;
-            }
-
-            if (fwrite(output, 1, olen, fout) != olen) {
-                mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
-                goto exit;
-            }
-        }
-
-        if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
-            goto exit;
-        }
-        if (mbedtls_md_hmac_update(&md_ctx, output, olen) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
-            goto exit;
-        }
-
-        if (fwrite(output, 1, olen, fout) != olen) {
-            mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
-            goto exit;
-        }
-
-        /*
-         * Finally write the HMAC.
-         */
-        if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
-            goto exit;
-        }
-
-        if (fwrite(digest, 1, md_size, fout) != md_size) {
-            mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size);
-            goto exit;
-        }
-    }
-
-    if (mode == MODE_DECRYPT) {
-        /*
-         *  The encrypted file must be structured as follows:
-         *
-         *        00 .. 15              Initialization Vector
-         *        16 .. 31              Encrypted Block #1
-         *           ..
-         *      N*16 .. (N+1)*16 - 1    Encrypted Block #N
-         *  (N+1)*16 .. (N+1)*16 + n    Hash(ciphertext)
-         */
-        if (filesize < 16 + md_size) {
-            mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
-            goto exit;
-        }
-
-        if (cipher_block_size == 0) {
-            mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
-            goto exit;
-        }
-
-        /*
-         * Check the file size.
-         */
-        cipher_mode = mbedtls_cipher_info_get_mode(cipher_info);
-        if (cipher_mode != MBEDTLS_MODE_GCM &&
-            cipher_mode != MBEDTLS_MODE_CTR &&
-            cipher_mode != MBEDTLS_MODE_CFB &&
-            cipher_mode != MBEDTLS_MODE_OFB &&
-            ((filesize - md_size) % cipher_block_size) != 0) {
-            mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
-                            cipher_block_size);
-            goto exit;
-        }
-
-        /*
-         * Subtract the IV + HMAC length.
-         */
-        filesize -= (16 + md_size);
-
-        /*
-         * Read the IV and original filesize modulo 16.
-         */
-        if (fread(buffer, 1, 16, fin) != 16) {
-            mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", 16);
-            goto exit;
-        }
-
-        memcpy(IV, buffer, 16);
-
-        /*
-         * Hash the IV and the secret key together 8192 times
-         * using the result to setup the AES context and HMAC.
-         */
-        memset(digest, 0,  32);
-        memcpy(digest, IV, 16);
-
-        for (i = 0; i < 8192; i++) {
-            if (mbedtls_md_starts(&md_ctx) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_starts() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_update(&md_ctx, digest, 32) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_update(&md_ctx, key, keylen) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_update() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_md_finish(&md_ctx, digest) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_finish() returned error\n");
-                goto exit;
-            }
-        }
-
-        if (mbedtls_cipher_setkey(&cipher_ctx,
-                                  digest,
-                                  (int) mbedtls_cipher_info_get_key_bitlen(cipher_info),
-                                  MBEDTLS_DECRYPT) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_setkey() returned error\n");
-            goto exit;
-        }
-
-        if (mbedtls_cipher_set_iv(&cipher_ctx, IV, 16) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_set_iv() returned error\n");
-            goto exit;
-        }
-
-        if (mbedtls_cipher_reset(&cipher_ctx) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_reset() returned error\n");
-            goto exit;
-        }
-
-        if (mbedtls_md_hmac_starts(&md_ctx, digest, 32) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_hmac_starts() returned error\n");
-            goto exit;
-        }
-
-        /*
-         * Decrypt and write the plaintext.
-         */
-        for (offset = 0; offset < filesize; offset += cipher_block_size) {
-            ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
-                   cipher_block_size : (unsigned int) (filesize - offset);
-
-            if (fread(buffer, 1, ilen, fin) != ilen) {
-                mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
-                                cipher_block_size);
-                goto exit;
-            }
-
-            if (mbedtls_md_hmac_update(&md_ctx, buffer, ilen) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_md_hmac_update() returned error\n");
-                goto exit;
-            }
-            if (mbedtls_cipher_update(&cipher_ctx, buffer, ilen, output,
-                                      &olen) != 0) {
-                mbedtls_fprintf(stderr, "mbedtls_cipher_update() returned error\n");
-                goto exit;
-            }
-
-            if (fwrite(output, 1, olen, fout) != olen) {
-                mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
-                goto exit;
-            }
-        }
-
-        /*
-         * Verify the message authentication code.
-         */
-        if (mbedtls_md_hmac_finish(&md_ctx, digest) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_md_hmac_finish() returned error\n");
-            goto exit;
-        }
-
-        if (fread(buffer, 1, md_size, fin) != md_size) {
-            mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size);
-            goto exit;
-        }
-
-        /* Use constant-time buffer comparison */
-        diff = 0;
-        for (i = 0; i < md_size; i++) {
-            diff |= digest[i] ^ buffer[i];
-        }
-
-        if (diff != 0) {
-            mbedtls_fprintf(stderr, "HMAC check failed: wrong key, "
-                                    "or file corrupted.\n");
-            goto exit;
-        }
-
-        /*
-         * Write the final block of data
-         */
-        if (mbedtls_cipher_finish(&cipher_ctx, output, &olen) != 0) {
-            mbedtls_fprintf(stderr, "mbedtls_cipher_finish() returned error\n");
-            goto exit;
-        }
-
-        if (fwrite(output, 1, olen, fout) != olen) {
-            mbedtls_fprintf(stderr, "fwrite(%ld bytes) failed\n", (long) olen);
-            goto exit;
-        }
-    }
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    if (fin) {
-        fclose(fin);
-    }
-    if (fout) {
-        fclose(fout);
-    }
-
-    /* Zeroize all command line arguments to also cover
-       the case when the user has missed or reordered some,
-       in which case the key might not be in argv[6]. */
-    for (i = 0; i < argc; i++) {
-        mbedtls_platform_zeroize(argv[i], strlen(argv[i]));
-    }
-
-    mbedtls_platform_zeroize(IV,     sizeof(IV));
-    mbedtls_platform_zeroize(key,    sizeof(key));
-    mbedtls_platform_zeroize(buffer, sizeof(buffer));
-    mbedtls_platform_zeroize(output, sizeof(output));
-    mbedtls_platform_zeroize(digest, sizeof(digest));
-
-    mbedtls_cipher_free(&cipher_ctx);
-    mbedtls_md_free(&md_ctx);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_CIPHER_C && MBEDTLS_MD_C && MBEDTLS_FS_IO */

diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
deleted file mode 100644
index d648301..0000000
--- a/programs/cipher/CMakeLists.txt
+++ /dev/null

@@ -1,15 +0,0 @@
-set(executables
-    cipher_aead_demo
-)
-add_dependencies(${programs_target} ${executables})
-
-foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables}
-        DESTINATION "bin"
-        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

diff --git a/programs/cipher/cipher_aead_demo.c b/programs/cipher/cipher_aead_demo.c
deleted file mode 100644
index 533af34..0000000
--- a/programs/cipher/cipher_aead_demo.c
+++ /dev/null

@@ -1,261 +0,0 @@
-/**
- * Cipher API multi-part AEAD demonstration.
- *
- * This program AEAD-encrypts a message, using the algorithm and key size
- * specified on the command line, using the multi-part API.
- *
- * It comes with a companion program psa/aead_demo.c, which does the same
- * operations with the PSA Crypto API. The goal is that comparing the two
- * programs will help people migrating to the PSA Crypto API.
- *
- * When used with multi-part AEAD operations, the `mbedtls_cipher_context`
- * serves a triple purpose (1) hold the key, (2) store the algorithm when no
- * operation is active, and (3) save progress information for the current
- * operation. With PSA those roles are held by disinct objects: (1) a
- * psa_key_id_t to hold the key, a (2) psa_algorithm_t to represent the
- * algorithm, and (3) a psa_operation_t for multi-part progress.
- *
- * On the other hand, with PSA, the algorithms encodes the desired tag length;
- * with Cipher the desired tag length needs to be tracked separately.
- *
- * This program and its companion psa/aead_demo.c illustrate this by doing the
- * same sequence of multi-part AEAD computation with both APIs; looking at the
- * two side by side should make the differences and similarities clear.
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/* First include Mbed TLS headers to get the Mbed TLS configuration and
- * platform definitions that we'll use in this program. Also include
- * standard C headers for functions we'll use here. */
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/cipher.h"
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <string.h>
-
-/* If the build options we need are not enabled, compile a placeholder. */
-#if !defined(MBEDTLS_CIPHER_C) || \
-    !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_GCM_C) || \
-    !defined(MBEDTLS_CHACHAPOLY_C)
-int main(void)
-{
-    printf("MBEDTLS_MD_C and/or "
-           "MBEDTLS_AES_C and/or MBEDTLS_GCM_C and/or "
-           "MBEDTLS_CHACHAPOLY_C not defined\r\n");
-    return 0;
-}
-#else
-
-/* The real program starts here. */
-
-const char usage[] =
-    "Usage: cipher_aead_demo [aes128-gcm|aes256-gcm|aes128-gcm_8|chachapoly]";
-
-/* Dummy data for encryption: IV/nonce, additional data, 2-part message */
-const unsigned char iv1[12] = { 0x00 };
-const unsigned char add_data1[] = { 0x01, 0x02 };
-const unsigned char msg1_part1[] = { 0x03, 0x04 };
-const unsigned char msg1_part2[] = { 0x05, 0x06, 0x07 };
-
-/* Dummy data (2nd message) */
-const unsigned char iv2[12] = { 0x10 };
-const unsigned char add_data2[] = { 0x11, 0x12 };
-const unsigned char msg2_part1[] = { 0x13, 0x14 };
-const unsigned char msg2_part2[] = { 0x15, 0x16, 0x17 };
-
-/* Maximum total size of the messages */
-#define MSG1_SIZE (sizeof(msg1_part1) + sizeof(msg1_part2))
-#define MSG2_SIZE (sizeof(msg2_part1) + sizeof(msg2_part2))
-#define MSG_MAX_SIZE (MSG1_SIZE > MSG2_SIZE ? MSG1_SIZE : MSG2_SIZE)
-
-/* Dummy key material - never do this in production!
- * 32-byte is enough to all the key size supported by this program. */
-const unsigned char key_bytes[32] = { 0x2a };
-
-/* Print the contents of a buffer in hex */
-static void print_buf(const char *title, unsigned char *buf, size_t len)
-{
-    printf("%s:", title);
-    for (size_t i = 0; i < len; i++) {
-        printf(" %02x", buf[i]);
-    }
-    printf("\n");
-}
-
-/* Run an Mbed TLS function and bail out if it fails.
- * A string description of the error code can be recovered with:
- * programs/util/strerror <value> */
-#define CHK(expr)                                             \
-    do                                                          \
-    {                                                           \
-        ret = (expr);                                         \
-        if (ret != 0)                                          \
-        {                                                       \
-            printf("Error %d at line %d: %s\n",                \
-                   ret,                                        \
-                   __LINE__,                                   \
-                   #expr);                                    \
-            goto exit;                                          \
-        }                                                       \
-    } while (0)
-
-/*
- * Prepare encryption material:
- * - interpret command-line argument
- * - set up key
- * - outputs: context and tag length, which together hold all the information
- */
-static int aead_prepare(const char *info,
-                        mbedtls_cipher_context_t *ctx,
-                        size_t *tag_len)
-{
-    int ret;
-
-    /* Convert arg to type + tag_len */
-    mbedtls_cipher_type_t type;
-    if (strcmp(info, "aes128-gcm") == 0) {
-        type = MBEDTLS_CIPHER_AES_128_GCM;
-        *tag_len = 16;
-    } else if (strcmp(info, "aes256-gcm") == 0) {
-        type = MBEDTLS_CIPHER_AES_256_GCM;
-        *tag_len = 16;
-    } else if (strcmp(info, "aes128-gcm_8") == 0) {
-        type = MBEDTLS_CIPHER_AES_128_GCM;
-        *tag_len = 8;
-    } else if (strcmp(info, "chachapoly") == 0) {
-        type = MBEDTLS_CIPHER_CHACHA20_POLY1305;
-        *tag_len = 16;
-    } else {
-        puts(usage);
-        return MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA;
-    }
-
-    /* Prepare context for the given type */
-    CHK(mbedtls_cipher_setup(ctx,
-                             mbedtls_cipher_info_from_type(type)));
-
-    /* Import key */
-    int key_len = mbedtls_cipher_get_key_bitlen(ctx);
-    CHK(mbedtls_cipher_setkey(ctx, key_bytes, key_len, MBEDTLS_ENCRYPT));
-
-exit:
-    return ret;
-}
-
-/*
- * Print out some information.
- *
- * All of this information was present in the command line argument, but his
- * function demonstrates how each piece can be recovered from (ctx, tag_len).
- */
-static void aead_info(const mbedtls_cipher_context_t *ctx, size_t tag_len)
-{
-    mbedtls_cipher_type_t type = mbedtls_cipher_get_type(ctx);
-    const mbedtls_cipher_info_t *info = mbedtls_cipher_info_from_type(type);
-    const char *ciph = mbedtls_cipher_info_get_name(info);
-    int key_bits = mbedtls_cipher_get_key_bitlen(ctx);
-    mbedtls_cipher_mode_t mode = mbedtls_cipher_get_cipher_mode(ctx);
-
-    const char *mode_str = mode == MBEDTLS_MODE_GCM ? "GCM"
-                         : mode == MBEDTLS_MODE_CHACHAPOLY ? "ChachaPoly"
-                         : "???";
-
-    printf("%s, %d, %s, %u\n",
-           ciph, key_bits, mode_str, (unsigned) tag_len);
-}
-
-/*
- * Encrypt a 2-part message.
- */
-static int aead_encrypt(mbedtls_cipher_context_t *ctx, size_t tag_len,
-                        const unsigned char *iv, size_t iv_len,
-                        const unsigned char *ad, size_t ad_len,
-                        const unsigned char *part1, size_t part1_len,
-                        const unsigned char *part2, size_t part2_len)
-{
-    int ret;
-    size_t olen;
-#define MAX_TAG_LENGTH 16
-    unsigned char out[MSG_MAX_SIZE + MAX_TAG_LENGTH];
-    unsigned char *p = out;
-
-    CHK(mbedtls_cipher_set_iv(ctx, iv, iv_len));
-    CHK(mbedtls_cipher_reset(ctx));
-    CHK(mbedtls_cipher_update_ad(ctx, ad, ad_len));
-    CHK(mbedtls_cipher_update(ctx, part1, part1_len, p, &olen));
-    p += olen;
-    CHK(mbedtls_cipher_update(ctx, part2, part2_len, p, &olen));
-    p += olen;
-    CHK(mbedtls_cipher_finish(ctx, p, &olen));
-    p += olen;
-    CHK(mbedtls_cipher_write_tag(ctx, p, tag_len));
-    p += tag_len;
-
-    olen = p - out;
-    print_buf("out", out, olen);
-
-exit:
-    return ret;
-}
-
-/*
- * AEAD demo: set up key/alg, print out info, encrypt messages.
- */
-static int aead_demo(const char *info)
-{
-    int ret = 0;
-
-    mbedtls_cipher_context_t ctx;
-    size_t tag_len;
-
-    mbedtls_cipher_init(&ctx);
-
-    CHK(aead_prepare(info, &ctx, &tag_len));
-
-    aead_info(&ctx, tag_len);
-
-    CHK(aead_encrypt(&ctx, tag_len,
-                     iv1, sizeof(iv1), add_data1, sizeof(add_data1),
-                     msg1_part1, sizeof(msg1_part1),
-                     msg1_part2, sizeof(msg1_part2)));
-    CHK(aead_encrypt(&ctx, tag_len,
-                     iv2, sizeof(iv2), add_data2, sizeof(add_data2),
-                     msg2_part1, sizeof(msg2_part1),
-                     msg2_part2, sizeof(msg2_part2)));
-
-exit:
-    mbedtls_cipher_free(&ctx);
-
-    return ret;
-}
-
-
-/*
- * Main function
- */
-int main(int argc, char **argv)
-{
-    /* Check usage */
-    if (argc != 2) {
-        puts(usage);
-        return 1;
-    }
-
-    int ret;
-
-    /* Run the demo */
-    CHK(aead_demo(argv[1]));
-
-exit:
-    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-#endif

diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index 2094223..6d3b73f 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c

@@ -141,9 +141,6 @@
     //There may be other options to add :
     // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
 
-    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
     if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
         goto exit;
     }

diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index e667d8b..efe1362 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c

@@ -68,7 +68,6 @@
     }
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    srand(1);
     if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                               (const unsigned char *) pers, strlen(pers)) != 0) {
         goto exit;
@@ -85,7 +84,6 @@
     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
 #endif
     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
 
     if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
         goto exit;

diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 740dea5..31eb514 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c

@@ -98,10 +98,6 @@
         goto exit;
     }
 
-
-    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
     if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {

diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index 857b1b6..bb9dd0a 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c

@@ -112,9 +112,6 @@
         goto exit;
     }
 
-    srand(1);
-    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
-
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
     mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
     if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {

diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
deleted file mode 100644
index d23db04..0000000
--- a/programs/hash/CMakeLists.txt
+++ /dev/null

@@ -1,17 +0,0 @@
-set(executables
-    generic_sum
-    hello
-    md_hmac_demo
-)
-add_dependencies(${programs_target} ${executables})
-
-foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables}
-        DESTINATION "bin"
-        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

diff --git a/programs/hash/generic_sum.c b/programs/hash/generic_sum.c
deleted file mode 100644
index ac776de..0000000
--- a/programs/hash/generic_sum.c
+++ /dev/null

@@ -1,211 +0,0 @@
-/*
- *  generic message digest layer demonstration program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_MD_C) && defined(MBEDTLS_FS_IO)
-#include "mbedtls/md.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_MD_C and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-static int generic_wrapper(const mbedtls_md_info_t *md_info, char *filename, unsigned char *sum)
-{
-    int ret = mbedtls_md_file(md_info, filename, sum);
-
-    if (ret == 1) {
-        mbedtls_fprintf(stderr, "failed to open: %s\n", filename);
-    }
-
-    if (ret == 2) {
-        mbedtls_fprintf(stderr, "failed to read: %s\n", filename);
-    }
-
-    return ret;
-}
-
-static int generic_print(const mbedtls_md_info_t *md_info, char *filename)
-{
-    int i;
-    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-
-    if (generic_wrapper(md_info, filename, sum) != 0) {
-        return 1;
-    }
-
-    for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
-        mbedtls_printf("%02x", sum[i]);
-    }
-
-    mbedtls_printf("  %s\n", filename);
-    return 0;
-}
-
-static int generic_check(const mbedtls_md_info_t *md_info, char *filename)
-{
-    int i;
-    size_t n;
-    FILE *f;
-    int nb_err1, nb_err2;
-    int nb_tot1, nb_tot2;
-    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
-    char line[1024];
-    char diff;
-#if defined(__clang_analyzer__)
-    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
-#else
-    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
-#endif
-
-    if ((f = fopen(filename, "rb")) == NULL) {
-        mbedtls_printf("failed to open: %s\n", filename);
-        return 1;
-    }
-
-    nb_err1 = nb_err2 = 0;
-    nb_tot1 = nb_tot2 = 0;
-
-    memset(line, 0, sizeof(line));
-
-    n = sizeof(line);
-
-    while (fgets(line, (int) n - 1, f) != NULL) {
-        n = strlen(line);
-
-        if (n < (size_t) 2 * mbedtls_md_get_size(md_info) + 4) {
-            mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
-            continue;
-        }
-
-        if (line[2 * mbedtls_md_get_size(md_info)] != ' ' ||
-            line[2 * mbedtls_md_get_size(md_info) + 1] != ' ') {
-            mbedtls_printf("No '%s' hash found on line.\n", mbedtls_md_get_name(md_info));
-            continue;
-        }
-
-        if (line[n - 1] == '\n') {
-            n--; line[n] = '\0';
-        }
-        if (line[n - 1] == '\r') {
-            n--; line[n] = '\0';
-        }
-
-        nb_tot1++;
-
-        if (generic_wrapper(md_info, line + 2 + 2 * mbedtls_md_get_size(md_info), sum) != 0) {
-            nb_err1++;
-            continue;
-        }
-
-        nb_tot2++;
-
-        for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
-            sprintf(buf + i * 2, "%02x", sum[i]);
-        }
-
-        /* Use constant-time buffer comparison */
-        diff = 0;
-        for (i = 0; i < 2 * mbedtls_md_get_size(md_info); i++) {
-            diff |= line[i] ^ buf[i];
-        }
-
-        if (diff != 0) {
-            nb_err2++;
-            mbedtls_fprintf(stderr, "wrong checksum: %s\n", line + 66);
-        }
-
-        n = sizeof(line);
-    }
-
-    if (nb_err1 != 0) {
-        mbedtls_printf("WARNING: %d (out of %d) input files could "
-                       "not be read\n", nb_err1, nb_tot1);
-    }
-
-    if (nb_err2 != 0) {
-        mbedtls_printf("WARNING: %d (out of %d) computed checksums did "
-                       "not match\n", nb_err2, nb_tot2);
-    }
-
-    fclose(f);
-
-    return nb_err1 != 0 || nb_err2 != 0;
-}
-
-int main(int argc, char *argv[])
-{
-    int ret = 1, i;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    const mbedtls_md_info_t *md_info;
-    mbedtls_md_context_t md_ctx;
-
-    mbedtls_md_init(&md_ctx);
-
-    if (argc < 2) {
-        const int *list;
-
-        mbedtls_printf("print mode:  generic_sum <mbedtls_md> <file> <file> ...\n");
-        mbedtls_printf("check mode:  generic_sum <mbedtls_md> -c <checksum file>\n");
-
-        mbedtls_printf("\nAvailable message digests:\n");
-        list = mbedtls_md_list();
-        while (*list) {
-            md_info = mbedtls_md_info_from_type(*list);
-            mbedtls_printf("  %s\n", mbedtls_md_get_name(md_info));
-            list++;
-        }
-
-        mbedtls_exit(exit_code);
-    }
-
-    /*
-     * Read the MD from the command line
-     */
-    md_info = mbedtls_md_info_from_string(argv[1]);
-    if (md_info == NULL) {
-        mbedtls_fprintf(stderr, "Message Digest '%s' not found\n", argv[1]);
-        mbedtls_exit(exit_code);
-    }
-    if (mbedtls_md_setup(&md_ctx, md_info, 0)) {
-        mbedtls_fprintf(stderr, "Failed to initialize context.\n");
-        mbedtls_exit(exit_code);
-    }
-
-    ret = 0;
-    if (argc == 4 && strcmp("-c", argv[2]) == 0) {
-        ret |= generic_check(md_info, argv[3]);
-        goto exit;
-    }
-
-    for (i = 2; i < argc; i++) {
-        ret |= generic_print(md_info, argv[i]);
-    }
-
-    if (ret == 0) {
-        exit_code = MBEDTLS_EXIT_SUCCESS;
-    }
-
-exit:
-    mbedtls_md_free(&md_ctx);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_MD_C && MBEDTLS_FS_IO */

diff --git a/programs/hash/hello.c b/programs/hash/hello.c
deleted file mode 100644
index 19408f3..0000000
--- a/programs/hash/hello.c
+++ /dev/null

