diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 9c7557cd17..aa6c4613c8 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -349,7 +349,7 @@ typedef struct {
     int16_t mbedtls_error;
 } error_pair_t;
 
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
 extern const error_pair_t psa_to_md_errors[4];
 #endif
 
diff --git a/library/psa_util.c b/library/psa_util.c
index 797daa0486..f18664e6f9 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -33,7 +33,7 @@
 
 /* PSA_SUCCESS is kept at the top of each error table since
  * it's the most common status when everything functions properly. */
-#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C)
+#if !defined(MBEDTLS_MD_C) || !defined(MBEDTLS_MD5_C) || defined(MBEDTLS_USE_PSA_CRYPTO)
 const error_pair_t psa_to_md_errors[] =
 {
     { PSA_SUCCESS,                     0 },
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e8f1750122..f7357a9cce 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -56,6 +56,9 @@
 #define PSA_TO_MBEDTLS_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
                                                            psa_to_ssl_errors, \
                                                            psa_generic_status_to_mbedtls)
+#define PSA_TO_MD_ERR(status) PSA_TO_MBEDTLS_ERR_LIST(status, \
+                                                      psa_to_md_errors, \
+                                                      psa_generic_status_to_mbedtls)
 #endif
 
 #if defined(MBEDTLS_TEST_HOOKS)
@@ -838,11 +841,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_abort(&ssl->handshake->fin_sha256_psa);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
     status = psa_hash_setup(&ssl->handshake->fin_sha256_psa, PSA_ALG_SHA_256);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha256_starts(&ssl->handshake->fin_sha256, 0);
@@ -855,11 +858,11 @@ int mbedtls_ssl_reset_checksum(mbedtls_ssl_context *ssl)
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_abort(&ssl->handshake->fin_sha384_psa);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
     status = psa_hash_setup(&ssl->handshake->fin_sha384_psa, PSA_ALG_SHA_384);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha512_starts(&ssl->handshake->fin_sha384, 1);
@@ -890,7 +893,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_update(&ssl->handshake->fin_sha256_psa, buf, len);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
@@ -903,7 +906,7 @@ static int ssl_update_checksum_start(mbedtls_ssl_context *ssl,
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     status = psa_hash_update(&ssl->handshake->fin_sha384_psa, buf, len);
     if (status != PSA_SUCCESS) {
-        return mbedtls_md_error_from_psa(status);
+        return PSA_TO_MD_ERR(status);
     }
 #else
     ret = mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
@@ -920,8 +923,8 @@ static int ssl_update_checksum_sha256(mbedtls_ssl_context *ssl,
                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    return mbedtls_md_error_from_psa(psa_hash_update(
-                                         &ssl->handshake->fin_sha256_psa, buf, len));
+    return PSA_TO_MD_ERR(psa_hash_update(
+                             &ssl->handshake->fin_sha256_psa, buf, len));
 #else
     return mbedtls_sha256_update(&ssl->handshake->fin_sha256, buf, len);
 #endif
@@ -933,8 +936,8 @@ static int ssl_update_checksum_sha384(mbedtls_ssl_context *ssl,
                                       const unsigned char *buf, size_t len)
 {
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-    return mbedtls_md_error_from_psa(psa_hash_update(
-                                         &ssl->handshake->fin_sha384_psa, buf, len));
+    return PSA_TO_MD_ERR(psa_hash_update(
+                             &ssl->handshake->fin_sha384_psa, buf, len));
 #else
     return mbedtls_sha512_update(&ssl->handshake->fin_sha384, buf, len);
 #endif
@@ -6606,7 +6609,7 @@ int ssl_calc_verify_tls_sha256(const mbedtls_ssl_context *ssl,
 
 exit:
     psa_hash_abort(&sha256_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha256_context sha256;
@@ -6661,7 +6664,7 @@ int ssl_calc_verify_tls_sha384(const mbedtls_ssl_context *ssl,
 
 exit:
     psa_hash_abort(&sha384_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
     mbedtls_sha512_context sha512;
@@ -7704,7 +7707,7 @@ static int ssl_calc_finished_tls_sha256(
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_hash_abort(&sha256_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     mbedtls_sha256_free(&sha256);
     return ret;
@@ -7788,7 +7791,7 @@ static int ssl_calc_finished_tls_sha384(
 exit:
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
     psa_hash_abort(&sha384_psa);
-    return mbedtls_md_error_from_psa(status);
+    return PSA_TO_MD_ERR(status);
 #else
     mbedtls_sha512_free(&sha512);
     return ret;