diff --git a/library/pk.c b/library/pk.c
index e238911a5..5f8cbc2a4 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -545,6 +545,33 @@ int mbedtls_pk_sign_ext( mbedtls_pk_type_t pk_type,
     if( ! mbedtls_pk_can_do( ctx, pk_type ) )
         return( MBEDTLS_ERR_PK_TYPE_MISMATCH );
 
+    if( pk_type == MBEDTLS_PK_RSASSA_PSS &&
+        mbedtls_pk_get_type( ctx ) == MBEDTLS_PK_OPAQUE )
+    {
+#if defined(MBEDTLS_RSA_C)
+        const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx->pk_ctx;
+        psa_status_t status;
+
+        /* PSA has its own RNG */
+        (void) f_rng;
+        (void) p_rng;
+
+        psa_md_alg = mbedtls_psa_translate_md( md_alg );
+        if( psa_md_alg == 0 )
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+        status = psa_sign_hash( *key, PSA_ALG_RSA_PSS( psa_md_alg ),
+                                hash, hash_len,
+                                sig, sig_size, sig_len );
+        if( status != PSA_SUCCESS )
+            return( mbedtls_pk_error_from_psa_rsa( status ) );
+
+        return 0;
+#else
+        return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_RSA_C */
+    }
+
     if( pk_type != MBEDTLS_PK_RSASSA_PSS )
     {
         return( mbedtls_pk_sign( ctx, md_alg, hash, hash_len,
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index a9c3c718b..852c46ef6 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1501,7 +1501,8 @@ static int pk_opaque_ecdsa_can_do( mbedtls_pk_type_t type )
 
 static int pk_opaque_rsa_can_do( mbedtls_pk_type_t type )
 {
-    return( type == MBEDTLS_PK_RSA );
+    return( type == MBEDTLS_PK_RSA ||
+            type == MBEDTLS_PK_RSASSA_PSS );
 }
 
 static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,