diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c
index 07641cb3e8..14b63aadbf 100644
--- a/library/ssl_tls12_server.c
+++ b/library/ssl_tls12_server.c
@@ -2880,11 +2880,11 @@ curve_matching_done:
          * after the call to ssl_prepare_server_key_exchange.
          * ssl_write_server_key_exchange also takes care of incrementing
          * ssl->out_msglen. */
-        if ((ret = mbedtls_pk_sign(mbedtls_ssl_own_key(ssl),
+        if ((ret = mbedtls_pk_sign_restartable(mbedtls_ssl_own_key(ssl),
                                    md_alg, hash, hashlen,
                                    ssl->out_msg + ssl->out_msglen + 2,
                                    out_buf_len - ssl->out_msglen - 2,
-                                   signature_len)) != 0) {
+                                   signature_len, NULL)) != 0) {
             MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_pk_sign", ret);
             return ret;
         }
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index 663b308d62..e34a4636bb 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -571,8 +571,8 @@ int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
     }
 
 
-    if ((ret = mbedtls_pk_sign(ctx->issuer_key, ctx->md_alg,
-                               hash, hash_length, sig, sizeof(sig), &sig_len)) != 0) {
+    if ((ret = mbedtls_pk_sign_restartable(ctx->issuer_key, ctx->md_alg,
+                               hash, hash_length, sig, sizeof(sig), &sig_len, NULL)) != 0) {
         return ret;
     }
 
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index 8e37278f95..a7d0cb513b 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -217,8 +217,8 @@ static int x509write_csr_der_internal(mbedtls_x509write_csr *ctx,
                          &hash_len) != PSA_SUCCESS) {
         return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
-    if ((ret = mbedtls_pk_sign(ctx->key, ctx->md_alg, hash, 0,
-                               sig, sig_size, &sig_len)) != 0) {
+    if ((ret = mbedtls_pk_sign_restartable(ctx->key, ctx->md_alg, hash, 0,
+                               sig, sig_size, &sig_len, NULL)) != 0) {
         return ret;
     }
 
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 64fd45952f..3db13132d1 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -1243,10 +1243,10 @@ static int ssl_async_resume(mbedtls_ssl_context *ssl,
 
     switch (ctx->operation_type) {
         case ASYNC_OP_SIGN:
-            ret = mbedtls_pk_sign(key_slot->pk,
+            ret = mbedtls_pk_sign_restartable(key_slot->pk,
                                   ctx->md_alg,
                                   ctx->input, ctx->input_len,
-                                  output, output_size, output_len);
+                                  output, output_size, output_len, NULL);
             break;
         default:
             mbedtls_printf(