@@ -1,47 +0,0 @@
-/*
- *  Classic "Hello, world" demonstration program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_MD5_C)
-#include "mbedtls/md5.h"
-#endif
-
-#if !defined(MBEDTLS_MD5_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_MD5_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(void)
-{
-    int i, ret;
-    unsigned char digest[16];
-    char str[] = "Hello, world!";
-
-    mbedtls_printf("\n  MD5('%s') = ", str);
-
-    if ((ret = mbedtls_md5((unsigned char *) str, 13, digest)) != 0) {
-        mbedtls_exit(MBEDTLS_EXIT_FAILURE);
-    }
-
-    for (i = 0; i < 16; i++) {
-        mbedtls_printf("%02x", digest[i]);
-    }
-
-    mbedtls_printf("\n\n");
-
-    mbedtls_exit(MBEDTLS_EXIT_SUCCESS);
-}
-#endif /* MBEDTLS_MD5_C */

diff --git a/programs/hash/md_hmac_demo.c b/programs/hash/md_hmac_demo.c
deleted file mode 100644
index 0fe0700..0000000
--- a/programs/hash/md_hmac_demo.c
+++ /dev/null

@@ -1,138 +0,0 @@
-/**
- * MD API multi-part HMAC demonstration.
- *
- * This programs computes the HMAC of two messages using the multi-part API.
- *
- * This is a companion to psa/hmac_demo.c, doing the same operations with the
- * legacy MD API. The goal is that comparing the two programs will help people
- * migrating to the PSA Crypto API.
- *
- * When it comes to multi-part HMAC operations, the `mbedtls_md_context`
- * serves a dual purpose (1) hold the key, and (2) save progress information
- * for the current operation. With PSA those roles are held by two disinct
- * objects: (1) a psa_key_id_t to hold the key, and (2) a psa_operation_t for
- * multi-part progress.
- *
- * This program and its companion psa/hmac_demo.c illustrate this by doing the
- * same sequence of multi-part HMAC computation with both APIs; looking at the
- * two side by side should make the differences and similarities clear.
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/* First include Mbed TLS headers to get the Mbed TLS configuration and
- * platform definitions that we'll use in this program. Also include
- * standard C headers for functions we'll use here. */
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/md.h"
-
-#include "mbedtls/platform_util.h" // for mbedtls_platform_zeroize
-
-#include <stdlib.h>
-#include <stdio.h>
-
-/* If the build options we need are not enabled, compile a placeholder. */
-#if !defined(MBEDTLS_MD_C)
-int main(void)
-{
-    printf("MBEDTLS_MD_C not defined\r\n");
-    return 0;
-}
-#else
-
-/* The real program starts here. */
-
-/* Dummy inputs for HMAC */
-const unsigned char msg1_part1[] = { 0x01, 0x02 };
-const unsigned char msg1_part2[] = { 0x03, 0x04 };
-const unsigned char msg2_part1[] = { 0x05, 0x05 };
-const unsigned char msg2_part2[] = { 0x06, 0x06 };
-
-/* Dummy key material - never do this in production!
- * This example program uses SHA-256, so a 32-byte key makes sense. */
-const unsigned char key_bytes[32] = { 0 };
-
-/* Print the contents of a buffer in hex */
-static void print_buf(const char *title, unsigned char *buf, size_t len)
-{
-    printf("%s:", title);
-    for (size_t i = 0; i < len; i++) {
-        printf(" %02x", buf[i]);
-    }
-    printf("\n");
-}
-
-/* Run an Mbed TLS function and bail out if it fails.
- * A string description of the error code can be recovered with:
- * programs/util/strerror <value> */
-#define CHK(expr)                                             \
-    do                                                          \
-    {                                                           \
-        ret = (expr);                                         \
-        if (ret != 0)                                          \
-        {                                                       \
-            printf("Error %d at line %d: %s\n",                \
-                   ret,                                        \
-                   __LINE__,                                   \
-                   #expr);                                    \
-            goto exit;                                          \
-        }                                                       \
-    } while (0)
-
-/*
- * This function demonstrates computation of the HMAC of two messages using
- * the multipart API.
- */
-static int hmac_demo(void)
-{
-    int ret;
-    const mbedtls_md_type_t alg = MBEDTLS_MD_SHA256;
-    unsigned char out[MBEDTLS_MD_MAX_SIZE]; // safe but not optimal
-
-    mbedtls_md_context_t ctx;
-
-    mbedtls_md_init(&ctx);
-
-    /* prepare context and load key */
-    // the last argument to setup is 1 to enable HMAC (not just hashing)
-    const mbedtls_md_info_t *info = mbedtls_md_info_from_type(alg);
-    CHK(mbedtls_md_setup(&ctx, info, 1));
-    CHK(mbedtls_md_hmac_starts(&ctx, key_bytes, sizeof(key_bytes)));
-
-    /* compute HMAC(key, msg1_part1 | msg1_part2) */
-    CHK(mbedtls_md_hmac_update(&ctx, msg1_part1, sizeof(msg1_part1)));
-    CHK(mbedtls_md_hmac_update(&ctx, msg1_part2, sizeof(msg1_part2)));
-    CHK(mbedtls_md_hmac_finish(&ctx, out));
-    print_buf("msg1", out, mbedtls_md_get_size(info));
-
-    /* compute HMAC(key, msg2_part1 | msg2_part2) */
-    CHK(mbedtls_md_hmac_reset(&ctx));     // prepare for new operation
-    CHK(mbedtls_md_hmac_update(&ctx, msg2_part1, sizeof(msg2_part1)));
-    CHK(mbedtls_md_hmac_update(&ctx, msg2_part2, sizeof(msg2_part2)));
-    CHK(mbedtls_md_hmac_finish(&ctx, out));
-    print_buf("msg2", out, mbedtls_md_get_size(info));
-
-exit:
-    mbedtls_md_free(&ctx);
-    mbedtls_platform_zeroize(out, sizeof(out));
-
-    return ret;
-}
-
-int main(void)
-{
-    int ret;
-
-    CHK(hmac_demo());
-
-exit:
-    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
-}
-
-#endif

diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index df63ffc..a2b1836 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt

@@ -1,21 +1,8 @@
 set(executables_mbedcrypto
-    dh_genprime
-    ecdh_curve25519
-    ecdsa
     gen_key
-    key_app
-    key_app_writer
-    mpi_demo
-    pk_encrypt
-    pk_decrypt
     pk_sign
     pk_verify
-    rsa_decrypt
-    rsa_encrypt
-    rsa_genkey
-    rsa_sign
     rsa_sign_pss
-    rsa_verify
     rsa_verify_pss
 )
 add_dependencies(${programs_target} ${executables_mbedcrypto})

diff --git a/programs/pkey/dh_genprime.c b/programs/pkey/dh_genprime.c
deleted file mode 100644
index ebaf926..0000000
--- a/programs/pkey/dh_genprime.c
+++ /dev/null

@@ -1,163 +0,0 @@
-/*
- *  Diffie-Hellman-Merkle key exchange (prime generation)
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C) ||     \
-    !defined(MBEDTLS_GENPRIME)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C and/or "
-                   "MBEDTLS_GENPRIME not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/bignum.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#define USAGE \
-    "\n usage: dh_genprime param=<>...\n"                                   \
-    "\n acceptable parameters:\n"                                           \
-    "    bits=%%d           default: 2048\n"
-
-#define DFL_BITS    2048
-
-/*
- * Note: G = 4 is always a quadratic residue mod P,
- * so it is a generator of order Q (with P = 2*Q+1).
- */
-#define GENERATOR "4"
-
-
-int main(int argc, char **argv)
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_mpi G, P, Q;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    const char *pers = "dh_genprime";
-    FILE *fout;
-    int nbits = DFL_BITS;
-    int i;
-    char *p, *q;
-
-    mbedtls_mpi_init(&G); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
-
-    if (argc < 2) {
-usage:
-        mbedtls_printf(USAGE);
-        goto exit;
-    }
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((q = strchr(p, '=')) == NULL) {
-            goto usage;
-        }
-        *q++ = '\0';
-
-        if (strcmp(p, "bits") == 0) {
-            nbits = atoi(q);
-            if (nbits < 0 || nbits > MBEDTLS_MPI_MAX_BITS) {
-                goto usage;
-            }
-        } else {
-            goto usage;
-        }
-    }
-
-    if ((ret = mbedtls_mpi_read_string(&G, 10, GENERATOR)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_string returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf("  ! Generating large primes may take minutes!\n");
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Generating the modulus, please wait...");
-    fflush(stdout);
-
-    /*
-     * This can take a long time...
-     */
-    if ((ret = mbedtls_mpi_gen_prime(&P, nbits, 1,
-                                     mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_gen_prime returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Verifying that Q = (P-1)/2 is prime...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_mpi_sub_int(&Q, &P, 1)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_sub_int returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_div_int(&Q, NULL, &Q, 2)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_div_int returned %d\n\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_is_prime_ext(&Q, 50, mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_is_prime returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Exporting the value in dh_prime.txt...");
-    fflush(stdout);
-
-    if ((fout = fopen("dh_prime.txt", "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create dh_prime.txt\n\n");
-        goto exit;
-    }
-
-    if (((ret = mbedtls_mpi_write_file("P = ", &P, 16, fout)) != 0) ||
-        ((ret = mbedtls_mpi_write_file("G = ", &G, 16, fout)) != 0)) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
-        fclose(fout);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n\n");
-    fclose(fout);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_mpi_free(&G); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_FS_IO &&
-          MBEDTLS_CTR_DRBG_C && MBEDTLS_GENPRIME */

diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
deleted file mode 100644
index 952d487..0000000
--- a/programs/pkey/ecdh_curve25519.c
+++ /dev/null

@@ -1,191 +0,0 @@
-/*
- *  Example ECDHE with Curve25519 program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_ECDH_C) || \
-    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_ECDH_C and/or "
-                   "MBEDTLS_ECP_DP_CURVE25519_ENABLED and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C "
-                   "not defined\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/ecdh.h"
-
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_ecdh_context ctx_cli, ctx_srv;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char cli_to_srv[36], srv_to_cli[33];
-    const char pers[] = "ecdh";
-
-    size_t srv_olen;
-    size_t cli_olen;
-    unsigned char secret_cli[32] = { 0 };
-    unsigned char secret_srv[32] = { 0 };
-    const unsigned char *p_cli_to_srv = cli_to_srv;
-
-    ((void) argc);
-    ((void) argv);
-
-    mbedtls_ecdh_init(&ctx_cli);
-    mbedtls_ecdh_init(&ctx_srv);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    /*
-     * Initialize random number generation
-     */
-    mbedtls_printf("  . Seed the random number generator...");
-    fflush(stdout);
-
-    mbedtls_entropy_init(&entropy);
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
-                                     &entropy,
-                                     (const unsigned char *) pers,
-                                     sizeof(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    /*
-     * Client: initialize context and generate keypair
-     */
-    mbedtls_printf("  . Set up client context, generate EC key pair...");
-    fflush(stdout);
-
-    ret = mbedtls_ecdh_setup(&ctx_cli, MBEDTLS_ECP_DP_CURVE25519);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_setup returned %d\n", ret);
-        goto exit;
-    }
-
-    ret = mbedtls_ecdh_make_params(&ctx_cli, &cli_olen, cli_to_srv,
-                                   sizeof(cli_to_srv),
-                                   mbedtls_ctr_drbg_random, &ctr_drbg);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_make_params returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    /*
-     * Server: initialize context and generate keypair
-     */
-    mbedtls_printf("  . Server: read params, generate public key...");
-    fflush(stdout);
-
-    ret = mbedtls_ecdh_read_params(&ctx_srv, &p_cli_to_srv,
-                                   p_cli_to_srv + sizeof(cli_to_srv));
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_read_params returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    ret = mbedtls_ecdh_make_public(&ctx_srv, &srv_olen, srv_to_cli,
-                                   sizeof(srv_to_cli),
-                                   mbedtls_ctr_drbg_random, &ctr_drbg);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_make_public returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    /*
-     * Client: read public key
-     */
-    mbedtls_printf("  . Client: read public key...");
-    fflush(stdout);
-
-    ret = mbedtls_ecdh_read_public(&ctx_cli, srv_to_cli,
-                                   sizeof(srv_to_cli));
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_read_public returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    /*
-     * Calculate secrets
-     */
-    mbedtls_printf("  . Calculate secrets...");
-    fflush(stdout);
-
-    ret = mbedtls_ecdh_calc_secret(&ctx_cli, &cli_olen, secret_cli,
-                                   sizeof(secret_cli),
-                                   mbedtls_ctr_drbg_random, &ctr_drbg);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_calc_secret returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    ret = mbedtls_ecdh_calc_secret(&ctx_srv, &srv_olen, secret_srv,
-                                   sizeof(secret_srv),
-                                   mbedtls_ctr_drbg_random, &ctr_drbg);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdh_calc_secret returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    /*
-     * Verification: are the computed secrets equal?
-     */
-    mbedtls_printf("  . Check if both calculated secrets are equal...");
-    fflush(stdout);
-
-    ret = memcmp(secret_srv, secret_cli, srv_olen);
-    if (ret != 0 || (cli_olen != srv_olen)) {
-        mbedtls_printf(" failed\n  ! Shared secrets not equal.\n");
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_ecdh_free(&ctx_srv);
-    mbedtls_ecdh_free(&ctx_cli);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_ECDH_C && MBEDTLS_ECP_DP_CURVE25519_ENABLED &&
-          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/ecdsa.c b/programs/pkey/ecdsa.c
deleted file mode 100644
index a4988b0..0000000
--- a/programs/pkey/ecdsa.c
+++ /dev/null

@@ -1,222 +0,0 @@
-/*
- *  Example ECDSA program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_ECDSA_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/ecdsa.h"
-#include "mbedtls/sha256.h"
-
-#include <string.h>
-#endif
-
-/*
- * Uncomment to show key and signature details
- */
-#define VERBOSE
-
-/*
- * Uncomment to force use of a specific curve
- */
-#define ECPARAMS    MBEDTLS_ECP_DP_SECP192R1
-
-#if !defined(ECPARAMS)
-#define ECPARAMS    mbedtls_ecp_curve_list()->grp_id
-#endif
-
-#if !defined(MBEDTLS_ECDSA_C) || !defined(MBEDTLS_SHA256_C) || \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_ECDSA_C and/or MBEDTLS_SHA256_C and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined\n");
-    mbedtls_exit(0);
-}
-#else
-#if defined(VERBOSE)
-static void dump_buf(const char *title, unsigned char *buf, size_t len)
-{
-    size_t i;
-
-    mbedtls_printf("%s", title);
-    for (i = 0; i < len; i++) {
-        mbedtls_printf("%c%c", "0123456789ABCDEF" [buf[i] / 16],
-                       "0123456789ABCDEF" [buf[i] % 16]);
-    }
-    mbedtls_printf("\n");
-}
-
-static void dump_pubkey(const char *title, mbedtls_ecdsa_context *key)
-{
-    unsigned char buf[300];
-    size_t len;
-
-    if (mbedtls_ecp_write_public_key(key, MBEDTLS_ECP_PF_UNCOMPRESSED,
-                                     &len, buf, sizeof(buf)) != 0) {
-        mbedtls_printf("internal error\n");
-        return;
-    }
-
-    dump_buf(title, buf, len);
-}
-#else
-#define dump_buf(a, b, c)
-#define dump_pubkey(a, b)
-#endif
-
-
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_ecdsa_context ctx_sign, ctx_verify;
-    mbedtls_ecp_point Q;
-    mbedtls_ecp_point_init(&Q);
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char message[100];
-    unsigned char hash[32];
-    unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
-    size_t sig_len;
-    const char *pers = "ecdsa";
-    ((void) argv);
-
-    mbedtls_ecdsa_init(&ctx_sign);
-    mbedtls_ecdsa_init(&ctx_verify);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    memset(sig, 0, sizeof(sig));
-    memset(message, 0x25, sizeof(message));
-
-    if (argc != 1) {
-        mbedtls_printf("usage: ecdsa\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    /*
-     * Generate a key pair for signing
-     */
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    mbedtls_entropy_init(&entropy);
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Generating key pair...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ecdsa_genkey(&ctx_sign, ECPARAMS,
-                                    mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_genkey returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(&ctx_sign);
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id(grp_id);
-    mbedtls_printf(" ok (key size: %d bits)\n", (int) curve_info->bit_size);
-
-    dump_pubkey("  + Public key: ", &ctx_sign);
-
-    /*
-     * Compute message hash
-     */
-    mbedtls_printf("  . Computing message hash...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_sha256(message, sizeof(message), hash, 0)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_sha256 returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    dump_buf("  + Hash: ", hash, sizeof(hash));
-
-    /*
-     * Sign message hash
-     */
-    mbedtls_printf("  . Signing message hash...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ecdsa_write_signature(&ctx_sign, MBEDTLS_MD_SHA256,
-                                             hash, sizeof(hash),
-                                             sig, sizeof(sig), &sig_len,
-                                             mbedtls_ctr_drbg_random, &ctr_drbg)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_write_signature returned %d\n", ret);
-        goto exit;
-    }
-    mbedtls_printf(" ok (signature length = %u)\n", (unsigned int) sig_len);
-
-    dump_buf("  + Signature: ", sig, sig_len);
-
-    /*
-     * Transfer public information to verifying context
-     *
-     * We could use the same context for verification and signatures, but we
-     * chose to use a new one in order to make it clear that the verifying
-     * context only needs the public key (Q), and not the private key (d).
-     */
-    mbedtls_printf("  . Preparing verification context...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ecp_export(&ctx_sign, NULL, NULL, &Q)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecp_export returned %d\n", ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_ecp_set_public_key(grp_id, &ctx_verify, &Q)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecp_set_public_key returned %d\n", ret);
-        goto exit;
-    }
-
-    /*
-     * Verify signature
-     */
-    mbedtls_printf(" ok\n  . Verifying signature...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ecdsa_read_signature(&ctx_verify,
-                                            hash, sizeof(hash),
-                                            sig, sig_len)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ecdsa_read_signature returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_ecdsa_free(&ctx_verify);
-    mbedtls_ecdsa_free(&ctx_sign);
-    mbedtls_ecp_point_free(&Q);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
-          ECPARAMS */

diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
deleted file mode 100644
index 2be5842..0000000
--- a/programs/pkey/key_app.c
+++ /dev/null

