diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index e38e2e346..a70ee9684 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -277,34 +277,6 @@ static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
 }
 #endif /* MBEDTLS_ECP_C */
 
-/* Translations for PK layer */
-
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
-{
-    switch( status )
-    {
-        case PSA_SUCCESS:
-            return( 0 );
-        case PSA_ERROR_NOT_SUPPORTED:
-            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-        case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
-        case PSA_ERROR_INSUFFICIENT_ENTROPY:
-            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
-        case PSA_ERROR_BAD_STATE:
-            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
-        /* All other failures */
-        case PSA_ERROR_COMMUNICATION_FAILURE:
-        case PSA_ERROR_HARDWARE_FAILURE:
-        case PSA_ERROR_CORRUPTION_DETECTED:
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-        default: /* We return the same as for the 'other failures',
-                  * but list them separately nonetheless to indicate
-                  * which failure conditions we have considered. */
-            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
-    }
-}
-
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /* Expose whatever RNG the PSA subsystem uses to applications using the
diff --git a/library/pk.c b/library/pk.c
index 45d1a9de7..79eccaada 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -406,7 +406,7 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
         if( status != PSA_SUCCESS )
         {
             psa_destroy_key( key_id );
-            return( mbedtls_psa_err_translate_pk( status ) );
+            return( mbedtls_pk_error_from_psa( status ) );
         }
 
         /* This function requires returning MBEDTLS_ERR_PK_SIG_LEN_MISMATCH
@@ -423,13 +423,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
         if( status == PSA_SUCCESS && sig_len > mbedtls_pk_get_len( ctx ) )
             return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH );
 
-        if( status == PSA_ERROR_INVALID_SIGNATURE )
-            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
-
         if( status == PSA_SUCCESS )
             status = destruction_status;
 
-        return( mbedtls_psa_err_translate_pk( status ) );
+        return( mbedtls_pk_error_from_psa_rsa( status ) );
     }
     else
 #endif
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index a9c9dd5a2..f7480c63b 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -65,6 +65,87 @@
 #include <limits.h>
 #include <stdint.h>
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_pk_error_from_psa( psa_status_t status )
+{
+    switch( status )
+    {
+        case PSA_SUCCESS:
+            return( 0 );
+        case PSA_ERROR_INVALID_HANDLE:
+            return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
+        case PSA_ERROR_NOT_PERMITTED:
+            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+        case PSA_ERROR_BUFFER_TOO_SMALL:
+            return( MBEDTLS_ERR_PK_BUFFER_TOO_SMALL );
+        case PSA_ERROR_NOT_SUPPORTED:
+            return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
+        case PSA_ERROR_INVALID_ARGUMENT:
+            return( MBEDTLS_ERR_PK_INVALID_ALG );
+        case PSA_ERROR_INSUFFICIENT_MEMORY:
+            return( MBEDTLS_ERR_PK_ALLOC_FAILED );
+        case PSA_ERROR_BAD_STATE:
+            return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+        case PSA_ERROR_COMMUNICATION_FAILURE:
+        case PSA_ERROR_HARDWARE_FAILURE:
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
+        case PSA_ERROR_DATA_CORRUPT:
+        case PSA_ERROR_DATA_INVALID:
+        case PSA_ERROR_STORAGE_FAILURE:
+            return( MBEDTLS_ERR_PK_FILE_IO_ERROR );
+        case PSA_ERROR_CORRUPTION_DETECTED:
+            return( MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED );
+        default:
+            return( MBEDTLS_ERR_ERROR_GENERIC_ERROR );
+    }
+}
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_ecdca( psa_status_t status )
+{
+    switch( status )
+    {
+        case PSA_ERROR_NOT_PERMITTED:
+        case PSA_ERROR_INVALID_ARGUMENT:
+            return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+        case PSA_ERROR_INVALID_HANDLE:
+            return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
+        case PSA_ERROR_BUFFER_TOO_SMALL:
+            return( MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL );
+        case PSA_ERROR_INSUFFICIENT_ENTROPY:
+            return( MBEDTLS_ERR_ECP_RANDOM_FAILED );
+        case PSA_ERROR_INVALID_SIGNATURE:
+            return( MBEDTLS_ERR_ECP_VERIFY_FAILED );
+        default:
+            return( mbedtls_pk_error_from_psa( status ) );
+    }
+}
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_rsa( psa_status_t status )
+{
+    switch( status )
+    {
+        case PSA_ERROR_NOT_PERMITTED:
+        case PSA_ERROR_INVALID_ARGUMENT:
+        case PSA_ERROR_INVALID_HANDLE:
+            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
+        case PSA_ERROR_BUFFER_TOO_SMALL:
+            return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+        case PSA_ERROR_INSUFFICIENT_ENTROPY:
+            return( MBEDTLS_ERR_RSA_RNG_FAILED );
+        case PSA_ERROR_INVALID_SIGNATURE:
+            return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
+        case PSA_ERROR_INVALID_PADDING:
+            return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+        default:
+            return( mbedtls_pk_error_from_psa( status ) );
+    }
+}
+#endif
+#endif
+
 #if defined(MBEDTLS_RSA_C)
 static int rsa_can_do( mbedtls_pk_type_t type )
 {
@@ -599,7 +680,7 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
                              &key_id );
     if( status != PSA_SUCCESS )
     {
-        ret = mbedtls_psa_err_translate_pk( status );
+        ret = mbedtls_pk_error_from_psa( status );
         goto cleanup;
     }
 
@@ -618,12 +699,12 @@ static int ecdsa_verify_wrap( void *ctx_arg, mbedtls_md_type_t md_alg,
         goto cleanup;
     }
 
-    if( psa_verify_hash( key_id, psa_sig_md,
-                         hash, hash_len,
-                         buf, 2 * signature_part_size )
-         != PSA_SUCCESS )
+    status = psa_verify_hash( key_id, psa_sig_md,
+                              hash, hash_len,
+                              buf, 2 * signature_part_size );
+    if( status != PSA_SUCCESS )
     {
-         ret = MBEDTLS_ERR_ECP_VERIFY_FAILED;
+         ret = mbedtls_pk_error_from_psa_ecdca( status );
          goto cleanup;
     }
 
@@ -1048,7 +1129,7 @@ static int pk_opaque_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
     status = psa_sign_hash( *key, alg, hash, hash_len,
                             sig, sig_size, sig_len );
     if( status != PSA_SUCCESS )
-        return( mbedtls_psa_err_translate_pk( status ) );
+        return( mbedtls_pk_error_from_psa_ecdca( status ) );
 
     /* transcode it to ASN.1 sequence */
     return( pk_ecdsa_sig_asn1_from_psa( sig, sig_len, sig_size ) );
diff --git a/library/pk_wrap.h b/library/pk_wrap.h
index 6f5addf75..ca0d8d837 100644
--- a/library/pk_wrap.h
+++ b/library/pk_wrap.h
@@ -135,4 +135,16 @@ extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
 extern const mbedtls_pk_info_t mbedtls_pk_opaque_info;
 #endif
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+int mbedtls_pk_error_from_psa( psa_status_t status );
+
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_ecdca( psa_status_t status );
+#endif
+
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+int mbedtls_pk_error_from_psa_rsa( psa_status_t status );
+#endif
+#endif
+
 #endif /* MBEDTLS_PK_WRAP_H */