diff --git a/BUILD.gn b/BUILD.gn
index 29bf71715e4534bbebe0ea0008a90d68b5454399..65247b601dde01e6cd94f5c489d543524285f58c 100755
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -125,6 +125,7 @@ if (defined(ohos_lite)) {
   import("//build/ohos.gni")
   config("mbedtls_config") {
     include_dirs = MBEDTLS_INLCUDE_DIRS
+    include_dirs += [ "//third_party/bounds_checking_function/include" ]
   }
 
   ohos_shared_library("mbedtls_shared") {
@@ -132,11 +133,11 @@ if (defined(ohos_lite)) {
     public_configs = [ ":mbedtls_config" ]
     output_name = "mbedtls"
     subsystem_name = "thirdparty"
+    version_script = "libmbedtls.map"
     innerapi_tags = [
       "platformsdk_indirect",
       "sasdk",
     ]
-    external_deps = [ "bounds_checking_function:libsec_static" ]
     part_name = "mbedtls"
     sources = MBEDTLS_SOURCES
     install_images = [
@@ -145,14 +146,6 @@ if (defined(ohos_lite)) {
     ]
   }
 
-  ohos_static_library("mbedtls_static") {
-    sources = MBEDTLS_SOURCES
-    public_configs = [ ":mbedtls_config" ]
-    external_deps = [ "bounds_checking_function:libsec_static" ]
-    part_name = "mbedtls"
-    subsystem_name = "thirdparty"
-  }
-
   group("mbedtls") {
     public_deps = [ ":mbedtls_shared" ]
   }
diff --git a/ChangeLog.d/ecdsa-conversion-overflow.txt b/ChangeLog.d/ecdsa-conversion-overflow.txt
new file mode 100644
index 0000000000000000000000000000000000000000..1e29072740981fae35c9a0251bbaa914ee7756fe
--- /dev/null
+++ b/ChangeLog.d/ecdsa-conversion-overflow.txt
@@ -0,0 +1,4 @@
+Security
+   * Fix a stack buffer overflow in mbedtls_ecdsa_der_to_raw() and
+     mbedtls_ecdsa_raw_to_der() when curve_bits is larger than the
+     largest supported curve.
\ No newline at end of file
diff --git a/bundle.json b/bundle.json
index 57eec17992bccb8f89ed1c001224f0ab43424358..6c7cbb33f4989c0f3003cfdf370098193a3d5223 100755
--- a/bundle.json
+++ b/bundle.json
@@ -24,12 +24,8 @@
         "rom": "",
         "ram": "",
         "deps": {
-            "components": [
-                "bounds_checking_function"
-            ],
-            "third_party": [
-                "bounds_checking_function"
-            ]
+            "components": [],
+            "third_party": []
         },
         "build": {
             "sub_component": [],
@@ -44,17 +40,6 @@
                         ]
                     },
                     "name" : "//third_party/mbedtls:mbedtls_shared"
-                },
-                {
-                    "header" : {
-                        "header_base": "//third_party/mbedtls/include",
-                        "header_files": [
-                            "mbedtls/md.h",
-                            "mbedtls/rsa.h",
-                            "mbedtls/x509.h"
-                        ]
-                    },
-                    "name" : "//third_party/mbedtls:mbedtls_static"
                 }
             ],
             "test": []
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 727dd64aeba120e6ee474a4106b0bf200b038480..e9470446f17547e90aeff35a7222f463387ae175 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -2677,7 +2677,7 @@
  * \warning   DES/3DES are considered weak ciphers and their use constitutes a
  *            security risk. We recommend considering stronger ciphers instead.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
diff --git a/libmbedtls.map b/libmbedtls.map
new file mode 100644
index 0000000000000000000000000000000000000000..929634e24ede06a10d004777bb03d5a27035d571
--- /dev/null
+++ b/libmbedtls.map
@@ -0,0 +1,6 @@
+3.6.0 {
+  global:
+      *mbedtls*;
+  local:
+      *;
+};
diff --git a/library/psa_util.c b/library/psa_util.c
index 4ccc5b05d8c55d105818aab0f8aaed982a622bc7..ba61cec76af42120b5eaaa5c6812dda2327179e5 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -443,7 +443,9 @@ int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_l
     if (raw_len != (2 * coordinate_len)) {
         return MBEDTLS_ERR_ASN1_INVALID_DATA;
     }
-
+    if (coordinate_len > sizeof(r)) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
     /* Since raw and der buffers might overlap, dump r and s before starting
      * the conversion. */
     memcpy(r, raw, coordinate_len);
@@ -561,6 +563,9 @@ int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_l
     if (raw_size < coordinate_size * 2) {
         return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
     }
+    if (2 * coordinate_size > sizeof(raw_tmp)) {
+        return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+    }
 