@@ -1,369 +0,0 @@
-/*
- *  Key reading application
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && \
-    defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_FS_IO) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/rsa.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <string.h>
-#endif
-
-#define MODE_NONE               0
-#define MODE_PRIVATE            1
-#define MODE_PUBLIC             2
-
-#define DFL_MODE                MODE_NONE
-#define DFL_FILENAME            "keyfile.key"
-#define DFL_PASSWORD            ""
-#define DFL_PASSWORD_FILE       ""
-#define DFL_DEBUG_LEVEL         0
-
-#define USAGE \
-    "\n usage: key_app param=<>...\n"                   \
-    "\n acceptable parameters:\n"                       \
-    "    mode=private|public default: none\n"           \
-    "    filename=%%s         default: keyfile.key\n"   \
-    "    password=%%s         default: \"\"\n"          \
-    "    password_file=%%s    default: \"\"\n"          \
-    "\n"
-
-#if !defined(MBEDTLS_BIGNUM_C) ||                                  \
-    !defined(MBEDTLS_PK_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or "
-                   "MBEDTLS_PK_PARSE_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-#if defined(MBEDTLS_ECP_C)
-static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
-{
-    int ret = 0;
-
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id(
-            mbedtls_ecp_keypair_get_group_id(ecp));
-    mbedtls_printf("curve: %s\n", curve_info->name);
-
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_group_init(&grp);
-    mbedtls_mpi D;
-    mbedtls_mpi_init(&D);
-    mbedtls_ecp_point pt;
-    mbedtls_ecp_point_init(&pt);
-    mbedtls_mpi X, Y;
-    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
-
-    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
-                                       (has_private ? &D : NULL),
-                                       &pt));
-
-    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
-    size_t len = 0;
-    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
-                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
-                        &len, point_bin, sizeof(point_bin)));
-    switch (mbedtls_ecp_get_type(&grp)) {
-        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
-            if ((len & 1) == 0 || point_bin[0] != 0x04) {
-                /* Point in an unxepected format. This shouldn't happen. */
-                ret = -1;
-                goto cleanup;
-            }
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
-            break;
-        case MBEDTLS_ECP_TYPE_MONTGOMERY:
-            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            break;
-        default:
-            mbedtls_printf(
-                "This program does not yet support listing coordinates for this curve type.\n");
-            break;
-    }
-
-    if (has_private) {
-        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
-    }
-
-cleanup:
-    mbedtls_ecp_group_free(&grp);
-    mbedtls_mpi_free(&D);
-    mbedtls_ecp_point_free(&pt);
-    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
-    return ret;
-}
-#endif
-
-/*
- * global options
- */
-struct options {
-    int mode;                   /* the mode to run the application in   */
-    const char *filename;       /* filename of the key file             */
-    const char *password;       /* password for the private key         */
-    const char *password_file;  /* password_file for the private key    */
-} opt;
-
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    char buf[1024];
-    int i;
-    char *p, *q;
-
-    const char *pers = "pkey/key_app";
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-
-    mbedtls_pk_context pk;
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-
-    /*
-     * Set to sane values
-     */
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    mbedtls_pk_init(&pk);
-    memset(buf, 0, sizeof(buf));
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto cleanup;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
-    if (argc < 2) {
-usage:
-        mbedtls_printf(USAGE);
-        goto cleanup;
-    }
-
-    opt.mode                = DFL_MODE;
-    opt.filename            = DFL_FILENAME;
-    opt.password            = DFL_PASSWORD;
-    opt.password_file       = DFL_PASSWORD_FILE;
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((q = strchr(p, '=')) == NULL) {
-            goto usage;
-        }
-        *q++ = '\0';
-
-        if (strcmp(p, "mode") == 0) {
-            if (strcmp(q, "private") == 0) {
-                opt.mode = MODE_PRIVATE;
-            } else if (strcmp(q, "public") == 0) {
-                opt.mode = MODE_PUBLIC;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "filename") == 0) {
-            opt.filename = q;
-        } else if (strcmp(p, "password") == 0) {
-            opt.password = q;
-        } else if (strcmp(p, "password_file") == 0) {
-            opt.password_file = q;
-        } else {
-            goto usage;
-        }
-    }
-
-    if (opt.mode == MODE_PRIVATE) {
-        if (strlen(opt.password) && strlen(opt.password_file)) {
-            mbedtls_printf("Error: cannot have both password and password_file\n");
-            goto usage;
-        }
-
-        if (strlen(opt.password_file)) {
-            FILE *f;
-
-            mbedtls_printf("\n  . Loading the password file ...");
-            if ((f = fopen(opt.password_file, "rb")) == NULL) {
-                mbedtls_printf(" failed\n  !  fopen returned NULL\n");
-                goto cleanup;
-            }
-            if (fgets(buf, sizeof(buf), f) == NULL) {
-                fclose(f);
-                mbedtls_printf("Error: fgets() failed to retrieve password\n");
-                goto cleanup;
-            }
-            fclose(f);
-
-            i = (int) strlen(buf);
-            if (buf[i - 1] == '\n') {
-                buf[i - 1] = '\0';
-            }
-            if (buf[i - 2] == '\r') {
-                buf[i - 2] = '\0';
-            }
-            opt.password = buf;
-        }
-
-        /*
-         * 1.1. Load the key
-         */
-        mbedtls_printf("\n  . Loading the private key ...");
-        fflush(stdout);
-
-        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                         (const unsigned char *) pers,
-                                         strlen(pers))) != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                           (unsigned int) -ret);
-            goto cleanup;
-        }
-
-        ret = mbedtls_pk_parse_keyfile(&pk, opt.filename, opt.password);
-
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x\n",
-                           (unsigned int) -ret);
-            goto cleanup;
-        }
-
-        mbedtls_printf(" ok\n");
-
-        /*
-         * 1.2 Print the key
-         */
-        mbedtls_printf("  . Key information    ...\n");
-#if defined(MBEDTLS_RSA_C)
-        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
-            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
-
-            if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
-                (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
-                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-                goto cleanup;
-            }
-
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N:  ", &N, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E:  ", &E, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("D:  ", &D, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("P:  ", &P, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("Q:  ", &Q, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DP: ", &DP, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL));
-        } else
-#endif
-#if defined(MBEDTLS_ECP_C)
-        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
-            if (show_ecp_key(mbedtls_pk_ec(pk), 1) != 0) {
-                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
-                goto cleanup;
-            }
-        } else
-#endif
-        {
-            mbedtls_printf("Do not know how to print key information for this type\n");
-            goto cleanup;
-        }
-    } else if (opt.mode == MODE_PUBLIC) {
-        /*
-         * 1.1. Load the key
-         */
-        mbedtls_printf("\n  . Loading the public key ...");
-        fflush(stdout);
-
-        ret = mbedtls_pk_parse_public_keyfile(&pk, opt.filename);
-
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
-                           (unsigned int) -ret);
-            goto cleanup;
-        }
-
-        mbedtls_printf(" ok\n");
-
-        mbedtls_printf("  . Key information    ...\n");
-#if defined(MBEDTLS_RSA_C)
-        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) {
-            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(pk);
-
-            if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
-                                          NULL, &E)) != 0) {
-                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-                goto cleanup;
-            }
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("N:  ", &N, 16, NULL));
-            MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("E:  ", &E, 16, NULL));
-        } else
-#endif
-#if defined(MBEDTLS_ECP_C)
-        if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY) {
-            if (show_ecp_key(mbedtls_pk_ec(pk), 0) != 0) {
-                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
-                goto cleanup;
-            }
-        } else
-#endif
-        {
-            mbedtls_printf("Do not know how to print key information for this type\n");
-            goto cleanup;
-        }
-    } else {
-        goto usage;
-    }
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-cleanup:
-
-#if defined(MBEDTLS_ERROR_C)
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, buf, sizeof(buf));
-           mbedtls_printf("  !  Last error was: %s\n", buf); */
-    }
-#endif
-
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_pk_free(&pk);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
-          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
deleted file mode 100644
index e36130b..0000000
--- a/programs/pkey/key_app_writer.c
+++ /dev/null

@@ -1,495 +0,0 @@
-/*
- *  Key writing application
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if !defined(MBEDTLS_PK_PARSE_C) || \
-    !defined(MBEDTLS_PK_WRITE_C) || \
-    !defined(MBEDTLS_FS_IO)      || \
-    !defined(MBEDTLS_ENTROPY_C)  || \
-    !defined(MBEDTLS_CTR_DRBG_C) || \
-    !defined(MBEDTLS_BIGNUM_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_PK_PARSE_C and/or MBEDTLS_PK_WRITE_C and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_CTR_DRBG_C and/or "
-                   "MBEDTLS_FS_IO and/or MBEDTLS_BIGNUM_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/pk.h"
-
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-#define USAGE_OUT \
-    "    output_file=%%s      default: keyfile.pem\n"   \
-    "    output_format=pem|der default: pem\n"
-#else
-#define USAGE_OUT \
-    "    output_file=%%s      default: keyfile.der\n"   \
-    "    output_format=der     default: der\n"
-#endif
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-#define DFL_OUTPUT_FILENAME     "keyfile.pem"
-#define DFL_OUTPUT_FORMAT       OUTPUT_FORMAT_PEM
-#else
-#define DFL_OUTPUT_FILENAME     "keyfile.der"
-#define DFL_OUTPUT_FORMAT       OUTPUT_FORMAT_DER
-#endif
-
-#define DFL_MODE                MODE_NONE
-#define DFL_FILENAME            "keyfile.key"
-#define DFL_DEBUG_LEVEL         0
-#define DFL_OUTPUT_MODE         OUTPUT_MODE_NONE
-
-#define MODE_NONE               0
-#define MODE_PRIVATE            1
-#define MODE_PUBLIC             2
-
-#define OUTPUT_MODE_NONE               0
-#define OUTPUT_MODE_PRIVATE            1
-#define OUTPUT_MODE_PUBLIC             2
-
-#define OUTPUT_FORMAT_PEM              0
-#define OUTPUT_FORMAT_DER              1
-
-#define USAGE \
-    "\n usage: key_app_writer param=<>...\n"            \
-    "\n acceptable parameters:\n"                       \
-    "    mode=private|public default: none\n"           \
-    "    filename=%%s         default: keyfile.key\n"   \
-    "    output_mode=private|public default: none\n"    \
-    USAGE_OUT                                           \
-    "\n"
-
-
-/*
- * global options
- */
-struct options {
-    int mode;                   /* the mode to run the application in   */
-    const char *filename;       /* filename of the key file             */
-    int output_mode;            /* the output mode to use               */
-    const char *output_file;    /* where to store the constructed key file  */
-    int output_format;          /* the output format to use             */
-} opt;
-
-static int write_public_key(mbedtls_pk_context *key, const char *output_file)
-{
-    int ret;
-    FILE *f;
-    unsigned char output_buf[16000];
-    unsigned char *c = output_buf;
-    size_t len = 0;
-
-    memset(output_buf, 0, 16000);
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-    if (opt.output_format == OUTPUT_FORMAT_PEM) {
-        if ((ret = mbedtls_pk_write_pubkey_pem(key, output_buf, 16000)) != 0) {
-            return ret;
-        }
-
-        len = strlen((char *) output_buf);
-    } else
-#endif
-    {
-        if ((ret = mbedtls_pk_write_pubkey_der(key, output_buf, 16000)) < 0) {
-            return ret;
-        }
-
-        len = ret;
-        c = output_buf + sizeof(output_buf) - len;
-    }
-
-    if ((f = fopen(output_file, "w")) == NULL) {
-        return -1;
-    }
-
-    if (fwrite(c, 1, len, f) != len) {
-        fclose(f);
-        return -1;
-    }
-
-    fclose(f);
-
-    return 0;
-}
-
-static int write_private_key(mbedtls_pk_context *key, const char *output_file)
-{
-    int ret;
-    FILE *f;
-    unsigned char output_buf[16000];
-    unsigned char *c = output_buf;
-    size_t len = 0;
-
-    memset(output_buf, 0, 16000);
-
-#if defined(MBEDTLS_PEM_WRITE_C)
-    if (opt.output_format == OUTPUT_FORMAT_PEM) {
-        if ((ret = mbedtls_pk_write_key_pem(key, output_buf, 16000)) != 0) {
-            return ret;
-        }
-
-        len = strlen((char *) output_buf);
-    } else
-#endif
-    {
-        if ((ret = mbedtls_pk_write_key_der(key, output_buf, 16000)) < 0) {
-            return ret;
-        }
-
-        len = ret;
-        c = output_buf + sizeof(output_buf) - len;
-    }
-
-    if ((f = fopen(output_file, "w")) == NULL) {
-        return -1;
-    }
-
-    if (fwrite(c, 1, len, f) != len) {
-        fclose(f);
-        return -1;
-    }
-
-    fclose(f);
-
-    return 0;
-}
-
-#if defined(MBEDTLS_ECP_C)
-static int show_ecp_key(const mbedtls_ecp_keypair *ecp, int has_private)
-{
-    int ret = 0;
-
-    const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_grp_id(
-            mbedtls_ecp_keypair_get_group_id(ecp));
-    mbedtls_printf("curve: %s\n", curve_info->name);
-
-    mbedtls_ecp_group grp;
-    mbedtls_ecp_group_init(&grp);
-    mbedtls_mpi D;
-    mbedtls_mpi_init(&D);
-    mbedtls_ecp_point pt;
-    mbedtls_ecp_point_init(&pt);
-    mbedtls_mpi X, Y;
-    mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
-
-    MBEDTLS_MPI_CHK(mbedtls_ecp_export(ecp, &grp,
-                                       (has_private ? &D : NULL),
-                                       &pt));
-
-    unsigned char point_bin[MBEDTLS_ECP_MAX_PT_LEN];
-    size_t len = 0;
-    MBEDTLS_MPI_CHK(mbedtls_ecp_point_write_binary(
-                        &grp, &pt, MBEDTLS_ECP_PF_UNCOMPRESSED,
-                        &len, point_bin, sizeof(point_bin)));
-    switch (mbedtls_ecp_get_type(&grp)) {
-        case MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS:
-            if ((len & 1) == 0 || point_bin[0] != 0x04) {
-                /* Point in an unxepected format. This shouldn't happen. */
-                ret = -1;
-                goto cleanup;
-            }
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&X, point_bin + 1, len / 2));
-            MBEDTLS_MPI_CHK(
-                mbedtls_mpi_read_binary(&Y, point_bin + 1 + len / 2, len / 2));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            mbedtls_mpi_write_file("Y_Q:   ", &Y, 16, NULL);
-            break;
-        case MBEDTLS_ECP_TYPE_MONTGOMERY:
-            MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&X, point_bin, len));
-            mbedtls_mpi_write_file("X_Q:   ", &X, 16, NULL);
-            break;
-        default:
-            mbedtls_printf(
-                "This program does not yet support listing coordinates for this curve type.\n");
-            break;
-    }
-
-    if (has_private) {
-        mbedtls_mpi_write_file("D:     ", &D, 16, NULL);
-    }
-
-cleanup:
-    mbedtls_ecp_group_free(&grp);
-    mbedtls_mpi_free(&D);
-    mbedtls_ecp_point_free(&pt);
-    mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
-    return ret;
-}
-#endif
-
-int main(int argc, char *argv[])
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-#if defined(MBEDTLS_ERROR_C)
-    char buf[200];
-#endif
-    int i;
-    char *p, *q;
-
-    const char *pers = "pkey/key_app";
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-
-    mbedtls_pk_context key;
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-#endif /* MBEDTLS_RSA_C */
-
-    /*
-     * Set to sane values
-     */
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    mbedtls_pk_init(&key);
-#if defined(MBEDTLS_ERROR_C)
-    memset(buf, 0, sizeof(buf));
-#endif
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-#endif /* MBEDTLS_RSA_C */
-
-    if (argc < 2) {
-usage:
-        mbedtls_printf(USAGE);
-        goto exit;
-    }
-
-    opt.mode                = DFL_MODE;
-    opt.filename            = DFL_FILENAME;
-    opt.output_mode         = DFL_OUTPUT_MODE;
-    opt.output_file         = DFL_OUTPUT_FILENAME;
-    opt.output_format       = DFL_OUTPUT_FORMAT;
-
-    for (i = 1; i < argc; i++) {
-        p = argv[i];
-        if ((q = strchr(p, '=')) == NULL) {
-            goto usage;
-        }
-        *q++ = '\0';
-
-        if (strcmp(p, "mode") == 0) {
-            if (strcmp(q, "private") == 0) {
-                opt.mode = MODE_PRIVATE;
-            } else if (strcmp(q, "public") == 0) {
-                opt.mode = MODE_PUBLIC;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "output_mode") == 0) {
-            if (strcmp(q, "private") == 0) {
-                opt.output_mode = OUTPUT_MODE_PRIVATE;
-            } else if (strcmp(q, "public") == 0) {
-                opt.output_mode = OUTPUT_MODE_PUBLIC;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "output_format") == 0) {
-#if defined(MBEDTLS_PEM_WRITE_C)
-            if (strcmp(q, "pem") == 0) {
-                opt.output_format = OUTPUT_FORMAT_PEM;
-            } else
-#endif
-            if (strcmp(q, "der") == 0) {
-                opt.output_format = OUTPUT_FORMAT_DER;
-            } else {
-                goto usage;
-            }
-        } else if (strcmp(p, "filename") == 0) {
-            opt.filename = q;
-        } else if (strcmp(p, "output_file") == 0) {
-            opt.output_file = q;
-        } else {
-            goto usage;
-        }
-    }
-
-    if (opt.mode == MODE_NONE && opt.output_mode != OUTPUT_MODE_NONE) {
-        mbedtls_printf("\nCannot output a key without reading one.\n");
-        goto exit;
-    }
-
-    if (opt.mode == MODE_PUBLIC && opt.output_mode == OUTPUT_MODE_PRIVATE) {
-        mbedtls_printf("\nCannot output a private key from a public key.\n");
-        goto exit;
-    }
-
-    if (opt.mode == MODE_PRIVATE) {
-        /*
-         * 1.1. Load the key
-         */
-        mbedtls_printf("\n  . Loading the private key ...");
-        fflush(stdout);
-
-        if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                         (const unsigned char *) pers,
-                                         strlen(pers))) != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-
-        ret = mbedtls_pk_parse_keyfile(&key, opt.filename, NULL);
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_keyfile returned -0x%04x",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-
-        mbedtls_printf(" ok\n");
-
-        /*
-         * 1.2 Print the key
-         */
-        mbedtls_printf("  . Key information    ...\n");
-
-#if defined(MBEDTLS_RSA_C)
-        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
-            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
-
-            if ((ret = mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E)) != 0 ||
-                (ret = mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP))      != 0) {
-                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-                goto exit;
-            }
-
-            mbedtls_mpi_write_file("N:  ",  &N,  16, NULL);
-            mbedtls_mpi_write_file("E:  ",  &E,  16, NULL);
-            mbedtls_mpi_write_file("D:  ",  &D,  16, NULL);
-            mbedtls_mpi_write_file("P:  ",  &P,  16, NULL);
-            mbedtls_mpi_write_file("Q:  ",  &Q,  16, NULL);
-            mbedtls_mpi_write_file("DP: ",  &DP, 16, NULL);
-            mbedtls_mpi_write_file("DQ:  ", &DQ, 16, NULL);
-            mbedtls_mpi_write_file("QP:  ", &QP, 16, NULL);
-        } else
-#endif
-#if defined(MBEDTLS_ECP_C)
-        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
-            if (show_ecp_key(mbedtls_pk_ec(key), 1) != 0) {
-                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
-                goto exit;
-            }
-        } else
-#endif
-        mbedtls_printf("key type not supported yet\n");
-
-    } else if (opt.mode == MODE_PUBLIC) {
-        /*
-         * 1.1. Load the key
-         */
-        mbedtls_printf("\n  . Loading the public key ...");
-        fflush(stdout);
-
-        ret = mbedtls_pk_parse_public_keyfile(&key, opt.filename);
-
-        if (ret != 0) {
-            mbedtls_printf(" failed\n  !  mbedtls_pk_parse_public_key returned -0x%04x",
-                           (unsigned int) -ret);
-            goto exit;
-        }
-
-        mbedtls_printf(" ok\n");
-
-        /*
-         * 1.2 Print the key
-         */
-        mbedtls_printf("  . Key information    ...\n");
-
-#if defined(MBEDTLS_RSA_C)
-        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_RSA) {
-            mbedtls_rsa_context *rsa = mbedtls_pk_rsa(key);
-
-            if ((ret = mbedtls_rsa_export(rsa, &N, NULL, NULL,
-                                          NULL, &E)) != 0) {
-                mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-                goto exit;
-            }
-            mbedtls_mpi_write_file("N: ", &N, 16, NULL);
-            mbedtls_mpi_write_file("E: ", &E, 16, NULL);
-        } else
-#endif
-#if defined(MBEDTLS_ECP_C)
-        if (mbedtls_pk_get_type(&key) == MBEDTLS_PK_ECKEY) {
-            if (show_ecp_key(mbedtls_pk_ec(key), 0) != 0) {
-                mbedtls_printf(" failed\n  ! could not export ECC parameters\n\n");
-                goto exit;
-            }
-        } else
-#endif
-        mbedtls_printf("key type not supported yet\n");
-    } else {
-        goto usage;
-    }
-
-    if (opt.output_mode == OUTPUT_MODE_PUBLIC) {
-        write_public_key(&key, opt.output_file);
-    }
-    if (opt.output_mode == OUTPUT_MODE_PRIVATE) {
-        write_private_key(&key, opt.output_file);
-    }
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-#ifdef MBEDTLS_ERROR_C
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, buf, sizeof(buf));
-           mbedtls_printf(" - %s\n", buf); */
-#else
-        mbedtls_printf("\n");
-#endif
-    }
-
-#if defined(MBEDTLS_RSA_C)
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-#endif /* MBEDTLS_RSA_C */
-
-    mbedtls_pk_free(&key);
-
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    mbedtls_exit(exit_code);
-}
-#endif /* program viability conditions */

diff --git a/programs/pkey/mpi_demo.c b/programs/pkey/mpi_demo.c
deleted file mode 100644
index a9c3190..0000000
--- a/programs/pkey/mpi_demo.c
+++ /dev/null

