diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 852c46ef64..4303d1e3dd 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -1602,6 +1602,32 @@ const mbedtls_pk_info_t mbedtls_pk_ecdsa_opaque_info = {
     NULL, /* debug - could be done later, or even left NULL */
 };
 
+#if defined(MBEDTLS_RSA_C)
+static int pk_opaque_rsa_decrypt( void *ctx,
+                    const unsigned char *input, size_t ilen,
+                    unsigned char *output, size_t *olen, size_t osize,
+                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+    const mbedtls_svc_key_id_t *key = (const mbedtls_svc_key_id_t *) ctx;
+    psa_status_t status;
+
+    /* PSA has its own RNG */
+    (void) f_rng;
+    (void) p_rng;
+
+    status = psa_asymmetric_decrypt( *key, PSA_ALG_RSA_PKCS1V15_CRYPT,
+                                     input, ilen,
+                                     NULL, 0,
+                                     output, osize, olen );
+    if( status != PSA_SUCCESS )
+    {
+        return( mbedtls_pk_error_from_psa_rsa( status ) );
+    }
+
+    return 0;
+}
+#endif
+
 const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
     MBEDTLS_PK_OPAQUE,
     "Opaque",
@@ -1613,7 +1639,11 @@ const mbedtls_pk_info_t mbedtls_pk_rsa_opaque_info = {
     NULL, /* restartable verify - not relevant */
     NULL, /* restartable sign - not relevant */
 #endif
-    NULL, /* decrypt - will be done later */
+#if defined(MBEDTLS_RSA_C)
+    pk_opaque_rsa_decrypt,
+#else
+    NULL, /* decrypt */
+#endif /* MBEDTLS_RSA_C */
     NULL, /* encrypt - will be done later */
     NULL, /* check_pair - could be done later or left NULL */
     pk_opaque_alloc_wrap,