diff --git a/thirdparty/mbedtls/include/psa/crypto.h b/thirdparty/mbedtls/include/psa/crypto.h
index 7083bd911b..92f9c824e9 100644
--- a/thirdparty/mbedtls/include/psa/crypto.h
+++ b/thirdparty/mbedtls/include/psa/crypto.h
@@ -3834,12 +3834,14 @@ psa_status_t psa_key_derivation_output_key(
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
+#ifndef __cplusplus
 psa_status_t psa_key_derivation_output_key_ext(
     const psa_key_attributes_t *attributes,
     psa_key_derivation_operation_t *operation,
     const psa_key_production_parameters_t *params,
     size_t params_data_length,
     mbedtls_svc_key_id_t *key);
+#endif
 
 /** Compare output data from a key derivation operation to an expected value.
  *
@@ -4180,10 +4182,12 @@ psa_status_t psa_generate_key(const psa_key_attributes_t *attributes,
  *         It is implementation-dependent whether a failure to initialize
  *         results in this error code.
  */
+#ifndef __cplusplus
 psa_status_t psa_generate_key_ext(const psa_key_attributes_t *attributes,
                                   const psa_key_production_parameters_t *params,
                                   size_t params_data_length,
                                   mbedtls_svc_key_id_t *key);
+#endif
 
 /**@}*/
 
diff --git a/thirdparty/mbedtls/include/psa/crypto_struct.h b/thirdparty/mbedtls/include/psa/crypto_struct.h
index 3913551aa8..e2c227b2eb 100644
--- a/thirdparty/mbedtls/include/psa/crypto_struct.h
+++ b/thirdparty/mbedtls/include/psa/crypto_struct.h
@@ -223,11 +223,13 @@ static inline struct psa_key_derivation_s psa_key_derivation_operation_init(
     return v;
 }
 
+#ifndef __cplusplus
 struct psa_key_production_parameters_s {
     /* Future versions may add other fields in this structure. */
     uint32_t flags;
     uint8_t data[];
 };
+#endif
 
 /** The default production parameters for key generation or key derivation.
  *
diff --git a/thirdparty/mbedtls/include/psa/crypto_types.h b/thirdparty/mbedtls/include/psa/crypto_types.h
index c21bad86cc..a36b6ee65d 100644
--- a/thirdparty/mbedtls/include/psa/crypto_types.h
+++ b/thirdparty/mbedtls/include/psa/crypto_types.h
@@ -477,7 +477,9 @@ typedef uint16_t psa_key_derivation_step_t;
  * - Other key types: reserved for future use. \c flags must be 0.
  *
  */
+#ifndef __cplusplus
 typedef struct psa_key_production_parameters_s psa_key_production_parameters_t;
+#endif
 
 /**@}*/
 
diff --git a/thirdparty/mbedtls/library/psa_crypto_core.h b/thirdparty/mbedtls/library/psa_crypto_core.h
index 9462d2e8be..c059162efe 100644
--- a/thirdparty/mbedtls/library/psa_crypto_core.h
+++ b/thirdparty/mbedtls/library/psa_crypto_core.h
@@ -351,9 +351,11 @@ psa_status_t psa_export_public_key_internal(
  * \param[in] params            The key production parameters to check.
  * \param params_data_length    Size of `params->data` in bytes.
  */
+#ifndef __cplusplus
 int psa_key_production_parameters_are_default(
     const psa_key_production_parameters_t *params,
     size_t params_data_length);
+#endif
 
 /**
  * \brief Generate a key.
@@ -378,12 +380,14 @@ int psa_key_production_parameters_are_default(
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of \p key_buffer is too small.
  */
+#ifndef __cplusplus
 psa_status_t psa_generate_key_internal(const psa_key_attributes_t *attributes,
                                        const psa_key_production_parameters_t *params,
                                        size_t params_data_length,
                                        uint8_t *key_buffer,
                                        size_t key_buffer_size,
                                        size_t *key_buffer_length);
+#endif
 
 /** Sign a message with a private key. For hash-and-sign algorithms,
  *  this includes the hashing step.
diff --git a/thirdparty/mbedtls/library/psa_crypto_driver_wrappers.h b/thirdparty/mbedtls/library/psa_crypto_driver_wrappers.h
index ea6aee32eb..6919971aca 100644
--- a/thirdparty/mbedtls/library/psa_crypto_driver_wrappers.h
+++ b/thirdparty/mbedtls/library/psa_crypto_driver_wrappers.h
@@ -728,6 +728,7 @@ static inline psa_status_t psa_driver_wrapper_get_key_buffer_size_from_key_data(
     }
 }
 
+#ifndef __cplusplus
 static inline psa_status_t psa_driver_wrapper_generate_key(
     const psa_key_attributes_t *attributes,
     const psa_key_production_parameters_t *params, size_t params_data_length,
@@ -832,6 +833,7 @@ static inline psa_status_t psa_driver_wrapper_generate_key(
 
     return( status );
 }
+#endif
 
 static inline psa_status_t psa_driver_wrapper_import_key(
     const psa_key_attributes_t *attributes,
diff --git a/thirdparty/mbedtls/library/psa_crypto_rsa.h b/thirdparty/mbedtls/library/psa_crypto_rsa.h
index ffeef26be1..6d695ddf50 100644
--- a/thirdparty/mbedtls/library/psa_crypto_rsa.h
+++ b/thirdparty/mbedtls/library/psa_crypto_rsa.h
@@ -130,10 +130,12 @@ psa_status_t mbedtls_psa_rsa_export_public_key(
  * \retval #PSA_ERROR_BUFFER_TOO_SMALL
  *         The size of \p key_buffer is too small.
  */
+#ifndef __cplusplus
 psa_status_t mbedtls_psa_rsa_generate_key(
     const psa_key_attributes_t *attributes,
     const psa_key_production_parameters_t *params, size_t params_data_length,
     uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
+#endif
 
 /** Sign an already-calculated hash with an RSA private key.
  *