Manuel Pégourié-Gonnard

Note: we currently have OpenSSL 3.0 and 3.1 installed in the CI's docker images: https://github.com/Mbed-TLS/mbedtls-test/blob/master/resources/docker_files/ubuntu-16.04/Dockerfile#L196 So this is now about whether we are using them when we should.

Also, I was wondering what level of interop testing we currently have. So, I grabbed the `outcomes.csv` file from a random PR and grepped around. ``` % egrep 'component_test_tls13;(ssl-opt|tls13-).*1\.3' outcomes.csv...

> So this is now about whether we are using them when we should. I'll note we currently have a function `requires_openssl_3_x` that tests if `OPENSSL_NEXT` is 3.x. That makes...

> * ecp.h: this should probably be internal? Note: we can't make `ecp.h` internal without a regression unless we've done #7292, #7293 and #7294 first. (To clarify, since those are...

> partially supersede #8525 Was it really partial? Or can #8525 be closed now?

Ping @dave-rodgman - I think you took notes during the meeting, please correct my list if it's not in line with those notes.

Note: some legacy modules, when made internal, can actually be removed as well - when the PSA implementation of that feature doesn't actually use the legacy module. For example for...

> (Note: currently `psa_crypto_ecp.c` calls functions from `ecdh.c` but I don't think there's a good reason for that, IMO it should be calling `mbedtls_ecp_mul()` directly instead.) Ah, actually there's a...

I'm also suggesting we grep the generated `libmbedtls.a` in order to ensure `mbedtls_pk_setup_opaque()` is indeed present.

Note: adding this to the "legacy-to-PSA migration helpers" EPIC as I think that was the intention (was on the EPICs board but not in any EPIC).