diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 528e215031..8b32378ef5 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -26,7 +26,9 @@
 #ifndef MBEDTLS_CONFIG_PSA_H
 #define MBEDTLS_CONFIG_PSA_H
 
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 #include "psa/crypto_config.h"
+#endif /* defined(MBEDTLS_PSAY_CRYPTO_CONFIG) */
 
 #ifdef __cplusplus
 extern "C" {
@@ -42,7 +44,7 @@ extern "C" {
 #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA) */
 #endif /* defined(PSA_WANT_ALG_ECDSA) */
 
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#if defined(PSA_WANT_ALG_ECDSA_DETERMINISTIC)
 #if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC)
 #define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA
 #else /*  && !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */
@@ -50,6 +52,20 @@ extern "C" {
 #endif /* !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA_DETERMINISTIC) */
 #endif /* defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA) */
 
+#else /* MBEDTLS_PSA_CRYPTO_CONFIG */
+
+/*
+ * Ensure PSA_WANT_* defines are setup properly if MBEDTLS_PSA_CRYPTO_CONFIG
+ * is not defined
+ */
+#ifdef MBEDTLS_ECDSA_C
+#define PSA_WANT_ALG_ECDSA
+#endif /* MBEDTLS_ECDSA_C */
+
+#ifdef MBEDTLS_ECDSA_DETERMINISTIC
+#define PSA_WANT_ALG_ECDSA_DETERMINISTIC
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+
 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
 
 #ifdef __cplusplus
diff --git a/library/psa_crypto_driver_wrappers.c b/library/psa_crypto_driver_wrappers.c
index d41209bbfb..140bab626d 100644
--- a/library/psa_crypto_driver_wrappers.c
+++ b/library/psa_crypto_driver_wrappers.c
@@ -583,7 +583,7 @@ psa_status_t psa_driver_wrapper_cipher_encrypt_setup(
 #endif /* PSA_CRYPTO_DRIVER_TEST */
         default:
             /* Key is declared with a lifetime not known to us */
-            return( PSA_ERROR_BAD_STATE );
+            return( PSA_ERROR_NOT_SUPPORTED );
     }
 #else /* PSA_CRYPTO_DRIVER_PRESENT */
     (void)slot;
diff --git a/scripts/config.py b/scripts/config.py
index 017bba0aa8..bb3fa1b4ae 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -184,6 +184,7 @@ EXCLUDE_FROM_FULL = frozenset([
     'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
     'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
     'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
+    'MBEDTLS_PSA_CRYPTO_CONFIG', # used to switch between old/new style config
     'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
     'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
     'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature