diff --git a/framework b/framework
index 6c9076eef1a..8338ee053d6 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 6c9076eef1aaba371550ebc1145aed7227154b99
+Subproject commit 8338ee053d628c4b2fb0430b9cf0df265faeb19d
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 14e7afa740e..353d3e809aa 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -179,8 +179,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_S
 x509_cert_info:"../framework/data_files/parse_input/server4.crt":"cert. version     \: 3\nserial number     \: 08\nissuer name       \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-09-24 15\:52\:04\nexpires on        \: 2023-09-22 15\:52\:04\nsigned using      \: ECDSA with SHA256\nRSA key size      \: 2048 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information EC signed by RSA
-depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C
-x509_cert_info:"../framework/data_files/parse_input/server3.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2013-08-09 09\:17\:03\nexpires on        \: 2023-08-07 09\:17\:03\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\nbasic constraints \: CA=false\n"
+depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C
+x509_cert_info:"../framework/data_files/parse_input/server5-rsa-signed.crt":"cert. version     \: 3\nserial number     \: 0D\nissuer name       \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      \: C=NL, O=PolarSSL, CN=localhost\nissued  on        \: 2019-02-10 14\:44\:06\nexpires on        \: 2029-02-10 14\:44\:06\nsigned using      \: RSA with SHA1\nEC key size       \: 256 bits\nbasic constraints \: CA=false\n"
 
 X509 CRT information Bitstring in subject name
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1
@@ -752,8 +752,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V1
 x509_verify:"../framework/data_files/cert_example_multi_nocn.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
 
 X509 CRT verification #32 (Valid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
-x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
+x509_verify:"../framework/data_files/server5-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":0:0:"compat":"NULL"
 
 X509 CRT verification #33 (Valid, RSA cert, EC CA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384
@@ -1000,8 +1000,8 @@ depends_on:MBEDTLS_PEM_PARSE_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PS
 x509_verify:"../framework/data_files/server5.crt":"../framework/data_files/test-ca2.crt":"../framework/data_files/crl-ec-sha256.pem":"globalhost":0:0:"":"verify_all"
 
 X509 CRT verification #93 (Suite B invalid, EC cert, RSA CA)
-depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
-x509_verify:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
+depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_1
+x509_verify:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":"../framework/data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY|MBEDTLS_X509_BADCRL_BAD_MD|MBEDTLS_X509_BADCRL_BAD_PK:"suite_b":"NULL"
 
 X509 CRT verification #94 (Suite B invalid, RSA cert, EC CA)
 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ALG_SHA_256:PSA_WANT_ECC_SECP_R1_256:MBEDTLS_PKCS1_V15:PSA_WANT_ECC_SECP_R1_384
@@ -2391,13 +2391,25 @@ X509 CRT ASN1 (ECDSA signature, RSA key)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_1:PSA_HAVE_ALG_SOME_ECDSA
 x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version     \: 1\nserial number     \: 03\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:46\:18\nexpires on        \: 2023-07-08 09\:46\:18\nsigned using      \: ECDSA with SHA1\nRSA key size      \: 384 bits\n":0
 
