diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 065643967..73504a612 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -948,6 +948,12 @@ struct mbedtls_ssl_transform
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
 
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    mbedtls_svc_key_id_t psa_mac_enc;           /*!<  MAC (encryption)        */
+    mbedtls_svc_key_id_t psa_mac_dec;           /*!<  MAC (decryption)        */
+    psa_algorithm_t psa_mac_alg;                /*!<  psa MAC algorithm       */
+#endif
+
     mbedtls_md_context_t md_ctx_enc;            /*!<  MAC (encryption)        */
     mbedtls_md_context_t md_ctx_dec;            /*!<  MAC (decryption)        */
 
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 5f80ed511..8a71a198c 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5611,6 +5611,10 @@ void mbedtls_ssl_transform_free( mbedtls_ssl_transform *transform )
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_destroy_key( transform->psa_mac_enc );
+    psa_destroy_key( transform->psa_mac_dec );
+#endif
     mbedtls_md_free( &transform->md_ctx_enc );
     mbedtls_md_free( &transform->md_ctx_dec );
 #endif
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index adb18ab6c..e8d7d88a9 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -610,6 +610,10 @@ void mbedtls_ssl_transform_init( mbedtls_ssl_transform *transform )
 #endif
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_MAC)
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+    transform->psa_mac_enc = MBEDTLS_SVC_KEY_ID_INIT;
+    transform->psa_mac_dec = MBEDTLS_SVC_KEY_ID_INIT;
+#endif
     mbedtls_md_init( &transform->md_ctx_enc );
     mbedtls_md_init( &transform->md_ctx_dec );
 #endif