@@ -1,86 +0,0 @@
-/*
- *  Simple MPI demonstration program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_FS_IO)
-#include "mbedtls/bignum.h"
-
-#include <stdio.h>
-#endif
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(void)
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_mpi E, P, Q, N, H, D, X, Y, Z;
-
-    mbedtls_mpi_init(&E); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); mbedtls_mpi_init(&N);
-    mbedtls_mpi_init(&H); mbedtls_mpi_init(&D); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
-    mbedtls_mpi_init(&Z);
-
-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&P, 10, "2789"));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&Q, 10, "3203"));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&E, 10,  "257"));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&N, &P, &Q));
-
-    mbedtls_printf("\n  Public key:\n\n");
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  N = ", &N, 10, NULL));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  E = ", &E, 10, NULL));
-
-    mbedtls_printf("\n  Private key:\n\n");
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  P = ", &P, 10, NULL));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Q = ", &Q, 10, NULL));
-
-#if defined(MBEDTLS_GENPRIME)
-    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&P, &P, 1));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_sub_int(&Q, &Q, 1));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_mul_mpi(&H, &P, &Q));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_inv_mod(&D, &E, &H));
-
-    mbedtls_mpi_write_file("  D = E^-1 mod (P-1)*(Q-1) = ",
-                           &D, 10, NULL);
-#else
-    mbedtls_printf("\nTest skipped (MBEDTLS_GENPRIME not defined).\n\n");
-#endif
-    MBEDTLS_MPI_CHK(mbedtls_mpi_read_string(&X, 10, "55555"));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Y, &X, &E, &N, NULL));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_exp_mod(&Z, &Y, &D, &N, NULL));
-
-    mbedtls_printf("\n  RSA operation:\n\n");
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  X (plaintext)  = ", &X, 10, NULL));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Y (ciphertext) = X^E mod N = ", &Y, 10, NULL));
-    MBEDTLS_MPI_CHK(mbedtls_mpi_write_file("  Z (decrypted)  = Y^D mod N = ", &Z, 10, NULL));
-    mbedtls_printf("\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-cleanup:
-    mbedtls_mpi_free(&E); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); mbedtls_mpi_free(&N);
-    mbedtls_mpi_free(&H); mbedtls_mpi_free(&D); mbedtls_mpi_free(&X); mbedtls_mpi_free(&Y);
-    mbedtls_mpi_free(&Z);
-
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("\nAn error occurred.\n");
-    }
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_FS_IO */

diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
deleted file mode 100644
index d2bfde5..0000000
--- a/programs/pkey/pk_decrypt.c
+++ /dev/null

@@ -1,153 +0,0 @@
-/*
- *  Public key-based simple decryption program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/pk.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) ||  \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
-                   "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    unsigned c;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i, olen = 0;
-    mbedtls_pk_context pk;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char result[1024];
-    unsigned char buf[512];
-    const char *pers = "mbedtls_pk_decrypt";
-    ((void) argv);
-
-    mbedtls_pk_init(&pk);
-    mbedtls_entropy_init(&entropy);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    memset(result, 0, sizeof(result));
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if (argc != 2) {
-        mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
-                                     &entropy, (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading private key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_keyfile(&pk, argv[1], "")) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_keyfile returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Extract the RSA encrypted value from the text file
-     */
-    if ((f = fopen("result-enc.txt", "rb")) == NULL) {
-        mbedtls_printf("\n  ! Could not open %s\n\n", "result-enc.txt");
-        ret = 1;
-        goto exit;
-    }
-
-    i = 0;
-    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
-           i < (int) sizeof(buf)) {
-        buf[i++] = (unsigned char) c;
-    }
-
-    fclose(f);
-
-    /*
-     * Decrypt the encrypted RSA data and print the result.
-     */
-    mbedtls_printf("\n  . Decrypting the encrypted data");
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_decrypt(&pk, buf, i, result, &olen, sizeof(result))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_decrypt returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . OK\n\n");
-
-    mbedtls_printf("The decrypted result is: '%s'\n\n", result);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_pk_free(&pk);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_ERROR_C)
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
-           mbedtls_printf("  !  Last error was: %s\n", buf); */
-    }
-#endif
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_FS_IO &&
-          MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
deleted file mode 100644
index 1ab2a3d..0000000
--- a/programs/pkey/pk_encrypt.c
+++ /dev/null

@@ -1,155 +0,0 @@
-/*
- *  RSA simple data encryption program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_PK_PARSE_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
-    defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/pk.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_PK_PARSE_C) ||  \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_PK_PARSE_C and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i, olen = 0;
-    mbedtls_pk_context pk;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char input[1024];
-    unsigned char buf[512];
-    const char *pers = "mbedtls_pk_encrypt";
-
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
-    mbedtls_pk_init(&pk);
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_status_t status = psa_crypto_init();
-    if (status != PSA_SUCCESS) {
-        mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
-                        (int) status);
-        goto exit;
-    }
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-    if (argc != 3) {
-        mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
-                                     &entropy, (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading public key from '%s'", argv[1]);
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_parse_public_keyfile(&pk, argv[1])) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_parse_public_keyfile returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    if (strlen(argv[2]) > 100) {
-        mbedtls_printf(" Input data larger than 100 characters.\n\n");
-        goto exit;
-    }
-
-    memcpy(input, argv[2], strlen(argv[2]));
-
-    /*
-     * Calculate the RSA encryption of the hash.
-     */
-    mbedtls_printf("\n  . Generating the encrypted value");
-    fflush(stdout);
-
-    if ((ret = mbedtls_pk_encrypt(&pk, input, strlen(argv[2]),
-                                  buf, &olen, sizeof(buf))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_pk_encrypt returned -0x%04x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Write the signature into result-enc.txt
-     */
-    if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create %s\n\n",
-                       "result-enc.txt");
-        ret = 1;
-        goto exit;
-    }
-
-    for (i = 0; i < olen; i++) {
-        mbedtls_fprintf(f, "%02X%s", buf[i],
-                        (i + 1) % 16 == 0 ? "\r\n" : " ");
-    }
-
-    fclose(f);
-
-    mbedtls_printf("\n  . Done (created \"%s\")\n\n", "result-enc.txt");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_pk_free(&pk);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    mbedtls_psa_crypto_free();
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#if defined(MBEDTLS_ERROR_C)
-    if (exit_code != MBEDTLS_EXIT_SUCCESS) {
-        mbedtls_printf("Error code: %d", ret);
-        /* mbedtls_strerror(ret, (char *) buf, sizeof(buf));
-           mbedtls_printf("  !  Last error was: %s\n", buf); */
-    }
-#endif
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_PK_PARSE_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c
deleted file mode 100644
index c2c313a..0000000
--- a/programs/pkey/rsa_decrypt.c
+++ /dev/null

@@ -1,174 +0,0 @@
-/*
- *  RSA simple decryption program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/rsa.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <string.h>
-
-#endif
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_ENTROPY_C) || \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_FS_IO and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    unsigned c;
-    size_t i;
-    mbedtls_rsa_context rsa;
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char result[1024];
-    unsigned char buf[512];
-    const char *pers = "rsa_decrypt";
-    ((void) argv);
-
-    memset(result, 0, sizeof(result));
-
-    if (argc != 1) {
-        mbedtls_printf("usage: rsa_decrypt\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        mbedtls_exit(exit_code);
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    mbedtls_rsa_init(&rsa);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
-    ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
-                                &entropy, (const unsigned char *) pers,
-                                strlen(pers));
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f))  != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f))  != 0 ||
-        (ret = mbedtls_mpi_read_file(&D, 16, f))  != 0 ||
-        (ret = mbedtls_mpi_read_file(&P, 16, f))  != 0 ||
-        (ret = mbedtls_mpi_read_file(&Q, 16, f))  != 0 ||
-        (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                       ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    /*
-     * Extract the RSA encrypted value from the text file
-     */
-    if ((f = fopen("result-enc.txt", "rb")) == NULL) {
-        mbedtls_printf("\n  ! Could not open %s\n\n", "result-enc.txt");
-        goto exit;
-    }
-
-    i = 0;
-
-    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
-           i < (int) sizeof(buf)) {
-        buf[i++] = (unsigned char) c;
-    }
-
-    fclose(f);
-
-    if (i != mbedtls_rsa_get_len(&rsa)) {
-        mbedtls_printf("\n  ! Invalid RSA signature format\n\n");
-        goto exit;
-    }
-
-    /*
-     * Decrypt the encrypted RSA data and print the result.
-     */
-    mbedtls_printf("\n  . Decrypting the encrypted data");
-    fflush(stdout);
-
-    ret = mbedtls_rsa_pkcs1_decrypt(&rsa, mbedtls_ctr_drbg_random,
-                                    &ctr_drbg, &i,
-                                    buf, result, 1024);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_decrypt returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . OK\n\n");
-
-    mbedtls_printf("The decrypted result is: '%s'\n\n", result);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_rsa_free(&rsa);
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */

diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c
deleted file mode 100644
index e1ed252..0000000
--- a/programs/pkey/rsa_encrypt.c
+++ /dev/null

@@ -1,151 +0,0 @@
-/*
- *  RSA simple data encryption program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_RSA_C) && \
-    defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO) && \
-    defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/rsa.h"
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <string.h>
-#endif
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
-    !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO) || \
-    !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO and/or "
-                   "MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i;
-    mbedtls_rsa_context rsa;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    unsigned char input[1024];
-    unsigned char buf[512];
-    const char *pers = "rsa_encrypt";
-    mbedtls_mpi N, E;
-
-    if (argc != 2) {
-        mbedtls_printf("usage: rsa_encrypt <string of max 100 characters>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        mbedtls_exit(exit_code);
-    }
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
-    mbedtls_rsa_init(&rsa);
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_entropy_init(&entropy);
-
-    ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func,
-                                &entropy, (const unsigned char *) pers,
-                                strlen(pers));
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n",
-                       ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    if ((ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    if (strlen(argv[1]) > 100) {
-        mbedtls_printf(" Input data larger than 100 characters.\n\n");
-        goto exit;
-    }
-
-    memcpy(input, argv[1], strlen(argv[1]));
-
-    /*
-     * Calculate the RSA encryption of the hash.
-     */
-    mbedtls_printf("\n  . Generating the RSA encrypted value");
-    fflush(stdout);
-
-    ret = mbedtls_rsa_pkcs1_encrypt(&rsa, mbedtls_ctr_drbg_random,
-                                    &ctr_drbg, strlen(argv[1]), input, buf);
-    if (ret != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_encrypt returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    /*
-     * Write the signature into result-enc.txt
-     */
-    if ((f = fopen("result-enc.txt", "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create %s\n\n", "result-enc.txt");
-        goto exit;
-    }
-
-    for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
-        mbedtls_fprintf(f, "%02X%s", buf[i],
-                        (i + 1) % 16 == 0 ? "\r\n" : " ");
-    }
-
-    fclose(f);
-
-    mbedtls_printf("\n  . Done (created \"%s\")\n\n", "result-enc.txt");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&E);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-    mbedtls_rsa_free(&rsa);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_ENTROPY_C &&
-          MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c
deleted file mode 100644
index 3dfa852..0000000
--- a/programs/pkey/rsa_genkey.c
+++ /dev/null

@@ -1,143 +0,0 @@
-/*
- *  Example RSA key generation program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_BIGNUM_C) && defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_GENPRIME) && \
-    defined(MBEDTLS_FS_IO) && defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-#include "mbedtls/bignum.h"
-#include "mbedtls/rsa.h"
-
-#include <stdio.h>
-#include <string.h>
-#endif
-
-#define KEY_SIZE 2048
-#define EXPONENT 65537
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_ENTROPY_C) ||   \
-    !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_GENPRIME) ||      \
-    !defined(MBEDTLS_FS_IO) || !defined(MBEDTLS_CTR_DRBG_C)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
-                   "MBEDTLS_RSA_C and/or MBEDTLS_GENPRIME and/or "
-                   "MBEDTLS_FS_IO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(void)
-{
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_rsa_context rsa;
-    mbedtls_entropy_context entropy;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-    FILE *fpub  = NULL;
-    FILE *fpriv = NULL;
-    const char *pers = "rsa_genkey";
-
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-    mbedtls_rsa_init(&rsa);
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
-    mbedtls_printf("\n  . Seeding the random number generator...");
-    fflush(stdout);
-
-    mbedtls_entropy_init(&entropy);
-    if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
-                                     (const unsigned char *) pers,
-                                     strlen(pers))) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ctr_drbg_seed returned %d\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Generating the RSA key [ %d-bit ]...", KEY_SIZE);
-    fflush(stdout);
-
-    if ((ret = mbedtls_rsa_gen_key(&rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE,
-                                   EXPONENT)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_gen_key returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Exporting the public  key in rsa_pub.txt....");
-    fflush(stdout);
-
-    if ((ret = mbedtls_rsa_export(&rsa, &N, &P, &Q, &D, &E)) != 0 ||
-        (ret = mbedtls_rsa_export_crt(&rsa, &DP, &DQ, &QP))      != 0) {
-        mbedtls_printf(" failed\n  ! could not export RSA parameters\n\n");
-        goto exit;
-    }
-
-    if ((fpub = fopen("rsa_pub.txt", "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! could not open rsa_pub.txt for writing\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpub)) != 0 ||
-        (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpub)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
-        goto exit;
-    }
-
-    mbedtls_printf(" ok\n  . Exporting the private key in rsa_priv.txt...");
-    fflush(stdout);
-
-    if ((fpriv = fopen("rsa_priv.txt", "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! could not open rsa_priv.txt for writing\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_write_file("N = ", &N, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("E = ", &E, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("D = ", &D, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("P = ", &P, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("Q = ", &Q, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("DP = ", &DP, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("DQ = ", &DQ, 16, fpriv)) != 0 ||
-        (ret = mbedtls_mpi_write_file("QP = ", &QP, 16, fpriv)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_write_file returned %d\n\n", ret);
-        goto exit;
-    }
-    mbedtls_printf(" ok\n\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    if (fpub  != NULL) {
-        fclose(fpub);
-    }
-
-    if (fpriv != NULL) {
-        fclose(fpriv);
-    }
-
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-    mbedtls_rsa_free(&rsa);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_RSA_C &&
-          MBEDTLS_GENPRIME && MBEDTLS_FS_IO && MBEDTLS_CTR_DRBG_C */

diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c
deleted file mode 100644
index e88e4e3..0000000
--- a/programs/pkey/rsa_sign.c
+++ /dev/null

@@ -1,157 +0,0 @@
-/*
- *  RSA/SHA-256 signature creation program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
-    !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
-    !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_MD_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/rsa.h"
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i;
-    mbedtls_rsa_context rsa;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    char filename[512];
-    mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
-
-    mbedtls_rsa_init(&rsa);
-
-    mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
-    mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
-    mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
-
-    if (argc != 2) {
-        mbedtls_printf("usage: rsa_sign <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading private key from rsa_priv.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_priv.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_priv.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&D, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&P, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&Q, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&DP, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&DQ, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&QP, 16, f)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    if ((ret = mbedtls_rsa_import(&rsa, &N, &P, &Q, &D, &E)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_import returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_complete(&rsa)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_complete returned %d\n\n",
-                       ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Checking the private key");
-    fflush(stdout);
-    if ((ret = mbedtls_rsa_check_privkey(&rsa)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_check_privkey failed with -0x%0x\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Compute the SHA-256 hash of the input file,
-     * then calculate the RSA signature of the hash.
-     */
-    mbedtls_printf("\n  . Generating the RSA/SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[1], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[1]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_pkcs1_sign(&rsa, NULL, NULL, MBEDTLS_MD_SHA256,
-                                      32, hash, buf)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_sign returned -0x%0x\n\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    /*
-     * Write the signature into <filename>.sig
-     */
-    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
-
-    if ((f = fopen(filename, "wb+")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not create %s\n\n", argv[1]);
-        goto exit;
-    }
-
-    for (i = 0; i < mbedtls_rsa_get_len(&rsa); i++) {
-        mbedtls_fprintf(f, "%02X%s", buf[i],
-                        (i + 1) % 16 == 0 ? "\r\n" : " ");
-    }
-
-    fclose(f);
-
-    mbedtls_printf("\n  . Done (created \"%s\")\n\n", filename);
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_rsa_free(&rsa);
-    mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
-    mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
-    mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_FS_IO */

diff --git a/programs/pkey/rsa_verify.c b/programs/pkey/rsa_verify.c
deleted file mode 100644
index af6156c..0000000
--- a/programs/pkey/rsa_verify.c
+++ /dev/null

@@ -1,136 +0,0 @@
-/*
- *  RSA/SHA-256 signature verification program
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-/* md.h is included this early since MD_CAN_XXX macros are defined there. */
-#include "mbedtls/md.h"
-
-#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) ||  \
-    !defined(PSA_WANT_ALG_SHA_256) || !defined(MBEDTLS_MD_C) || \
-    !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
-                   "MBEDTLS_MD_C and/or "
-                   "PSA_WANT_ALG_SHA_256 and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-#include "mbedtls/rsa.h"
-
-#include <stdio.h>
-#include <string.h>
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int ret = 1;
-    unsigned c;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    size_t i;
-    mbedtls_rsa_context rsa;
-    mbedtls_mpi N, E;
-    unsigned char hash[32];
-    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
-    char filename[512];
-
-    mbedtls_rsa_init(&rsa);
-    mbedtls_mpi_init(&N);
-    mbedtls_mpi_init(&E);
-
-    if (argc != 2) {
-        mbedtls_printf("usage: rsa_verify <filename>\n");
-
-#if defined(_WIN32)
-        mbedtls_printf("\n");
-#endif
-
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . Reading public key from rsa_pub.txt");
-    fflush(stdout);
-
-    if ((f = fopen("rsa_pub.txt", "rb")) == NULL) {
-        mbedtls_printf(" failed\n  ! Could not open rsa_pub.txt\n" \
-                       "  ! Please run rsa_genkey first\n\n");
-        goto exit;
-    }
-
-    if ((ret = mbedtls_mpi_read_file(&N, 16, f)) != 0 ||
-        (ret = mbedtls_mpi_read_file(&E, 16, f)) != 0 ||
-        (ret = mbedtls_rsa_import(&rsa, &N, NULL, NULL, NULL, &E) != 0)) {
-        mbedtls_printf(" failed\n  ! mbedtls_mpi_read_file returned %d\n\n", ret);
-        fclose(f);
-        goto exit;
-    }
-    fclose(f);
-
-    /*
-     * Extract the RSA signature from the text file
-     */
-    mbedtls_snprintf(filename, sizeof(filename), "%s.sig", argv[1]);
-
-    if ((f = fopen(filename, "rb")) == NULL) {
-        mbedtls_printf("\n  ! Could not open %s\n\n", filename);
-        goto exit;
-    }
-
-    i = 0;
-    while (fscanf(f, "%02X", (unsigned int *) &c) > 0 &&
-           i < (int) sizeof(buf)) {
-        buf[i++] = (unsigned char) c;
-    }
-
-    fclose(f);
-
-    if (i != mbedtls_rsa_get_len(&rsa)) {
-        mbedtls_printf("\n  ! Invalid RSA signature format\n\n");
-        goto exit;
-    }
-
-    /*
-     * Compute the SHA-256 hash of the input file and
-     * verify the signature
-     */
-    mbedtls_printf("\n  . Verifying the RSA/SHA-256 signature");
-    fflush(stdout);
-
-    if ((ret = mbedtls_md_file(
-             mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
-             argv[1], hash)) != 0) {
-        mbedtls_printf(" failed\n  ! Could not open or read %s\n\n", argv[1]);
-        goto exit;
-    }
-
-    if ((ret = mbedtls_rsa_pkcs1_verify(&rsa, MBEDTLS_MD_SHA256,
-                                        32, hash, buf)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_rsa_pkcs1_verify returned -0x%0x\n\n",
-                       (unsigned int) -ret);
-        goto exit;
-    }
-
-    mbedtls_printf("\n  . OK (the signature is valid)\n\n");
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-exit:
-
-    mbedtls_rsa_free(&rsa);
-    mbedtls_mpi_free(&N);
-    mbedtls_mpi_free(&E);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && PSA_WANT_ALG_SHA_256 &&
-          MBEDTLS_FS_IO */

diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
deleted file mode 100644
index 76cb840..0000000
--- a/programs/random/CMakeLists.txt
+++ /dev/null