+# This was generated as follows:
+# 1. generate EC key -> openssl ecparam -name secp256r1 -genkey -noout -out secp256.key
+# 2. generate CSR -> openssl req -new -key secp256.key -out secp256.csr -subj "/CN=Test/"
+# 3. generate CRT -> openssl x509 -req -in secp256.csr -sha1 -signkey secp256.key -days 3650 -set_serial 0xf41534662ec7e912 -out secp256.crt -outform DER
+# 4. get generated DER content -> xxd -ps secp256.crt
 X509 CRT ASN1 (ECDSA signature, EC key)
-depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1
-x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version     \: 1\nserial number     \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 09\:40\:19\nexpires on        \: 2023-07-08 09\:40\:19\nsigned using      \: ECDSA with SHA1\nEC key size       \: 192 bits\n":0
-
+depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
+x509parse_crt:"3082010b3081b3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b06035504030c0454657374301e170d3235313132373132313634305a170d3335313132353132313634305a300f310d300b06035504030c04546573743059301306072a8648ce3d020106082a8648ce3d0301070342000478553e5f2e2a8575809988ccff53367a2b239599cb062d1c3047dd3dc60f839c7c6e81b7ee69b84d75628e5ec2e36318c55f0ac92abd9e365b26f70467750f42300906072a8648ce3d0401034800304502202ca181fa577a3e0250587b756a68b9e63ff7fcb59d72ed1941d5c732444346c8022100ad7d2effe0488257e6bd0a408ebd1e81a0627ccbf7f87b9fe14358bba69603d7":"cert. version     \: 1\nserial number     \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2025-11-27 12\:16\:40\nexpires on        \: 2035-11-25 12\:16\:40\nsigned using      \: ECDSA with SHA1\nEC key size       \: 256 bits\n":0
+
+# This was generated as follows:
+# 1. generate EC key -> openssl ecparam -name secp256r1 -genkey -noout -out secp256.key
+# 2. generate CSR -> openssl req -new -key secp256.key -out secp256.csr -subj "/CN=Test/"
+# 3. generate RSA key -> openssl genrsa -out rsa_1024.key 1024
+# 4. generate RSA CA cert -> openssl req -new -x509 -key rsa_1024.key -sha1 -days 3650 -subj="/CN=Test/" -out ca_rsa_1024.crt
+# 5. generate final CRT -> openssl x509 -req -in secp256.csr -CA ca_rsa_1024.crt -CAkey rsa_1024.key -days 3650 -sha1 -set_serial 4 -out secp256-rsa.crt -outform DER
+# 4. get generated DER content -> xxd -ps secp256-rsa.crt
 X509 CRT ASN1 (RSA signature, EC key)
-depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C
-x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version     \: 1\nserial number     \: 04\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2013-07-10 15\:02\:37\nexpires on        \: 2023-07-08 15\:02\:37\nsigned using      \: RSA with SHA1\nEC key size       \: 192 bits\n":0
+depends_on:PSA_HAVE_ALG_SOME_ECDSA:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1:MBEDTLS_RSA_C
+x509parse_crt:"308201453081af020104300d06092a864886f70d0101050500300f310d300b06035504030c0454657374301e170d3235313132373133333235325a170d3335313132353133333235325a300f310d300b06035504030c04546573743059301306072a8648ce3d020106082a8648ce3d0301070342000478553e5f2e2a8575809988ccff53367a2b239599cb062d1c3047dd3dc60f839c7c6e81b7ee69b84d75628e5ec2e36318c55f0ac92abd9e365b26f70467750f42300d06092a864886f70d010105050003818100973b30950c1504ede8597b266acf65aaa159e3e598c8e4fea7708558b41b049fb75fd679116e6e482241e7912830929aaf8bb47b14435a167103696aaa675c147e496d1bc5f3cf5340481fbd4af24a66d61e97b5022a35f2d0f8ad98410a9fa371d28862aafb27df47f39888770d515b0d0e24fa3d6987b1cc3e8c12db1f4ba3":"cert. version     \: 1\nserial number     \: 04\nissuer name       \: CN=Test\nsubject name      \: CN=Test\nissued  on        \: 2025-11-27 13\:32\:52\nexpires on        \: 2035-11-25 13\:32\:52\nsigned using      \: RSA with SHA1\nEC key size       \: 256 bits\n":0
 
 X509 CRT ASN1 (Unsupported critical extension)
 depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2662,8 +2674,8 @@ depends_on:PSA_WANT_ALG_SHA_256:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_2
 mbedtls_x509_crt_verify_chain:"../framework/data_files/dir4/cert92.crt":"../framework/data_files/dir4/cert91.crt":-1:MBEDTLS_ERR_X509_BAD_INPUT_DATA:"nonesuch":0
 
 X509 CRT verify chain #12 (suiteb profile, RSA root)
-depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_192:PSA_WANT_ALG_SHA_1
-mbedtls_x509_crt_verify_chain:"../framework/data_files/server3.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
+depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_256:PSA_WANT_ALG_SHA_1
+mbedtls_x509_crt_verify_chain:"../framework/data_files/server11-rsa-signed.crt":"../framework/data_files/test-ca.crt":MBEDTLS_X509_BADCERT_BAD_MD|MBEDTLS_X509_BADCERT_BAD_PK|MBEDTLS_X509_BADCERT_BAD_KEY:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:"suiteb":0
 
 X509 CRT verify chain #13 (RSA only profile, EC root)
 depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C:PSA_HAVE_ALG_ECDSA_VERIFY:PSA_WANT_ECC_SECP_R1_384