diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 913d6f9e2..0db1e9d46 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -977,7 +977,13 @@ int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
     return( tls_prf( secret, slen, label, random, rlen, dstbuf, dlen ) );
 }
 
-int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+/*
+ * This function will ultimetaly only be responsible for populating a
+ * transform structure from data passed as explicit parameters.
+ *
+ * For now however it's doing rather more in a rather less explicit way.
+ */
+static int ssl_populate_transform( mbedtls_ssl_context *ssl )
 {
     int ret = 0;
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -1692,6 +1698,11 @@ end:
     return( ret );
 }
 
+int mbedtls_ssl_derive_keys( mbedtls_ssl_context *ssl )
+{
+    return( ssl_populate_transform( ssl ) );
+}
+
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
 void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
 {