@@ -1,16 +0,0 @@
-set(executables
-    gen_entropy
-    gen_random_ctr_drbg
-)
-add_dependencies(${programs_target} ${executables})
-
-foreach(exe IN LISTS executables)
-    add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
-    set_base_compile_options(${exe})
-    target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
-    target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
-endforeach()
-
-install(TARGETS ${executables}
-        DESTINATION "bin"
-        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

diff --git a/programs/random/gen_entropy.c b/programs/random/gen_entropy.c
deleted file mode 100644
index eb85b62..0000000
--- a/programs/random/gen_entropy.c
+++ /dev/null

@@ -1,77 +0,0 @@
-/**
- *  \brief Use and generate multiple entropies calls into a file
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_FS_IO)
-#include "mbedtls/entropy.h"
-
-#include <stdio.h>
-#endif
-
-#if !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int i, k, ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_entropy_context entropy;
-    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
-
-    if (argc < 2) {
-        mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
-        mbedtls_exit(exit_code);
-    }
-
-    if ((f = fopen(argv[1], "wb+")) == NULL) {
-        mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
-        mbedtls_exit(exit_code);
-    }
-
-    mbedtls_entropy_init(&entropy);
-
-    for (i = 0, k = 768; i < k; i++) {
-        ret = mbedtls_entropy_func(&entropy, buf, sizeof(buf));
-        if (ret != 0) {
-            mbedtls_printf("  failed\n  !  mbedtls_entropy_func returned -%04X\n",
-                           (unsigned int) ret);
-            goto cleanup;
-        }
-
-        fwrite(buf, 1, sizeof(buf), f);
-
-        mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
-                       "%% done\r",
-                       (long) (sizeof(buf) * k / 1024),
-                       argv[1],
-                       (100 * (float) (i + 1)) / k);
-        fflush(stdout);
-    }
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-cleanup:
-    mbedtls_printf("\n");
-
-    fclose(f);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_ENTROPY_C */

diff --git a/programs/random/gen_random_ctr_drbg.c b/programs/random/gen_random_ctr_drbg.c
deleted file mode 100644
index 793c8ac..0000000
--- a/programs/random/gen_random_ctr_drbg.c
+++ /dev/null

@@ -1,109 +0,0 @@
-/**
- *  \brief Use and generate random data into a file via the CTR_DBRG based on AES
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include "mbedtls/build_info.h"
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_FS_IO)
-#include "mbedtls/entropy.h"
-#include "mbedtls/ctr_drbg.h"
-
-#include <stdio.h>
-#endif
-
-#if !defined(MBEDTLS_CTR_DRBG_C) || !defined(MBEDTLS_ENTROPY_C) || \
-    !defined(MBEDTLS_FS_IO)
-int main(void)
-{
-    mbedtls_printf("MBEDTLS_CTR_DRBG_C and/or MBEDTLS_ENTROPY_C and/or MBEDTLS_FS_IO not defined.\n");
-    mbedtls_exit(0);
-}
-#else
-
-
-int main(int argc, char *argv[])
-{
-    FILE *f;
-    int i, k, ret = 1;
-    int exit_code = MBEDTLS_EXIT_FAILURE;
-    mbedtls_ctr_drbg_context ctr_drbg;
-    mbedtls_entropy_context entropy;
-    unsigned char buf[1024];
-
-    mbedtls_ctr_drbg_init(&ctr_drbg);
-
-    if (argc < 2) {
-        mbedtls_fprintf(stderr, "usage: %s <output filename>\n", argv[0]);
-        mbedtls_exit(exit_code);
-    }
-
-    if ((f = fopen(argv[1], "wb+")) == NULL) {
-        mbedtls_printf("failed to open '%s' for writing.\n", argv[1]);
-        mbedtls_exit(exit_code);
-    }
-
-    mbedtls_entropy_init(&entropy);
-    ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
-                                mbedtls_entropy_func,
-                                &entropy,
-                                (const unsigned char *) "RANDOM_GEN",
-                                10);
-    if (ret != 0) {
-        mbedtls_printf("failed in mbedtls_ctr_drbg_seed: %d\n", ret);
-        goto cleanup;
-    }
-    mbedtls_ctr_drbg_set_prediction_resistance(&ctr_drbg, MBEDTLS_CTR_DRBG_PR_OFF);
-
-#if defined(MBEDTLS_FS_IO)
-    ret = mbedtls_ctr_drbg_update_seed_file(&ctr_drbg, "seedfile");
-
-    if (ret == MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR) {
-        mbedtls_printf("Failed to open seedfile. Generating one.\n");
-        ret = mbedtls_ctr_drbg_write_seed_file(&ctr_drbg, "seedfile");
-        if (ret != 0) {
-            mbedtls_printf("failed in mbedtls_ctr_drbg_write_seed_file: %d\n", ret);
-            goto cleanup;
-        }
-    } else if (ret != 0) {
-        mbedtls_printf("failed in mbedtls_ctr_drbg_update_seed_file: %d\n", ret);
-        goto cleanup;
-    }
-#endif
-
-    for (i = 0, k = 768; i < k; i++) {
-        ret = mbedtls_ctr_drbg_random(&ctr_drbg, buf, sizeof(buf));
-        if (ret != 0) {
-            mbedtls_printf("failed!\n");
-            goto cleanup;
-        }
-
-        fwrite(buf, 1, sizeof(buf), f);
-
-        mbedtls_printf("Generating %ldkb of data in file '%s'... %04.1f" \
-                       "%% done\r",
-                       (long) (sizeof(buf) * k / 1024),
-                       argv[1],
-                       (100 * (float) (i + 1)) / k);
-        fflush(stdout);
-    }
-
-    exit_code = MBEDTLS_EXIT_SUCCESS;
-
-cleanup:
-    mbedtls_printf("\n");
-
-    fclose(f);
-    mbedtls_ctr_drbg_free(&ctr_drbg);
-    mbedtls_entropy_free(&entropy);
-
-    mbedtls_exit(exit_code);
-}
-#endif /* MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C */

diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index 3277e52..26eb20d 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c

@@ -169,7 +169,6 @@
      * Production code should set a proper ca chain and use REQUIRED. */
     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
     mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
 

diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index a10a6e6..0e155fd 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c

@@ -200,7 +200,6 @@
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
     mbedtls_ssl_conf_read_timeout(&conf, READ_TIMEOUT_MS);
 

diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 39d07ab..e3adb3c 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c

@@ -187,8 +187,6 @@
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
-
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
                          (const unsigned char *) psk_id, sizeof(psk_id) - 1);

diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index bd2572b..dba8aab 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c

@@ -150,7 +150,6 @@
      * but makes interop easier in this simplified example */
     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
     mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
     if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {

diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index e4efadc..1f58651 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c

@@ -68,6 +68,7 @@
 #define DFL_MAX_VERSION         -1
 #define DFL_SHA1                -1
 #define DFL_AUTH_MODE           -1
+#define DFL_SET_HOSTNAME        1
 #define DFL_MFL_CODE            MBEDTLS_SSL_MAX_FRAG_LEN_NONE
 #define DFL_TRUNC_HMAC          -1
 #define DFL_RECSPLIT            -1
@@ -397,6 +398,9 @@
 #define USAGE2 \
     "    auth_mode=%%s        default: (library default: none)\n" \
     "                        options: none, optional, required\n" \
+    "    set_hostname=%%s     call mbedtls_ssl_set_hostname()?" \
+    "                        options: no, server_name, NULL\n" \
+    "                        default: server_name (but ignored if certs disabled)\n"  \
     USAGE_IO                                                \
     USAGE_KEY_OPAQUE                                        \
     USAGE_CA_CALLBACK                                       \
@@ -498,6 +502,8 @@
     int max_version;            /* maximum protocol version accepted        */
     int allow_sha1;             /* flag for SHA-1 support                   */
     int auth_mode;              /* verify mode for connection               */
+    int set_hostname;           /* call mbedtls_ssl_set_hostname()?         */
+                                /* 0=no, 1=yes, -1=NULL */
     unsigned char mfl_code;     /* code for maximum fragment length         */
     int trunc_hmac;             /* negotiate truncated hmac or not          */
     int recsplit;               /* enable record splitting?                 */
@@ -946,6 +952,7 @@
     opt.max_version         = DFL_MAX_VERSION;
     opt.allow_sha1          = DFL_SHA1;
     opt.auth_mode           = DFL_AUTH_MODE;
+    opt.set_hostname        = DFL_SET_HOSTNAME;
     opt.mfl_code            = DFL_MFL_CODE;
     opt.trunc_hmac          = DFL_TRUNC_HMAC;
     opt.recsplit            = DFL_RECSPLIT;
@@ -1338,6 +1345,16 @@
             } else {
                 goto usage;
             }
+        } else if (strcmp(p, "set_hostname") == 0) {
+            if (strcmp(q, "no") == 0) {
+                opt.set_hostname = 0;
+            } else if (strcmp(q, "server_name") == 0) {
+                opt.set_hostname = 1;
+            } else if (strcmp(q, "NULL") == 0) {
+                opt.set_hostname = -1;
+            } else {
+                goto usage;
+            }
         } else if (strcmp(p, "max_frag_len") == 0) {
             if (strcmp(q, "512") == 0) {
                 opt.mfl_code = MBEDTLS_SSL_MAX_FRAG_LEN_512;
@@ -1906,7 +1923,6 @@
 #endif
 #endif  /* MBEDTLS_HAVE_TIME */
     }
-    mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
     mbedtls_ssl_conf_read_timeout(&conf, opt.read_timeout);
@@ -2038,10 +2054,24 @@
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-    if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
-        mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n",
-                       ret);
-        goto exit;
+    switch (opt.set_hostname) {
+        case -1:
+            if ((ret = mbedtls_ssl_set_hostname(&ssl, NULL)) != 0) {
+                mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n",
+                               ret);
+                goto exit;
+            }
+            break;
+        case 0:
+            /* Skip the call */
+            break;
+        default:
+            if ((ret = mbedtls_ssl_set_hostname(&ssl, opt.server_name)) != 0) {
+                mbedtls_printf(" failed\n  ! mbedtls_ssl_set_hostname returned %d\n\n",
+                               ret);
+                goto exit;
+            }
+            break;
     }
 #endif
 

diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index f1eb21f..f8752bb 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c

@@ -160,7 +160,6 @@
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
     mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);

diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 69aefef..521bc54 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c

@@ -571,7 +571,6 @@
      * but makes interop easier in this simplified example */
     mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_OPTIONAL);
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
     if (opt.force_ciphersuite[0] != DFL_FORCE_CIPHER) {

diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 1214eb8..5701a7b 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c

@@ -401,7 +401,6 @@
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_mutexed_debug, stdout);
 
     /* mbedtls_ssl_cache_get() and mbedtls_ssl_cache_set() are thread-safe if

diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 0f27b82..2f26ca4 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c

@@ -179,7 +179,6 @@
         goto exit;
     }
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
 #if defined(MBEDTLS_SSL_CACHE_C)

diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 556e906..6338222 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c

@@ -2925,7 +2925,6 @@
 #endif
 #endif  /* MBEDTLS_HAVE_TIME */
     }
-    mbedtls_ssl_conf_rng(&conf, rng_get, &rng);
     mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
 #if defined(MBEDTLS_SSL_CACHE_C)

diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c
index 354e97e..e194b58 100644
--- a/programs/ssl/ssl_test_common_source.c
+++ b/programs/ssl/ssl_test_common_source.c

@@ -316,7 +316,6 @@
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
 /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function
  *  for more info.
  */
@@ -351,7 +350,6 @@
     return (int) (size - n);
 #endif /* MBEDTLS_X509_REMOVE_INFO */
 }
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 static void mbedtls_print_supported_sig_algs(void)
 {

diff --git a/programs/wince_main.c b/programs/wince_main.c
deleted file mode 100644
index de11162..0000000
--- a/programs/wince_main.c
+++ /dev/null

@@ -1,33 +0,0 @@
-/*
- *  Windows CE console application entry point
- *
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#if defined(_WIN32_WCE)
-
-#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS
-
-#include <windows.h>
-
-extern int main(int, const char **);
-
-int _tmain(int argc, _TCHAR *targv[])
-{
-    char **argv;
-    int i;
-
-    argv = (char **) calloc(argc, sizeof(char *));
-
-    for (i = 0; i < argc; i++) {
-        size_t len;
-        len = _tcslen(targv[i]) + 1;
-        argv[i] = (char *) calloc(len, sizeof(char));
-        wcstombs(argv[i], targv[i], len);
-    }
-
-    return main(argc, argv);
-}
-
-#endif  /* defined(_WIN32_WCE) */

diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index 1de439c..d9d5bb6 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c

@@ -383,7 +383,6 @@
             mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
         }
 
-        mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
         mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
 
         if ((ret = mbedtls_ssl_setup(&ssl, &conf)) != 0) {

diff --git a/scripts/config.py b/scripts/config.py
index 3508ce4..3fc3614 100755
--- a/scripts/config.py
+++ b/scripts/config.py

@@ -96,7 +96,6 @@
     'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
     'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # interface and behavior change
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
-    'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
     'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
     'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY', # interacts with *_USE_A64_CRYPTO_IF_PRESENT
     'MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY', # interacts with *_USE_ARMV8_A_CRYPTO_IF_PRESENT
@@ -162,7 +161,6 @@
     'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
     'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED
     'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME
-    'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C
     'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
     'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem
     'MBEDTLS_THREADING_C', # requires a threading interface
@@ -238,7 +236,6 @@
     return continuation
 
 DEPRECATED = frozenset([
-    'MBEDTLS_PSA_CRYPTO_SE_C',
     *PSA_DEPRECATED_FEATURE
 ])
 def no_deprecated_adapter(adapter):

diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index 053040a..8152189 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl

@@ -11,9 +11,18 @@
 
 use warnings;
 use strict;
+use Getopt::Long;
 use Digest::MD5 'md5_hex';
 
+# Declare variables for options
 my $vsx_dir = "visualc/VS2017";
+my $list = 0; # Default off
+
+GetOptions(
+    "directory=s" => \$vsx_dir, # Target directory
+    "list"        => \$list     # Only list generated files
+) or die "Invalid options\n";
+
 my $vsx_ext = "vcxproj";
 my $vsx_app_tpl_file = "scripts/data_files/vs2017-app-template.$vsx_ext";
 my $vsx_main_tpl_file = "scripts/data_files/vs2017-main-template.$vsx_ext";
@@ -33,6 +42,8 @@
 my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src';
 my $tls_test_source_dir = 'tests/src';
 my $tls_test_header_dir = 'tests/include/test';
+my $crypto_test_source_dir = 'tf-psa-crypto/tests/src';
+my $crypto_test_header_dir = 'tf-psa-crypto/tests/include/test';
 my $test_source_dir = 'framework/tests/src';
 my $test_header_dir = 'framework/tests/include/test';
 my $test_drivers_header_dir = 'framework/tests/include/test/drivers';
@@ -59,6 +70,7 @@
     tf-psa-crypto/drivers/everest/include/everest/vs2013
     tf-psa-crypto/drivers/everest/include/everest/kremlib
     tests/include
+    tf-psa-crypto/tests/include
     framework/tests/include
     framework/tests/programs
 );
@@ -122,9 +134,11 @@
         && -d $crypto_source_dir
         && -d $test_source_dir
         && -d $tls_test_source_dir
+        && -d $crypto_test_source_dir
         && -d $test_drivers_source_dir
         && -d $test_header_dir
         && -d $tls_test_header_dir
+        && -d $crypto_test_header_dir
         && -d $test_drivers_header_dir
         && -d $mbedtls_programs_dir
         && -d $framework_programs_dir
@@ -280,7 +294,9 @@
 
     # Remove old files to ensure that, for example, project files from deleted
     # apps are not kept
-    del_vsx_files();
+    if (not $list) {
+        del_vsx_files();
+    }
 
     my @app_list = get_app_list();
     my @header_dirs = (
@@ -289,6 +305,7 @@
                        $psa_header_dir,
                        $test_header_dir,
                        $tls_test_header_dir,
+                       $crypto_test_header_dir,
                        $test_drivers_header_dir,
                        $tls_source_dir,
                        $crypto_core_source_dir,
@@ -303,6 +320,7 @@
                        $crypto_source_dir,
                        $test_source_dir,
                        $tls_test_source_dir,
+                       $crypto_test_source_dir,
                        $test_drivers_source_dir,
                        @thirdparty_source_dirs,
                       );
@@ -313,13 +331,22 @@
     map { s!/!\\!g } @headers;
     map { s!/!\\!g } @sources;
 
-    gen_app_files( @app_list );
+    if ($list) {
+        foreach my $app (@app_list) {
+            $app =~ s/.*\///;
+            print "$vsx_dir/$app.$vsx_ext\n";
+        }
+        print "$vsx_main_file\n";
+        print "$vsx_sln_file\n";
+    } else {
+        gen_app_files( @app_list );
 
-    gen_main_file( \@headers, \@sources,
-                   $vsx_hdr_tpl, $vsx_src_tpl,
-                   $vsx_main_tpl_file, $vsx_main_file );
+        gen_main_file( \@headers, \@sources,
+                       $vsx_hdr_tpl, $vsx_src_tpl,
+                       $vsx_main_tpl_file, $vsx_main_file );
 
-    gen_vsx_solution( @app_list );
+        gen_vsx_solution( @app_list );
+    }
 
     return 0;
 }

diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index bef198f..f10b23b 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat

@@ -6,31 +6,10 @@
 @rem * Either a C compiler called "cc" must be on the PATH, or

 @rem   the "CC" environment variable must point to a C compiler.

 

-@rem @@@@ library\** @@@@

-@rem psa_crypto_driver_wrappers.h needs to be generated prior to

-@rem generate_visualc_files.pl being invoked.

-python tf-psa-crypto\scripts\generate_driver_wrappers.py || exit /b 1

-perl scripts\generate_errors.pl || exit /b 1

-perl scripts\generate_query_config.pl || exit /b 1

-perl scripts\generate_features.pl || exit /b 1

-python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1

-

-@rem @@@@ Build @@@@

-perl scripts\generate_visualc_files.pl || exit /b 1

-

-@rem @@@@ programs\** @@@@

+@rem @@@@ tf-psa-crypto @@@@

 cd tf-psa-crypto

-python scripts\generate_psa_constants.py || exit /b 1

+python framework\scripts\make_generated_files.py || exit /b 1

 cd ..