     /* Check that the provided input DER buffer has the right header. */
     ret = mbedtls_asn1_get_tag(&p, der + der_len, &data_len,
diff --git a/mbedtls.gni b/mbedtls.gni
index 4cd41d4bf0868d190da3b124a3b49e62c1ebdb2d..eb80c1943ff8759178b8f9935d2a3d6e54bda2bd 100644
--- a/mbedtls.gni
+++ b/mbedtls.gni
@@ -154,6 +154,18 @@ if (product_name == "generic_m55_arm_32_bes_aurora_wear_mini_application") {
 } else if (product_name ==
            "generic_m55_arm_32_bes_phoinix_wear_mini_application") {
   MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_lwip" ]
+} else if (product_name ==
+           "generic_m55_arm_32_bes_jana_wear_mini_application") {
+  MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_lwip" ]
+} else if (product_name ==
+           "generic_m55_arm_32_bes_janapro_wear_mini_application") {
+  MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_lwip" ]
+} else if (product_name ==
+           "generic_m55_arm_32_bes_vili_wear_mini_application") {
+  MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_lwip" ]
+} else if (product_name ==
+           "generic_m55_arm_32_bes_vilipro_wear_mini_application") {
+  MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_lwip" ]
 } else {
   MBEDTLS_INLCUDE_DIRS += [ "$MBEDTLSDIR/port/config/compat_posix" ]
-}
+}
\ No newline at end of file
diff --git a/port/config/config_liteos_a.h b/port/config/config_liteos_a.h
index 34d004ec918e1e53b97a892fef5ba549066d69b2..520b359aa7d2497041942191618559ea0760eeac 100755
--- a/port/config/config_liteos_a.h
+++ b/port/config/config_liteos_a.h
@@ -2208,7 +2208,7 @@
  * \warning   DES is considered a weak cipher and its use constitutes a
  *            security risk. We recommend considering stronger ciphers instead.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
diff --git a/port/config/config_liteos_m.h b/port/config/config_liteos_m.h
index 2a905c671f5a034969d60f96d3e9fb818c0c3bbc..d01905f7fe25da30cec0adfecf8a26619296db2c 100755
--- a/port/config/config_liteos_m.h
+++ b/port/config/config_liteos_m.h
@@ -2207,7 +2207,7 @@
  * \warning   DES is considered a weak cipher and its use constitutes a
  *            security risk. We recommend considering stronger ciphers instead.
  */
-#define MBEDTLS_DES_C
+//#define MBEDTLS_DES_C
 
 /**
  * \def MBEDTLS_DHM_C
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index 807007b5e6e8231e969f92a21b4553ca5eb09f4d..34e5065d3321956dd6efe1ddb4c1c4798ce48237 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -6,6 +6,9 @@ ECDSA Raw -> DER, 256bit, DER buffer too small
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"304402201111111111111111111111111111111111111111111111111111111111111111022022222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
 
+ECDSA Raw -> DER, very large input (544-bit)
+ecdsa_raw_to_der:544:"11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"deadbeef":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
 ECDSA Raw -> DER, 256bit, Null r
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_raw_to_der:256:"00000000000000000000000000000000000000000000000000000000000000002222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_INVALID_DATA
@@ -58,6 +61,9 @@ ECDSA DER -> Raw, 256bit, Raw buffer too small
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"111111111111111111111111111111111111111111111111111111111111111122222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
 
+ECDSA DER -> Raw, very large input (544-bit)
+ecdsa_der_to_raw:544:"30818c0244111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111102442222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
+
 ECDSA DER -> Raw, 256bit, Wrong sequence tag
 depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
 ecdsa_der_to_raw:256:"40440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":MBEDTLS_ERR_ASN1_UNEXPECTED_TAG