Merge remote-tracking branch 'public/development' into development-restricted

* public/development: (23 commits)
  tests: suite_x509parse: set PSA max operations in x509_verify_restart()
  library: debug: remove mbedtls_debug_printf_ecdh()
  library: debug: make mbedtls_debug_print_psa_ec() static
  Remove call to pk_decrypt() in ssl_server2
  Change hardcoded error values in ssl-opt to take in the PSA error alias
  Test with GCC 15 with sloppy union initialization
  Update crypto with the union initialization fixes
  Mark ssl_tls12_preset_suiteb_sig_algs const
  Mark ssl_tls12_preset_default_sig_algs const
  Use PSA macros for the `pkalgs` domain
  reverted compat-2.x.h removal from psa-transition.md
  Correct ChangeLog file extension
  Add ChangeLog
  remove compat-2.x.h
  Remove trace of secp224k1
  Update submodules
  Improve comments
  Allow gcc-15 to be in $PATH
  Enable drivers when testing with GCC 15
  GCC 15: Silence -Wunterminated-string-initialization
  ...

programs/ssl/ssl_server2.c

@@ -1140,7 +1140,6 @@ static int ssl_async_set_key(ssl_async_key_context_t *ctx,
 
 typedef enum {
     ASYNC_OP_SIGN,
-    ASYNC_OP_DECRYPT,
 } ssl_async_operation_type_t;
 
 typedef struct {
@@ -1160,7 +1159,6 @@ typedef struct {
 static const char *const ssl_async_operation_names[] =
 {
     "sign",
-    "decrypt",
 };
 
 static int ssl_async_start(mbedtls_ssl_context *ssl,
@@ -1261,11 +1259,6 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
     }
 
     switch (ctx->operation_type) {
-        case ASYNC_OP_DECRYPT:
-            ret = mbedtls_pk_decrypt(key_slot->pk,
-                                     ctx->input, ctx->input_len,
-                                     output, output_len, output_size);
-            break;
         case ASYNC_OP_SIGN:
             ret = mbedtls_pk_sign(key_slot->pk,
                                   ctx->md_alg,

programs/test/dlopen.c

@@ -50,8 +50,15 @@ int main(void)
 #if defined(MBEDTLS_SSL_TLS_C)
     void *tls_so = dlopen(TLS_SO_FILENAME, RTLD_NOW);
     CHECK_DLERROR("dlopen", TLS_SO_FILENAME);
+#pragma GCC diagnostic push
+    /* dlsym() returns an object pointer which is meant to be used as a
+     * function pointer. This has undefined behavior in standard C, so
+     * "gcc -std=c99 -pedantic" complains about it, but it is perfectly
+     * fine on platforms that have dlsym(). */
+#pragma GCC diagnostic ignored "-Wpedantic"
     const int *(*ssl_list_ciphersuites)(void) =
         dlsym(tls_so, "mbedtls_ssl_list_ciphersuites");
+#pragma GCC diagnostic pop
     CHECK_DLERROR("dlsym", "mbedtls_ssl_list_ciphersuites");
     const int *ciphersuites = ssl_list_ciphersuites();
     for (n = 0; ciphersuites[n] != 0; n++) {/* nothing to do, we're just counting */
@@ -85,9 +92,15 @@ int main(void)
         CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME);
         crypto_so_filename = TFPSACRYPTO_SO_FILENAME;
     }
-
+#pragma GCC diagnostic push
+    /* dlsym() returns an object pointer which is meant to be used as a
+     * function pointer. This has undefined behavior in standard C, so
+     * "gcc -std=c99 -pedantic" complains about it, but it is perfectly
+     * fine on platforms that have dlsym(). */
+#pragma GCC diagnostic ignored "-Wpedantic"
     const int *(*md_list)(void) =
         dlsym(crypto_so, "mbedtls_md_list");
+#pragma GCC diagnostic pop
     CHECK_DLERROR("dlsym", "mbedtls_md_list");
     const int *mds = md_list();
     for (n = 0; mds[n] != 0; n++) {/* nothing to do, we're just counting */