 

-@rem @@@@ tests\** @@@@

-python framework\scripts\generate_bignum_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1

-python framework\scripts\generate_config_tests.py tests\suites\test_suite_config.mbedtls_boolean.data || exit /b 1

-python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1

-python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1

-python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1

-python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1

-python tf-psa-crypto\framework\scripts\generate_test_keys.py --output tf-psa-crypto\framework\tests\include\test\test_keys.h || exit /b 1

-python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1

-python framework\scripts\generate_tls_handshake_tests.py || exit /b 1

-python framework\scripts\generate_tls13_compat_tests.py || exit /b 1

+@rem @@@@ mbedtls @@@@

+python framework\scripts\make_generated_files.py || exit /b 1


diff --git a/tests/.gitignore b/tests/.gitignore
index a4a0309..e58c8f0 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore

@@ -22,6 +22,6 @@
 /opt-testcases/tls13-compat.sh
 /suites/*.generated.data
 /suites/test_suite_config.mbedtls_boolean.data
-/src/test_keys.h
-/src/test_certs.h
+/include/test/test_keys.h
+/include/test/test_certs.h
 ###END_GENERATED_FILES###

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index a56a707..d12133d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt

@@ -19,15 +19,9 @@
     WORKING_DIRECTORY
         ${CMAKE_CURRENT_SOURCE_DIR}/..
     OUTPUT_VARIABLE
-        base_config_generated_data_files_raw)
+        base_config_generated_data_files)
 string(REGEX REPLACE "[^;]*/" ""
-       base_config_generated_data_files_raw "${base_config_generated_data_files_raw}")
-# Can be replace by list(FILTER ...) when CI CMake version is >=3.6
-foreach(file ${base_config_generated_data_files_raw})
-    if(${file} MATCHES "mbedtls")
-        list(APPEND base_config_generated_data_files ${file})
-    endif()
-endforeach()
+       base_config_generated_data_files "${base_config_generated_data_files}")
 
 # Derive generated file paths in the build directory. The generated data
 # files go into the suites/ subdirectory.
@@ -50,7 +44,6 @@
             ${MBEDTLS_PYTHON_EXECUTABLE}
             ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
             --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
-            ${config_generated_data_files}
         DEPENDS
             ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_config_tests.py
             # Do not declare the configuration files as dependencies: they
@@ -183,6 +176,7 @@
     # files are automatically included because the library targets declare
     # them as PUBLIC.
     target_include_directories(test_suite_${data_name}
+        PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include
         PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library

diff --git a/tests/Makefile b/tests/Makefile
index b6f2f8c..87a6ca1 100644
--- a/tests/Makefile
+++ b/tests/Makefile

@@ -25,16 +25,23 @@
 endif
 GENERATED_CRYPTO_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
 
-GENERATED_CONFIG_DATA_FILES_RAW := $(patsubst tests/%,%,$(shell \
+GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
 	$(PYTHON) ../framework/scripts/generate_config_tests.py --list || \
 	echo FAILED \
 ))
-ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED)
+ifeq ($(GENERATED_MBEDTLS_CONFIG_DATA_FILES),FAILED)
 $(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed)
 endif
-GENERATED_MBEDTLS_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring mbedtls,$(file)),$(file),))
-GENERATED_PSA_CONFIG_DATA_FILES := $(foreach file,$(GENERATED_CONFIG_DATA_FILES_RAW),$(if $(findstring psa,$(file)),$(addprefix ../tf-psa-crypto/tests/,$(file)),))
-GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)$(GENERATED_PSA_CONFIG_DATA_FILES)
+
+GENERATED_PSA_CONFIG_DATA_FILES := $(addprefix ../tf-psa-crypto/,$(shell \
+	$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list || \
+	echo FAILED \
+))
+ifeq ($(GENERATED_PSA_CONFIG_DATA_FILES),FAILED)
+$(error "$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_config_tests.py --list" failed)
+endif
+
+GENERATED_CONFIG_DATA_FILES := $(GENERATED_MBEDTLS_CONFIG_DATA_FILES) $(GENERATED_PSA_CONFIG_DATA_FILES)
 GENERATED_DATA_FILES += $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)
 GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_CONFIG_DATA_FILES)
 
@@ -57,9 +64,9 @@
 GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
 
 GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
-GENERATED_FILES += ../framework/tests/include/test/test_keys.h \
-                   ../tf-psa-crypto/framework/tests/include/test/test_keys.h \
-                   src/test_certs.h
+GENERATED_FILES += include/test/test_keys.h \
+                   ../tf-psa-crypto/tests/include/test/test_keys.h \
+                   include/test/test_certs.h
 
 # Generated files needed to (fully) run ssl-opt.sh
 .PHONY: ssl-opt
@@ -112,8 +119,8 @@
 generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
 generated_config_test_data:
 	echo "  Gen   $(GENERATED_CONFIG_DATA_FILES)"
-	$(PYTHON) ../framework/scripts/generate_config_tests.py $(GENERATED_MBEDTLS_CONFIG_DATA_FILES)
-	$(PYTHON) ../framework/scripts/generate_config_tests.py --directory ../tf-psa-crypto/tests/suites $(GENERATED_PSA_CONFIG_DATA_FILES)
+	$(PYTHON) ../framework/scripts/generate_config_tests.py
+	cd ../tf-psa-crypto && $(PYTHON) ./framework/scripts/generate_config_tests.py
 .SECONDARY: generated_config_test_data
 
 $(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
@@ -177,16 +184,16 @@
 
 mbedtls_test: $(MBEDTLS_TEST_OBJS)
 
-src/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
+include/test/test_certs.h: ../framework/scripts/generate_test_cert_macros.py \
 				  $($(PYTHON) ../framework/scripts/generate_test_cert_macros.py --list-dependencies)
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
 
-../framework/tests/include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
+include/test/test_keys.h: ../framework/scripts/generate_test_keys.py
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
 
-../tf-psa-crypto/framework/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
+../tf-psa-crypto/tests/include/test/test_keys.h: ../tf-psa-crypto/framework/scripts/generate_test_keys.py
 	echo "  Gen   $@"
 	$(PYTHON) ../tf-psa-crypto/framework/scripts/generate_test_keys.py --output $@
 
@@ -197,8 +204,8 @@
 # therefore the wildcard enumeration above doesn't include it.
 TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
 endif
-TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/include/test/test_keys.h \
-                  ../tf-psa-crypto/framework/tests/include/test/test_keys.h
+TEST_OBJS_DEPS += include/test/test_certs.h include/test/test_keys.h \
+                  ../tf-psa-crypto/tests/include/test/test_keys.h
 
 # Rule to compile common test C files in framework
 ../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS)

diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
deleted file mode 100644
index f230fd3..0000000
--- a/tests/configs/user-config-for-test.h
+++ /dev/null

@@ -1,29 +0,0 @@
-/* TF_PSA_CRYPTO_USER_CONFIG_FILE for testing.
- * Only used for a few test configurations.
- *
- * Typical usage (note multiple levels of quoting):
- *     make CFLAGS="'-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
- */
-
-/*
- *  Copyright The Mbed TLS Contributors
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
- * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
- * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
- * is to read and write from the entropy seed file, which is located
- * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
- * (These could have been provided as library functions, but for historical
- * reasons, they weren't, and so each integrator has to provide a copy
- * of these functions.)
- *
- * Provide implementations of these functions for testing. */
-#include <stddef.h>
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
-#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
-#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */

diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
index 3ba314f..c0c1101 100644
--- a/tests/include/test/ssl_helpers.h
+++ b/tests/include/test/ssl_helpers.h

@@ -476,6 +476,18 @@
  * /p second_ssl is used as second endpoint and their sockets have to be
  * connected before calling this function.
  *
+ * For example, to perform a full handshake:
+ * ```
+ * mbedtls_test_move_handshake_to_state(
+ *                       &server.ssl, &client.ssl,
+ *                       MBEDTLS_SSL_HANDSHAKE_OVER);
+ * mbedtls_test_move_handshake_to_state(
+ *                       &client.ssl, &server.ssl,
+ *                       MBEDTLS_SSL_HANDSHAKE_OVER);
+ * ```
+ * Note that you need both calls to reach the handshake-over state on
+ * both sides.
+ *
  * \retval  0 on success, otherwise error code.
  */
 int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,

diff --git a/tests/psa-client-server/psasim/README.md b/tests/psa-client-server/psasim/README.md
index 1b950d6..db49ae9 100644
--- a/tests/psa-client-server/psasim/README.md
+++ b/tests/psa-client-server/psasim/README.md

@@ -1,61 +1,42 @@
 # psasim
 
-This tool simulates a PSA Firmware Framework implementation.
-It allows you to develop secure partitions and their clients on a desktop computer.
-It should be able to run on all systems that support POSIX and System V IPC:
-e.g. macOS, Linux, FreeBSD, and perhaps Windows 10 WSL2.
+PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e `MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C`.
+In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations.
 
-Please note that the code in this directory is maintained by the Mbed TLS / PSA Crypto project solely for the purpose of testing the use of Mbed TLS with client/service separation. We do not recommend using this code for any other purpose. In particular:
+The goal of PSASIM is _not_ to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see [Limitations](#limitations) for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS.
+## Limitations
 
-* This simulator is not intended to pass or demonstrate compliance.
-* This code is only intended for simulation and does not have any security goals. It does not isolate services from clients.
+In the current implementation:
 
-## Building
+- Only Linux PC is supported.
+- There can be only 1 client connected to 1 server.
+- Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest.
+- Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped.
 
-To build and run the test program make sure you have `make`, `python` and a
-C compiler installed and then enter the following commands:
+## Testing
 
-```sh
-make run
-```
+Please refer to `tests/scripts/components-psasim.sh` for guidance on how to build & test PSASIM:
 
-Optionally the `DEBUG=1` command line option can be enabled to increase verbosity:
+- `component_test_psasim()`: builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands.
+- `component_test_suite_with_psasim()`: builds the server and _all_ the usual test suites (those found under the `<mbedtls-root>/tests/suites/*` folder) which are used by the CI and runs them. A small subset of test suites (`test_suite_constant_time_hmac`,`test_suite_lmots`,`test_suite_lms`) are being skipped, for CI turnover time optimization. They can be run locally if required.
 
-```sh
-make DEBUG=1 run
-```
+## How to update automatically generated files
 
-Once done with the test, it is possible to clean all the generated files with:
+A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular:
 
-```sh
-make clean
-```
+- `psa_sim_serialise.[c|h]`:
+    - Generated by `psa_sim_serialise.pl`.
+    - These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server.
+- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`:
+    - Generated by `psa_sim_generate.pl`.
+    - `psa_sim_crypto_[client|server].c` provide interfaces for PSA Crypto APIs on client and server sides, while `psa_functions_codes.h` simply enumerates all PSA Crypto APIs.
 
-## Features
+These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows:
 
-The implemented API is intended to be compliant with PSA-FF 1.0.0 with the exception of a couple of things that are a work in progress:
-
-* `psa_notify` support
-* "strict" policy in manifest
-
-The only supported "interrupts" are POSIX signals, which act
-as a "virtual interrupt".
-
-The standard PSA RoT APIs are not included (e.g. cryptography, attestation, lifecycle etc).
-
-## Design
-
-The code is designed to be readable rather than fast or secure.
-In this implementation only one message is delivered to a
-RoT service at a time.
-The code is not thread-safe.
-
-## Unsupported features
-
-Because this is a simulator there are a few things that
-can't be reasonably emulated:
-
-* Manifest MMIO regions are unsupported
-* Manifest priority field is ignored
-* Partition IDs are in fact POSIX `pid_t`, which are only assigned at runtime,
-  making it infeasible to populate pid.h with correct values.
+- `psa_sim_serialise.[c|h]`:
+    - go to `<mbedtls-root>/tests/psa-client-server/psasim/src/`
+    - run `./psa_sim_serialise.pl h > psa_sim_serialise.h`
+    - run `./psa_sim_serialise.pl c > psa_sim_serialise.c`
+- `psa_sim_crypto_[client|server].c` and `psa_functions_codes.h`:
+    - go to Mbed TLS' root folder
+    - run `./tests/psa-client-server/psasim/src/psa_sim_generate.pl`

diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index 5490337..3eec226 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl

@@ -27,9 +27,7 @@
     'mbedtls_psa_crypto_free', # redefined rather than wrapped
     'mbedtls_psa_external_get_random', # not in the default config, uses unsupported type
     'mbedtls_psa_get_stats', # uses unsupported type
-    'mbedtls_psa_inject_entropy', # not in the default config, generally not for client use anyway
     'mbedtls_psa_platform_get_builtin_key', # not in the default config, uses unsupported type
-    'mbedtls_psa_register_se_key', # not in the default config, generally not for client use anyway
     'psa_get_key_slot_number', # not in the default config, uses unsupported type
     'psa_key_derivation_verify_bytes', # not implemented yet
     'psa_key_derivation_verify_key', # not implemented yet

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index b1261bf..089cb6b 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh

@@ -1,112 +1,16 @@
 #! /usr/bin/env bash
 
-# all.sh (transitional wrapper)
+# all.sh (mbedtls part)
 #
 # Copyright The Mbed TLS Contributors
 # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 
-# This is a transitional wrapper that's only meant for the CI.
-# Developers should directly invoke on or two of:
-# - tests/scripts/mbedtls-all.sh ...
-# - (cd tf-psa-crypto && tests/scripts/all.sh ...)
-#
-# During the transition, it's illegal for a tf-psa-crypto component to have
-# the same name as an mbedtls components; since this wrapper handles both
-# sides at once, component names need to be globally unique. Once the
-# transition period is over, unicity on each side will be enough.
-#
-# For context, here are the steps of the transition:
-# 1. We have an all.sh in tf-psa-crypto but for now we don't invoke it directly
-# on the CI, only through this transitional wrapper in mbedtls. (tf-psa-crypto
-# doesn't have its own CI initially and runs Mbed TLS's instead.)
-# 2. We move all relevant components to tf-psa-crypto so that it gets the level of
-# coverage we want. We need to make sure the new names are unique.
-# 3. We change the CI job on tf-psa-crypto to stop checking out mbedtls and running
-# its all.sh - instead we do the normal thing of checking out tf-psa-crypto and
-# running its all.sh. (In two steps: (a) add the new job, (b) remove the old
-# one.)
-# 4. We remove the transitional wrapper in mbedtls and we're now free to rename
-# tf-psa-crypto components as we want. If we followed a consistent naming
-# pattern, this can be as simple as s/_tf_psa_crypto// in components-*.sh.
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
 
 # This script must be invoked from the project's root.
 
-# There are exactly 4 ways this is invoked in the CI:
-# 1. tests/scripts/all.sh --help
-# 2. tests/scripts/all.sh --list-all-components
-# 3. tests/scripts/all.sh --list-components
-# 4. tests/scripts/all.sh --seed 4 --keep-going single_component_name
-# This wrapper does not support other invocations.
+FRAMEWORK="$PWD/framework"
+source $FRAMEWORK/scripts/all-core.sh
 
-set -eu
-
-# Cases 1-3
-if [ "$#" -eq 1 ]; then
-    if [ "$1" = '--help' ]; then
-        # It doesn't matter which one we use, they're the same
-        tests/scripts/mbedtls-all.sh "$1"
-        exit 0
-    fi
-    if [ "$1" = '--list-all-components' -o "$1" = '--list-components' ]; then
-        # Invoke both
-        tests/scripts/mbedtls-all.sh "$1"
-        (cd tf-psa-crypto && tests/scripts/all.sh "$1")
-        exit 0
-    fi
-fi
-
-if [ "$#" -ne 4 -o "${1:-unset}" != '--seed' -o "${3:-unset}" != '--keep-going' ]; then
-    echo "This invocation is not supported by the transitional wrapper." >&2
-    echo "See the comments at the top of $0." >&2
-    exit 1
-fi
-
-# Case 4: invoke the right all.sh for this component
-comp_name=$4
-
-# Get the list of components available on each side.
-COMP_MBEDTLS=$(tests/scripts/mbedtls-all.sh --list-all-components | tr '\n' ' ')
-COMP_CRYPTO=$(cd tf-psa-crypto && tests/scripts/all.sh --list-all-components | tr '\n' ' ')
-
-# tell if $1 is in space-separated list $2
-is_in() {
-    needle=$1
-    haystack=$2
-    case " $haystack " in
-        *" $needle "*) echo 1;;
-        *) echo 0;;
-    esac
-}
-
-is_crypto=$(is_in "$comp_name" "$COMP_CRYPTO")
-is_mbedtls=$(is_in "$comp_name" "$COMP_MBEDTLS")
-
-# Component should be on exactly one side (see comment near the top).
-if [ "$is_crypto" -eq 1 -a "$is_mbedtls" -eq 1 ]; then
-    echo "Component '$comp_name' is both in crypto and Mbed TLS". >&2
-    echo "See the comments at the top of $0." >&2
-    exit 1
-fi
-if [ "$is_crypto" -eq 0 -a "$is_mbedtls" -eq 0 ]; then
-    echo "Component '$comp_name' is neither in crypto nor in Mbed TLS". >&2
-    echo "See the comments at the top of $0." >&2
-    exit 1
-fi
-
-
-# Invoke the real thing
-if [ "$is_crypto" -eq 1 ]; then
-    # Make sure the path to the outcomes file is absolute. This is done by
-    # pre_prepare_outcome_file() however by the time it runs we've already
-    # changed the working directory, so do it now.
-    if [ -n "${MBEDTLS_TEST_OUTCOME_FILE+set}" ]; then
-        case "$MBEDTLS_TEST_OUTCOME_FILE" in
-          [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
-        esac
-        export MBEDTLS_TEST_OUTCOME_FILE
-    fi
-    cd tf-psa-crypto
-    exec tests/scripts/all.sh "$@"
-else
-    exec tests/scripts/mbedtls-all.sh "$@"
-fi
+main "$@"

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 5f8f910..c7c9ed5 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py

@@ -118,10 +118,11 @@
             # Untested platform-specific optimizations.
             # https://github.com/Mbed-TLS/mbedtls/issues/9588
             'Config: MBEDTLS_HAVE_SSE2',
-            # Obsolete configuration option, to be replaced by
+            # Obsolete configuration options, to be replaced by
             # PSA entropy drivers.
             # https://github.com/Mbed-TLS/mbedtls/issues/8150
             'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
+            'Config: MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
             # Untested aspect of the platform interface.
             # https://github.com/Mbed-TLS/mbedtls/issues/9589
             'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',

diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
deleted file mode 100755
index ba10024..0000000
--- a/tests/scripts/check-generated-files.sh
+++ /dev/null

@@ -1,189 +0,0 @@
-#! /usr/bin/env sh
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-#
-# Purpose
-#
-# Check if generated files are up-to-date.
-
-set -eu
-
-if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
-    cat <<EOF
-$0 [-l | -u]
-This script checks that all generated file are up-to-date. If some aren't, by
-default the scripts reports it and exits in error; with the -u option, it just
-updates them instead.
-
-  -u    Update the files rather than return an error for out-of-date files.
-  -l    List generated files, but do not update them.
-EOF
-    exit
-fi
-
-. framework/scripts/project_detection.sh
-
-if in_mbedtls_repo; then
-    if [ -d tf-psa-crypto ]; then
-        crypto_core_dir='tf-psa-crypto/core'
-        builtin_drivers_dir='tf-psa-crypto/drivers/builtin/src'
-    else
-        crypto_core_dir='library'
-        builtin_drivers_dir='library'
-    fi
-elif in_tf_psa_crypto_repo; then
-    crypto_core_dir='core'
-    builtin_drivers_dir='drivers/builtin/src/'
-else
-    echo "Must be run from Mbed TLS root or TF-PSA-Crypto root" >&2
-    exit 1
-fi
-
-UPDATE=
-LIST=
-while getopts lu OPTLET; do
-    case $OPTLET in
-      l) LIST=1;;
-      u) UPDATE=1;;
-    esac
-done
-
-# check SCRIPT FILENAME[...]
-# check SCRIPT DIRECTORY
-# Run SCRIPT and check that it does not modify any of the specified files.
-# In the first form, there can be any number of FILENAMEs, which must be
-# regular files.
-# In the second form, there must be a single DIRECTORY, standing for the
-# list of files in the directory. Running SCRIPT must not modify any file
-# in the directory and must not add or remove files either.
-# If $UPDATE is empty, abort with an error status if a file is modified.
-check()
-{
-    SCRIPT=$1
-    shift
-
-    if [ -n "$LIST" ]; then
-        printf '%s\n' "$@"
-        return
-    fi
-
-    directory=
-    if [ -d "$1" ]; then
-        directory="$1"
-        rm -f "$directory"/*.bak
-        set -- "$1"/*
-    fi
-
-    for FILE in "$@"; do
-        if [ -e "$FILE" ]; then
-            cp -p "$FILE" "$FILE.bak"
-        else
-            rm -f "$FILE.bak"
-        fi
-    done
-
-    # In the case of the config tests, generate only the files to be checked
-    # by the caller as they are divided into Mbed TLS and TF-PSA-Crypto
-    # specific ones.
-    if [ "${SCRIPT##*/}" = "generate_config_tests.py" ]; then
-        "$SCRIPT" "$@"
-    else
-        "$SCRIPT"
-    fi
-
-    # Compare the script output to the old files and remove backups
-    for FILE in "$@"; do
-        if diff "$FILE" "$FILE.bak" >/dev/null 2>&1; then
-            # Move the original file back so that $FILE's timestamp doesn't
-            # change (avoids spurious rebuilds with make).
-            mv "$FILE.bak" "$FILE"
-        else
-            echo "'$FILE' was either modified or deleted by '$SCRIPT'"
-            if [ -z "$UPDATE" ]; then
-                exit 1
-            else
-                rm -f "$FILE.bak"
-            fi
-        fi
-    done
-
-    if [ -n "$directory" ]; then
-        old_list="$*"
-        set -- "$directory"/*
-        new_list="$*"
-        # Check if there are any new files
-        if [ "$old_list" != "$new_list" ]; then
-            echo "Files were deleted or created by '$SCRIPT'"
-            echo "Before: $old_list"
-            echo "After: $new_list"
-            if [ -z "$UPDATE" ]; then
-                exit 1
-            fi
-        fi
-    fi
-}
-
-# Note: if the format of calls to the "check" function changes, update
-# framework/scripts/code_style.py accordingly. For generated C source files (*.h or *.c),
-# the format must be "check SCRIPT FILENAME...". For other source files,
-# any shell syntax is permitted (including e.g. command substitution).
-
-# Note: Instructions to generate those files are replicated in:
-#   - **/Makefile (to (re)build them with make)
-#   - **/CMakeLists.txt (to (re)build them with cmake)
-#   - scripts/make_generated_files.bat (to generate them under Windows)
-
-# These checks are common to Mbed TLS and TF-PSA-Crypto
-
-# The first case is temporary for the hybrid situation with a tf-psa-crypto
-# directory in Mbed TLS that is not just a TF-PSA-Crypto submodule.
-if [ -d tf-psa-crypto ]; then
-    cd tf-psa-crypto
-    check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
-    check ../framework/scripts/generate_bignum_tests.py $(../framework/scripts/generate_bignum_tests.py --list)
-    check ../framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
-    check ../framework/scripts/generate_ecp_tests.py $(../framework/scripts/generate_ecp_tests.py --list)
-    check ../framework/scripts/generate_psa_tests.py $(../framework/scripts/generate_psa_tests.py --list)
-    cd ..
-    # Generated files that are present in the repository even in the development
-    # branch. (This is intended to be temporary, until the generator scripts are
-    # fully reviewed and the build scripts support a generated header file.)
-    check framework/scripts/generate_psa_wrappers.py tf-psa-crypto/tests/include/test/psa_test_wrappers.h tf-psa-crypto/tests/src/psa_test_wrappers.c
-    check tf-psa-crypto/scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
-                                                            ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
-    check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
-else
-    check scripts/generate_psa_constants.py ./programs/psa/psa_constant_names_generated.c
-    check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
-    if in_tf_psa_crypto_repo; then
-        check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.psa_boolean.data
-    else
-        check framework/scripts/generate_config_tests.py tests/suites/test_suite_config.mbedtls_boolean.data
-    fi
-    check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
-    check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
-    check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
-                                              ${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
-    # Generated files that are present in the repository even in the development
-    # branch. (This is intended to be temporary, until the generator scripts are
-    # fully reviewed and the build scripts support a generated header file.)
-    check framework/scripts/generate_psa_wrappers.py tests/include/test/psa_test_wrappers.h tests/src/psa_test_wrappers.c
-fi
-
-check framework/scripts/generate_test_keys.py framework/tests/include/test/test_keys.h
-
-# Additional checks for Mbed TLS only
-if in_mbedtls_repo; then
-    check scripts/generate_errors.pl library/error.c
-    check scripts/generate_query_config.pl programs/test/query_config.c
-    check scripts/generate_features.pl library/version_features.c
-    check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
-    check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
-    check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
-    check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
-    # generate_visualc_files enumerates source files (library/*.c). It doesn't
-    # care about their content, but the files must exist. So it must run after
-    # the step that creates or updates these files.
-    check scripts/generate_visualc_files.pl visualc/VS2017
-fi

diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index 3ee88a3..85731a1 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh

@@ -17,20 +17,38 @@
 }
 
 component_check_generated_files () {
-    msg "Check: check-generated-files, files generated with make" # 2s
+    msg "Check make_generated_files.py consistency"
+    make neat
+    $FRAMEWORK/scripts/make_generated_files.py
+    $FRAMEWORK/scripts/make_generated_files.py --check
+    make neat
+
+    msg "Check files generated with make"
+    MBEDTLS_ROOT_DIR="$PWD"
     make generated_files
-    tests/scripts/check-generated-files.sh
+    $FRAMEWORK/scripts/make_generated_files.py --check
 
-    msg "Check: check-generated-files -u, files present" # 2s
-    tests/scripts/check-generated-files.sh -u
-    # Check that the generated files are considered up to date.
-    tests/scripts/check-generated-files.sh
+    cd $TF_PSA_CRYPTO_ROOT_DIR
+    ./framework/scripts/make_generated_files.py --check
 
-    msg "Check: check-generated-files -u, files absent" # 2s
-    command make neat
-    tests/scripts/check-generated-files.sh -u
-    # Check that the generated files are considered up to date.
-    tests/scripts/check-generated-files.sh
+    msg "Check files generated with cmake"
+    cd "$MBEDTLS_ROOT_DIR"
+    mkdir "$OUT_OF_SOURCE_DIR"
+    cd "$OUT_OF_SOURCE_DIR"
+    cmake -D GEN_FILES=ON "$MBEDTLS_ROOT_DIR"
+    make
+    cd "$MBEDTLS_ROOT_DIR"
+
+    # Files for MS Visual Studio are not generated with cmake thus copy the
+    # ones generated with make to pacify make_generated_files.py check.
+    # Files for MS Visual Studio are rather on their way out thus not adding
+    # support for them with cmake.
+    cp -Rf visualc "$OUT_OF_SOURCE_DIR"
+
+    $FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check
+
+    cd $TF_PSA_CRYPTO_ROOT_DIR
+    ./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check
 
     # This component ends with the generated files present in the source tree.
     # This is necessary for subsequent components!

diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 3d58895..cb66e37 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh

@@ -261,21 +261,6 @@
     tests/ssl-opt.sh -f 'Default\|opaque'
 }
 
-component_test_psa_inject_entropy () {
-    msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
-    scripts/config.py full
-    scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
-    scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
-    scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
-    scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
-    scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
-    scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
-    make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS '-DTF_PSA_CRYPTO_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
-
-    msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
-    make test
-}
-
 component_full_no_pkparse_pkwrite () {
     msg "build: full without pkparse and pkwrite"
 

diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index cee4d63..2dfa6d2 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh

@@ -277,7 +277,6 @@
     scripts/config.py unset MBEDTLS_PLATFORM_C
     scripts/config.py unset MBEDTLS_NET_C
     scripts/config.py unset MBEDTLS_FS_IO
-    scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
     scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
     scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
     scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED

diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index 454d140..45d0960 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh

@@ -114,9 +114,6 @@
     # Interruptible ECC tests are not thread safe
     scripts/config.py unset MBEDTLS_ECP_RESTARTABLE
 
-    # The deprecated MBEDTLS_PSA_CRYPTO_SE_C interface is not thread safe.
-    scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
     CC=clang cmake -D CMAKE_BUILD_TYPE:String=TSan .
     make
 
@@ -189,4 +186,3 @@
     msg "test: main suites, Valgrind (full config)"
     make memcheck
 }
-

diff --git a/tests/scripts/mbedtls-all.sh b/tests/scripts/mbedtls-all.sh
deleted file mode 100755
index 089cb6b..0000000
--- a/tests/scripts/mbedtls-all.sh
+++ /dev/null

@@ -1,16 +0,0 @@
-#! /usr/bin/env bash
-
-# all.sh (mbedtls part)
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-# This file is executable; it is the entry point for users and the CI.
-# See "Files structure" in all-core.sh for other files used.
-
-# This script must be invoked from the project's root.
-
-FRAMEWORK="$PWD/framework"
-source $FRAMEWORK/scripts/all-core.sh
-
-main "$@"

diff --git a/tests/src/certs.c b/tests/src/certs.c
index bacc846..d1af5b2 100644
--- a/tests/src/certs.c
+++ b/tests/src/certs.c

@@ -13,7 +13,7 @@
 
 #include "mbedtls/pk.h"
 
-#include "test_certs.h"
+#include "test/test_certs.h"
 
 /*
  *

diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
index 1ebd5a6..91efd1c 100644
--- a/tests/src/test_helpers/ssl_helpers.c
+++ b/tests/src/test_helpers/ssl_helpers.c

@@ -767,7 +767,6 @@
 
     mbedtls_ssl_init(&(ep->ssl));
     mbedtls_ssl_config_init(&(ep->conf));
-    mbedtls_ssl_conf_rng(&(ep->conf), mbedtls_test_random, NULL);
 
     TEST_ASSERT(mbedtls_ssl_conf_get_user_data_p(&ep->conf) == NULL);
     TEST_EQUAL(mbedtls_ssl_conf_get_user_data_n(&ep->conf), 0);
@@ -864,6 +863,10 @@
     ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
     TEST_ASSERT(ret == 0);
 
+    if (MBEDTLS_SSL_IS_CLIENT == endpoint_type) {
+        ret = mbedtls_ssl_set_hostname(&(ep->ssl), "localhost");
+    }
+
 #if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
     if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
         mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 0634c26..ac9b3bb 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -476,6 +476,11 @@
     esac
 
     case " $CMD_LINE " in
+        *\ ca_callback=1\ *)
+            requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
+    esac
+
+    case " $CMD_LINE " in
         *"programs/ssl/dtls_client "*|\
         *"programs/ssl/ssl_client1 "*)
             requires_config_enabled MBEDTLS_CTR_DRBG_C
@@ -2217,7 +2222,6 @@
             "$P_CLI" \
             0
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "CA callback on client" \
             "$P_SRV debug_level=3" \
             "$P_CLI ca_callback=1 debug_level=3 " \
@@ -2226,7 +2230,6 @@
             -S "error" \
             -C "error"
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
 requires_hash_alg SHA_256
 run_test    "CA callback on server" \
@@ -5893,6 +5896,215 @@
             -C "X509 - Certificate verification failed" \
             -C "SSL - No CA Chain is set, but required to operate"
 
+# The next few tests check what happens if the server has a valid certificate
+# that does not match its name (impersonation).
+
+run_test "Authentication: hostname match, client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=localhost debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "! mbedtls_ssl_handshake returned" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname match, client required, CA callback" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -c "use CA callback for X.509 CRT verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "! mbedtls_ssl_handshake returned" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (wrong), client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
+         1 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (empty), client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name= debug_level=1" \
+         1 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (truncated), client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=localhos debug_level=1" \
+         1 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (last char), client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
+         1 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch (trailing), client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
+         1 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -c "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch, client optional" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
+         0 \
+         -c "does not match with the expected CN" \
+         -c "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname mismatch, client none" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -c "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "! mbedtls_ssl_handshake returned" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client optional" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -c "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname null, client none" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client required" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required set_hostname=no debug_level=2" \
+         1 \
+         -C "does not match with the expected CN" \
+         -c "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -c "get_hostname_for_verification() returned -" \
+         -C "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client required, CA callback" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
+         1 \
+         -C "does not match with the expected CN" \
+         -c "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -c "get_hostname_for_verification() returned -" \
+         -C "use CA callback for X.509 CRT verification" \
+         -C "x509_verify_cert() returned -" \
+         -c "! mbedtls_ssl_handshake returned" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client optional" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -c "Certificate verification without having set hostname" \
+         -c "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client none" \
+         "$P_SRV" \
+         "$P_CLI auth_mode=none set_hostname=no debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \
+         "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+         "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+         1 \
+         -C "does not match with the expected CN" \
+         -c "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -c "get_hostname_for_verification() returned -" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
+run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \
+         "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
+         "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+         1 \
+         -C "does not match with the expected CN" \
+         -c "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -c "get_hostname_for_verification() returned -" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
+         "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
+         "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
+requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
+run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
+         "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \
+         "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
+         0 \
+         -C "does not match with the expected CN" \
+         -C "Certificate verification without having set hostname" \
+         -C "Certificate verification without CN verification" \
+         -C "x509_verify_cert() returned -" \
+         -C "X509 - Certificate verification failed"
+
 # The purpose of the next two tests is to test the client's behaviour when receiving a server
 # certificate with an unsupported elliptic curve. This should usually not happen because
 # the client informs the server about the supported curves - it does, though, in the
@@ -6237,7 +6449,6 @@
 # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
 # When updating these tests, modify the matching authentication tests accordingly
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server badcert, client required" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -6249,7 +6460,6 @@
             -c "! mbedtls_ssl_handshake returned" \
             -c "X509 - Certificate verification failed"
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server badcert, client optional" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -6261,7 +6471,6 @@
             -C "! mbedtls_ssl_handshake returned" \
             -C "X509 - Certificate verification failed"
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server badcert, client none" \
             "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
              key_file=$DATA_FILES_PATH/server5.key" \
@@ -6280,7 +6489,6 @@
 # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
 # different means to have the server ignoring the client's supported curve list.
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
             "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
              crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -6291,7 +6499,6 @@
             -c "! Certificate verification flags" \
             -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
             "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
              crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
@@ -6302,7 +6509,6 @@
             -c "! Certificate verification flags"\
             -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication, CA callback: client SHA384, server required" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@@ -6314,7 +6520,6 @@
             -c "Supported Signature Algorithm found: 04 " \
             -c "Supported Signature Algorithm found: 05 "
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
 run_test    "Authentication, CA callback: client SHA256, server required" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
@@ -6326,7 +6531,6 @@
             -c "Supported Signature Algorithm found: 04 " \
             -c "Supported Signature Algorithm found: 05 "
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client badcert, server required" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
             "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6348,7 +6552,6 @@
 # detect that its write end of the connection is closed and abort
 # before reading the alert message.
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client cert not trusted, server required" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
             "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
@@ -6366,7 +6569,6 @@
             -s "! mbedtls_ssl_handshake returned" \
             -s "X509 - Certificate verification failed"
 
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client badcert, server optional" \
             "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
             "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
@@ -6387,7 +6589,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server max_int chain, client default" \
             "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
                     key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
@@ -6398,7 +6599,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server max_int+1 chain, client default" \
             "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
                     key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@@ -6409,7 +6609,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: server max_int+1 chain, client optional" \
             "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
                     key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
@@ -6421,7 +6620,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client max_int+1 chain, server optional" \
             "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
             "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@@ -6432,7 +6630,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client max_int+1 chain, server required" \
             "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
             "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
@@ -6443,7 +6640,6 @@
 
 requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
 requires_full_size_output_buffer
-requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
 run_test    "Authentication, CA callback: client max_int chain, server required" \
             "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
             "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \

diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index f3c8ff6..57b8f4e 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function

@@ -156,7 +156,6 @@
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -194,7 +193,6 @@
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -229,7 +227,6 @@
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -267,7 +264,6 @@
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -306,7 +302,6 @@
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_conf_dbg(&conf, string_debug, &buffer);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);

diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 3f84458..11648a3 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function

@@ -106,6 +106,315 @@
 #define TEST_GCM_OR_CHACHAPOLY_ENABLED
 #endif
 
+typedef enum {
+    RECOMBINE_NOMINAL,          /* param: ignored */
+    RECOMBINE_SPLIT_FIRST,      /* param: offset of split (<=0 means from end) */
+    RECOMBINE_TRUNCATE_FIRST,   /* param: offset of truncation (<=0 means from end) */
+    RECOMBINE_INSERT_EMPTY,     /* param: offset (<0 means from end) */
+    RECOMBINE_INSERT_RECORD,    /* param: record type */
+    RECOMBINE_COALESCE,         /* param: number of records (INT_MAX=all) */
+    RECOMBINE_COALESCE_SPLIT_ONCE, /* param: offset of split (<=0 means from end) */
+    RECOMBINE_COALESCE_SPLIT_BOTH_ENDS, /* param: offset, must be >0 */
+} recombine_records_instruction_t;
+
+/* Keep this in sync with the recombine_server_first_flight()
+ * See comment there. */
+#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED) && \
+    defined(PSA_WANT_ALG_SHA_256) && \
+    defined(PSA_WANT_ECC_SECP_R1_256) && \
+    defined(PSA_WANT_ECC_SECP_R1_384) && \
+    defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT) && \
+    defined(PSA_WANT_ALG_ECDSA_ANY)
+
+/* Split the first record into two pieces of lengths offset and
+ * record_length-offset. If offset is zero or negative, count from the end of
+ * the record. */
+static int recombine_split_first_record(mbedtls_test_ssl_buffer *buf,
+                                        int offset)
+{
+    const size_t header_length = 5;
+    TEST_LE_U(header_length, buf->content_length);
+    size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2);
+
+    if (offset > 0) {
+        TEST_LE_S(offset, record_length);
+    } else {
+        TEST_LE_S(-offset, record_length);
+        offset = record_length + offset;
+    }
+
+    /* Check that we have room to insert a record header */
+    TEST_LE_U(buf->content_length + header_length, buf->capacity);
+
+    /* Make room for a record header */
+    size_t new_record_start = header_length + offset;
+    size_t new_content_start = new_record_start + header_length;
+    memmove(buf->buffer + new_content_start,
+            buf->buffer + new_record_start,
+            buf->content_length - new_record_start);
+    buf->content_length += header_length;
+
+    /* Construct a header for the new record based on the existing one */
+    memcpy(buf->buffer + new_record_start, buf->buffer, header_length);
+    MBEDTLS_PUT_UINT16_BE(record_length - offset,
+                          buf->buffer, new_content_start - 2);
+
+    /* Adjust the length of the first record */
+    MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2);
+
+    return 0;
+
+exit:
+    return -1;
+}
+
+/* Truncate the first record, keeping only the first offset bytes.
+ * If offset is zero or negative, count from the end of the record.
+ * Remove the subsequent records.
+ */
+static int recombine_truncate_first_record(mbedtls_test_ssl_buffer *buf,
+                                           int offset)
+{
+    const size_t header_length = 5;
+    TEST_LE_U(header_length, buf->content_length);
+    size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2);
+
+    if (offset > 0) {
+        TEST_LE_S(offset, record_length);
+    } else {
+        TEST_LE_S(-offset, record_length);
+        offset = record_length + offset;
+    }
+
+    /* Adjust the length of the first record */
+    MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2);
+
+    /* Wipe the rest */
+    size_t truncated_end = header_length + offset;
+    memset(buf->buffer + truncated_end, '!',
+           buf->content_length - truncated_end);
+    buf->content_length = truncated_end;
+
+    return 0;
+
+exit:
+    return -1;
+}
+
+/* Insert a (dummy) record at the given offset. If offset is negative,
+ * count from the end of the first record. */
+static int recombine_insert_record(mbedtls_test_ssl_buffer *buf,
+                                   int offset,
+                                   uint8_t inserted_record_type)
+{
+    const size_t header_length = 5;
+    TEST_LE_U(header_length, buf->content_length);
+    size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2);
+
+    if (offset >= 0) {
+        TEST_LE_S(offset, record_length);
+    } else {
+        TEST_LE_S(-offset, record_length);
+        offset = record_length + offset;
+    }
+
+    uint8_t inserted_content[42] = { 0 };
+    size_t inserted_content_length = 0;
+    switch (inserted_record_type) {
+        case MBEDTLS_SSL_MSG_ALERT:
+            inserted_content[0] = MBEDTLS_SSL_ALERT_LEVEL_WARNING;
+            inserted_content[1] = MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION;
+            inserted_content_length = 2;
+            break;
+        case MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:
+            inserted_content[0] = 0x01;
+            inserted_content_length = 1;
+            break;
+        case MBEDTLS_SSL_MSG_APPLICATION_DATA:
+            inserted_content_length = sizeof(inserted_content);
+            break;
+        default:
+            /* Leave the content empty */
+            break;
+    }
+
+    /* Check that we have room to insert two record headers plus the new
+     * content. */
+    TEST_LE_U(buf->content_length + 2 * header_length + inserted_content_length,
+              buf->capacity);
+
+    /* Make room for the inserted record and a record header for the fragment */
+    size_t inserted_record_start = header_length + offset;
+    size_t inserted_content_start = inserted_record_start + header_length;
+    size_t tail_record_start = inserted_content_start + inserted_content_length;
+    size_t tail_content_start = tail_record_start + header_length;
+    memmove(buf->buffer + tail_content_start,
+            buf->buffer + inserted_record_start,
+            buf->content_length - inserted_record_start);
+    buf->content_length += 2 * header_length;
+
+    /* Construct the inserted record based on the existing one */
+    memcpy(buf->buffer + inserted_record_start, buf->buffer, header_length);
+    buf->buffer[inserted_record_start] = inserted_record_type;
+    MBEDTLS_PUT_UINT16_BE(inserted_content_length,
+                          buf->buffer, inserted_content_start - 2);
+    memcpy(buf->buffer + inserted_content_start,
+           inserted_content, inserted_content_length);
+
+    /* Construct header for the last fragment based on the existing one */
+    memcpy(buf->buffer + tail_record_start, buf->buffer, header_length);
+    MBEDTLS_PUT_UINT16_BE(record_length - offset,
+                          buf->buffer, tail_content_start - 2);
+
+    /* Adjust the length of the first record */
+    MBEDTLS_PUT_UINT16_BE(offset, buf->buffer, header_length - 2);
+
+    return 0;
+
+exit:
+    return -1;
+}
+
+/* Coalesce TLS handshake records.
+ * DTLS is not supported.
+ * Encrypted or authenticated handshake records are not supported.
+ * Assume the buffer content is a valid sequence of records.
+ *
+ * Coalesce only the first max records, or all the records if there are
+ * fewer than max.
+ * Return the number of coalesced records, or -1 on error.
+ */
+static int recombine_coalesce_handshake_records(mbedtls_test_ssl_buffer *buf,
+                                                int max)
+{
+    const size_t header_length = 5;
+    TEST_LE_U(header_length, buf->content_length);
+    if (buf->buffer[0] != MBEDTLS_SSL_MSG_HANDSHAKE) {
+        return 0;
+    }
+
+    size_t record_length = MBEDTLS_GET_UINT16_BE(buf->buffer, header_length - 2);
+    TEST_LE_U(header_length + record_length, buf->content_length);
+
+    int count;
+    for (count = 1; count < max; count++) {
+        size_t next_start = header_length + record_length;
+        if (next_start >= buf->content_length) {
+            /* We've already reached the last record. */
+            break;
+        }
+
+        TEST_LE_U(next_start + header_length, buf->content_length);
+        if (buf->buffer[next_start] != MBEDTLS_SSL_MSG_HANDSHAKE) {
+            /* There's another record, but it isn't a handshake record. */
+            break;
+        }
+        size_t next_length =
+            MBEDTLS_GET_UINT16_BE(buf->buffer, next_start + header_length - 2);
+        TEST_LE_U(next_start + header_length + next_length, buf->content_length);
+
+        /* Erase the next record header */
+        memmove(buf->buffer + next_start,
+                buf->buffer + next_start + header_length,
+                buf->content_length - next_start);
+        buf->content_length -= header_length;
+        /* Update the first record length */
+        record_length += next_length;
+        TEST_LE_U(record_length, 0xffff);
+        MBEDTLS_PUT_UINT16_BE(record_length, buf->buffer, header_length - 2);
+    }
+
+    return count;
+
+exit:
+    return -1;
+}
+
+static int recombine_records(mbedtls_test_ssl_endpoint *server,
+                             recombine_records_instruction_t instruction,
+                             int param)
+{
+    mbedtls_test_ssl_buffer *buf = server->socket.output;
+    int ret;
+
+    /* buf is a circular buffer. For simplicity, this code assumes that
+     * the data is located at the beginning. This should be ok since
+     * this function is only meant to be used on the first flight
+     * emitted by a server. */
+    TEST_EQUAL(buf->start, 0);
+
+    switch (instruction) {
+        case RECOMBINE_NOMINAL:
+            break;
+
+        case RECOMBINE_SPLIT_FIRST:
+            ret = recombine_split_first_record(buf, param);
+            TEST_LE_S(0, ret);
+            break;
+
+        case RECOMBINE_TRUNCATE_FIRST:
+            ret = recombine_truncate_first_record(buf, param);
+            TEST_LE_S(0, ret);
+            break;
+
+        case RECOMBINE_INSERT_EMPTY:
+            /* Insert an empty handshake record. */
+            ret = recombine_insert_record(buf, param, MBEDTLS_SSL_MSG_HANDSHAKE);
+            TEST_LE_S(0, ret);
+            break;
+
+        case RECOMBINE_INSERT_RECORD:
+            /* Insert an extra record at a position where splitting
+             * would be ok. */
+            ret = recombine_insert_record(buf, 5, param);
+            TEST_LE_S(0, ret);
+            break;
+
+        case RECOMBINE_COALESCE:
+            ret = recombine_coalesce_handshake_records(buf, param);
+            /* If param != INT_MAX, enforce that there were that many
+             * records to coalesce. In particular, 1 < param < INT_MAX
+             * ensures that library will see some coalesced records. */
+            if (param == INT_MAX) {
+                TEST_LE_S(1, ret);
+            } else {
+                TEST_EQUAL(ret, param);
+            }
+            break;
+
+        case RECOMBINE_COALESCE_SPLIT_ONCE:
+            ret = recombine_coalesce_handshake_records(buf, INT_MAX);
+            /* Require at least two coalesced records, otherwise this
+             * doesn't lead to a meaningful test (use
+             * RECOMBINE_SPLIT_FIRST instead). */
+            TEST_LE_S(2, ret);
+            ret = recombine_split_first_record(buf, param);
+            TEST_LE_S(0, ret);
+            break;
+
+        case RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:
+            ret = recombine_coalesce_handshake_records(buf, INT_MAX);
+            /* Accept a single record, which will be split at both ends */
+            TEST_LE_S(1, ret);
+            TEST_LE_S(1, param);
+            ret = recombine_split_first_record(buf, -param);
+            TEST_LE_S(0, ret);
+            ret = recombine_split_first_record(buf, param);
+            TEST_LE_S(0, ret);
+            break;
+
+        default:
+            TEST_FAIL("Instructions not understood");
+    }
+
+    return 1;
+
+exit:
+    return 0;
+}
+
+#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED etc */
+
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -1219,7 +1528,6 @@
                                             MBEDTLS_SSL_IS_CLIENT,
                                             MBEDTLS_SSL_TRANSPORT_DATAGRAM,
                                             MBEDTLS_SSL_PRESET_DEFAULT) == 0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
 
@@ -1341,8 +1649,7 @@
         rec_backup = rec;
 
         /* Encrypt record */
-        ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
-                                      mbedtls_test_rnd_std_rand, NULL);
+        ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
         TEST_ASSERT(ret == 0 || ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
         if (ret != 0) {
             continue;
@@ -1495,8 +1802,7 @@
             rec_backup = rec;
 
             /* Encrypt record */
-            ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec,
-                                          mbedtls_test_rnd_std_rand, NULL);
+            ret = mbedtls_ssl_encrypt_buf(&ssl, t_enc, &rec);
 
             if (ret == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL) {
                 /* It's ok if the output buffer is too small. We do insist
@@ -1949,8 +2255,7 @@
     memset(&rec.ctr[0], 0, 8);
     rec.ctr[7] = ctr;
 
-    TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec,
-                                        NULL, NULL) == 0);
+    TEST_ASSERT(mbedtls_ssl_encrypt_buf(NULL, &transform_send, &rec) == 0);
 
     if (padding_used == MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY) {
         TEST_MEMORY_COMPARE(rec.buf + rec.data_offset, rec.data_len,
@@ -2844,6 +3149,165 @@
 }
 /* END_CASE */
 
+/* This test case doesn't actually depend on certificates,
+ * but our helper code for mbedtls_test_ssl_endpoint does.
+ * Also, it needs specific hashes, algs and curves for the
+ * hardcoded test certificates. In principle both RSA and ECDSA
+ * can be used, but we hardcode ECDSA in order to avoid having
+ * to express dependencies like "RSA or ECDSA with those curves". */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ECC_SECP_R1_384:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT:PSA_WANT_ALG_ECDSA_ANY */
+void recombine_server_first_flight(int version,
+                                   int instruction, int param,
+                                   char *client_log, char *server_log,
+                                   int goal_state, int expected_ret)
+{
+    /* Make sure we have a buffer that's large enough for the longest
+     * data that the library might ever send, plus a bit extra so that
+     * we can inject more content. The library won't ever send more than
+     * 2^14 bytes of handshake messages, so we round that up. In practice
+     * we could surely get away with a much smaller buffer. The main
+     * variable part is the server certificate. */
+    enum { BUFFSIZE = 17000 };
+    mbedtls_test_ssl_endpoint client;
+    memset(&client, 0, sizeof(client));
+    mbedtls_test_ssl_endpoint server;
+    memset(&server, 0, sizeof(server));
+    mbedtls_test_handshake_test_options client_options;
+    mbedtls_test_init_handshake_options(&client_options);
+    mbedtls_test_handshake_test_options server_options;
+    mbedtls_test_init_handshake_options(&server_options);
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_test_ssl_log_pattern cli_pattern = { .pattern = client_log };
+    mbedtls_test_ssl_log_pattern srv_pattern = { .pattern = server_log };
+#else
+    (void) client_log;
+    (void) server_log;
+#endif
+    int ret = 0;
+
+    MD_OR_USE_PSA_INIT();
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_debug_set_threshold(3);
+#endif
+
+    // Does't really matter but we want to know to declare dependencies.
+    client_options.pk_alg = MBEDTLS_PK_ECDSA;
+    server_options.pk_alg = MBEDTLS_PK_ECDSA;
+
+    client_options.client_min_version = version;
+    client_options.client_max_version = version;
+#if defined(MBEDTLS_DEBUG_C)
+    client_options.cli_log_obj = &cli_pattern;
+    client_options.cli_log_fun = mbedtls_test_ssl_log_analyzer;
+#endif
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+                                              &client_options, NULL, NULL,
+                                              NULL), 0);
+
+    server_options.server_min_version = version;
+    server_options.server_max_version = version;
+#if defined(MBEDTLS_DEBUG_C)
+    server_options.srv_log_obj = &srv_pattern;
+    server_options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
+#endif
+    TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+                                              &server_options, NULL, NULL,
+                                              NULL), 0);
+
+    TEST_EQUAL(mbedtls_test_mock_socket_connect(&client.socket,
+                                                &server.socket,
+                                                BUFFSIZE), 0);
+
+    /* Client: emit the first flight from the client */
+    while (ret == 0) {
+        mbedtls_test_set_step(client.ssl.state);
+        ret = mbedtls_ssl_handshake_step(&client.ssl);
+    }
+    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
+    ret = 0;
+    TEST_EQUAL(client.ssl.state, MBEDTLS_SSL_SERVER_HELLO);
+
+    /* Server: parse the first flight from the client
+     * and emit the first flight from the server */
+    while (ret == 0) {
+        mbedtls_test_set_step(1000 + server.ssl.state);
+        ret = mbedtls_ssl_handshake_step(&server.ssl);
+    }
+    TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
+    ret = 0;
+    TEST_EQUAL(server.ssl.state, MBEDTLS_SSL_SERVER_HELLO_DONE + 1);
+
+    /* Recombine the first flight from the server */
+    TEST_ASSERT(recombine_records(&server, instruction, param));
+
+    /* Client: parse the first flight from the server
+     * and emit the second flight from the client */
+    while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) {
+        mbedtls_test_set_step(client.ssl.state);
+        ret = mbedtls_ssl_handshake_step(&client.ssl);
+        if (client.ssl.state == goal_state && ret != 0) {
+            TEST_EQUAL(ret, expected_ret);
+            goto goal_reached;
+        }
+    }
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+    /* A default TLS 1.3 handshake has only 1 flight from the server,
+     * while the default (non-resumption) 1.2 handshake has two. */
+    if (version >= MBEDTLS_SSL_VERSION_TLS1_3 &&
+        goal_state >= MBEDTLS_SSL_HANDSHAKE_OVER) {
+        TEST_EQUAL(ret, 0);
+    } else
+#endif
+    {
+        TEST_EQUAL(ret, MBEDTLS_ERR_SSL_WANT_READ);
+    }
+    ret = 0;
+
+    /* Server: parse the first flight from the client
+     * and emit the second flight from the server */
+    if (instruction == RECOMBINE_TRUNCATE_FIRST) {
+        /* Close without a notification. The case of closing with a
+         * notification is tested via RECOMBINE_INSERT_RECORD to insert
+         * an alert record (which we reject, making the client SSL
+         * context become invalid). */
+        mbedtls_test_mock_socket_close(&server.socket);
+        goto goal_reached;
+    }
+    while (ret == 0 && !mbedtls_ssl_is_handshake_over(&server.ssl)) {
+        mbedtls_test_set_step(1000 + server.ssl.state);
+        ret = mbedtls_ssl_handshake_step(&server.ssl);
+    }
+    TEST_EQUAL(ret, 0);
+
+    /* Client: parse the second flight from the server */
+    while (ret == 0 && !mbedtls_ssl_is_handshake_over(&client.ssl)) {
+        mbedtls_test_set_step(client.ssl.state);
+        ret = mbedtls_ssl_handshake_step(&client.ssl);
+    }
+    if (client.ssl.state == goal_state) {
+        TEST_EQUAL(ret, expected_ret);
+    } else {
+        TEST_EQUAL(ret, 0);
+    }
+
+goal_reached:
+#if defined(MBEDTLS_DEBUG_C)
+    TEST_ASSERT(cli_pattern.counter >= 1);
+    TEST_ASSERT(srv_pattern.counter >= 1);
+#endif
+
+exit:
+    mbedtls_test_ssl_endpoint_free(&client, NULL);
+    mbedtls_test_ssl_endpoint_free(&server, NULL);
+    mbedtls_test_free_handshake_options(&client_options);
+    mbedtls_test_free_handshake_options(&server_options);
+    MD_OR_USE_PSA_DONE();
+#if defined(MBEDTLS_DEBUG_C)
+    mbedtls_debug_set_threshold(0);
+#endif
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:PSA_WANT_ALG_SHA_256:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
 void renegotiation(int legacy_renegotiation)
 {
@@ -3033,7 +3497,6 @@
     mbedtls_ssl_conf_transport(&conf, transport);
     mbedtls_ssl_conf_min_tls_version(&conf, min_tls_version);
     mbedtls_ssl_conf_max_tls_version(&conf, max_tls_version);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == expected_ssl_setup_result);
     TEST_EQUAL(mbedtls_ssl_conf_get_endpoint(
@@ -3058,7 +3521,6 @@
     mbedtls_ssl_config conf;
     mbedtls_ssl_config_init(&conf);
 
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
     mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_CLIENT,
                                 MBEDTLS_SSL_TRANSPORT_STREAM,
                                 MBEDTLS_SSL_PRESET_DEFAULT);
@@ -3168,7 +3630,6 @@
                                            MBEDTLS_SSL_TRANSPORT_DATAGRAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT),
                0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
 
     TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
     TEST_EQUAL(mbedtls_ssl_check_dtls_clihlo_cookie(&ssl, ssl.cli_id,
@@ -3223,7 +3684,6 @@
                                             MBEDTLS_SSL_TRANSPORT_STREAM,
                                             MBEDTLS_SSL_PRESET_DEFAULT)
                 == 0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
 
     TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
 
@@ -3482,7 +3942,6 @@
                                            MBEDTLS_SSL_IS_CLIENT,
                                            MBEDTLS_SSL_TRANSPORT_STREAM,
                                            MBEDTLS_SSL_PRESET_DEFAULT), 0);
-    mbedtls_ssl_conf_rng(&conf, mbedtls_test_random, NULL);
 
     TEST_EQUAL(mbedtls_ssl_setup(&ssl, &conf), 0);
 

diff --git a/tests/suites/test_suite_ssl.records.data b/tests/suites/test_suite_ssl.records.data
new file mode 100644
index 0000000..8220cb0
--- /dev/null
+++ b/tests/suites/test_suite_ssl.records.data

@@ -0,0 +1,162 @@
+Recombine server flight 1: TLS 1.2, nominal
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.3, nominal
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_NOMINAL:0:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, coalesce 2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:2:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, coalesce 3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:3:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, coalesce all
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+# TLS 1.3 has a single non-encrypted handshake record, so this doesn't
+# actually perform any coalescing. Run the test case anyway, but this does
+# very little beyond exercising the test code itself a little.
+Recombine server flight 1: TLS 1.3, coalesce all
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_COALESCE:INT_MAX:"<= handshake wrapup":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, split first at 4
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.3, split first at 4
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, split first at end-1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.3, split first at end-1
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:-1:"subsequent handshake fragment\: 1,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+# The library doesn't support an initial handshake fragment that doesn't
+# contain the full 4-byte handshake header.
+Recombine server flight 1: TLS 1.2, split first at 3 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, split first at 3 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:3:"handshake message too short\: 3":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, split first at 2 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, split first at 2 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:2:"handshake message too short\: 2":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, split first at 1 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, split first at 1 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:1:"handshake message too short\: 1":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, truncate at 4 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ
+
+Recombine server flight 1: TLS 1.3, truncate at 4 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_TRUNCATE_FIRST:4:"initial handshake fragment\: 4, 0..4 of":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_WANT_READ
+
+Recombine server flight 1: TLS 1.2, insert empty record after first (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_CERTIFICATE:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, insert empty record after first (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_SPLIT_FIRST:0:"rejecting empty record":"":MBEDTLS_SSL_ENCRYPTED_EXTENSIONS:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, insert empty record at start (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, insert empty record at start (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:0:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, insert empty record at 42 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, insert empty record at 42 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_EMPTY:42:"rejecting empty record":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, insert ChangeCipherSpec record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.3, insert ChangeCipherSpec record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.2, insert alert record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.3, insert alert record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_ALERT:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.2, insert data record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.3, insert data record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_APPLICATION_DATA:"non-handshake message in the middle of a fragmented handshake message":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE
+
+Recombine server flight 1: TLS 1.2, insert CID record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, insert CID record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:MBEDTLS_SSL_MSG_CID:"unknown record type":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.2, insert unknown record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+Recombine server flight 1: TLS 1.3, insert unknown record at 5 (bad)
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED:PSA_WANT_ALG_CHACHA20_POLY1305
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_3:RECOMBINE_INSERT_RECORD:255:"unknown record type 255":"":MBEDTLS_SSL_SERVER_HELLO:MBEDTLS_ERR_SSL_INVALID_RECORD
+
+# Since there is a single unencrypted handshake message in the first flight
+# from the server, and the test code that recombines handshake records can only
+# handle plaintext records, we can't have TLS 1.3 tests with coalesced
+# handshake messages. Hence most coalesce-and-split test cases are 1.2-only.
+
+Recombine server flight 1: TLS 1.2, coalesce and split at 4
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:4:"initial handshake fragment\: 4, 0..4 of":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+# The last message of the first flight from the server is ServerHelloDone,
+# which is an empty handshake message, i.e. of length 4. The library doesn't
+# support fragmentation of a handshake header, so the last place where we
+# can split the flight is 4+1 = 5 bytes before it ends, with 1 byte in the
+# previous handshake message and 4 bytes of ServerHelloDone including header.
+Recombine server flight 1: TLS 1.2, coalesce and split at end-5
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_ONCE:-5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0
+
+Recombine server flight 1: TLS 1.2, coalesce and split at both ends
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+recombine_server_first_flight:MBEDTLS_SSL_VERSION_TLS1_2:RECOMBINE_COALESCE_SPLIT_BOTH_ENDS:5:"subsequent handshake fragment\: 5,":"<= handshake wrapup":MBEDTLS_SSL_HANDSHAKE_OVER:0

diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 376cd12..107d923 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function

@@ -11,37 +11,6 @@
 #include "mbedtls/pk.h"
 #include "mbedtls/psa_util.h"
 
-#if defined(MBEDTLS_PEM_WRITE_C) && \
-    defined(MBEDTLS_X509_CRT_WRITE_C) && \
-    defined(MBEDTLS_X509_CRT_PARSE_C) && \
-    defined(PSA_WANT_ALG_SHA_1) && \
-    defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-static int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
-                                    const unsigned char *input, unsigned char *output,
-                                    size_t output_max_len)
-{
-    return mbedtls_rsa_pkcs1_decrypt((mbedtls_rsa_context *) ctx, NULL, NULL,
-                                     olen, input, output, output_max_len);
-}
-
-static int mbedtls_rsa_sign_func(void *ctx,
-                                 mbedtls_md_type_t md_alg, unsigned int hashlen,
-                                 const unsigned char *hash, unsigned char *sig)
-{
-    return mbedtls_rsa_pkcs1_sign((mbedtls_rsa_context *) ctx,
-                                  mbedtls_psa_get_random,
-                                  MBEDTLS_PSA_RANDOM_STATE,
-                                  md_alg,
-                                  hashlen,
-                                  hash,
-                                  sig);
-}
-static size_t mbedtls_rsa_key_len_func(void *ctx)
-{
-    return ((const mbedtls_rsa_context *) ctx)->len;
-}
-#endif
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && \
     defined(MBEDTLS_PEM_WRITE_C) && defined(MBEDTLS_X509_CSR_WRITE_C)
 static int x509_crt_verifycsr(const unsigned char *buf, size_t buflen)
@@ -436,19 +405,6 @@
 
     issuer_key_type = mbedtls_pk_get_type(&issuer_key);
 
-#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
-    /* For RSA PK contexts, create a copy as an alternative RSA context. */
-    if (pk_wrap == 1 && issuer_key_type == MBEDTLS_PK_RSA) {
-        TEST_ASSERT(mbedtls_pk_setup_rsa_alt(&issuer_key_alt,
-                                             mbedtls_pk_rsa(issuer_key),
-                                             mbedtls_rsa_decrypt_func,
-                                             mbedtls_rsa_sign_func,
-                                             mbedtls_rsa_key_len_func) == 0);
-
-        key = &issuer_key_alt;
-    }
-#endif
-
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     /* Turn the issuer PK context into an opaque one. */
     if (pk_wrap == 2) {

diff --git a/tf-psa-crypto b/tf-psa-crypto
index f5b4a9c..4a9f29b 160000
--- a/tf-psa-crypto
+++ b/tf-psa-crypto

@@ -1 +1 @@
-Subproject commit f5b4a9ce21ea86c00163e175540c2f7d26c65a36
+Subproject commit 4a9f29b05c661bd874c75d80339fcce00adea4e0

diff --git a/visualc/VS2017/.gitignore b/visualc/VS2017/.gitignore
index a9ded4a..e45eaf6 100644
--- a/visualc/VS2017/.gitignore
+++ b/visualc/VS2017/.gitignore

@@ -1,4 +1,4 @@
-# Files that may be left over from check-generated-files.sh
+# Files that may be left over from make_generated-files.py --check
 /*.bak
 
 # Visual Studio artifacts
commit	8ab3d8c25d4c364c0423338bdd69bccc61447be2	[log] [tgz]
author	Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	Mon Apr 14 10:03:58 2025 +0000
committer	GitHub <noreply@github.com>	Mon Apr 14 10:03:58 2025 +0000
tree	22d6e591044a51bfc963688bb9486e3134e18a28
parent	a3d27b54fc9dd5d4f030e3e46e637015a863362c [diff]
parent	b430f8235cd71e48cd67998da615614dde7db47b [diff]