diff --git a/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt
new file mode 100644
index 0000000000..cfea661365
--- /dev/null
+++ b/ChangeLog.d/psa_alg_tls12_ecjpake_to_pms-reject_ka.txt
@@ -0,0 +1,4 @@
+Bugfix
+   * The key derivation algorithm PSA_ALG_TLS12_ECJPAKE_TO_PMS cannot be
+     used on a shared secret from a key agreement since its input must be
+     an ECC public key. Reject this properly.
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 0a8949fdad..a683fdb8f7 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5168,6 +5168,18 @@ static psa_status_t psa_key_agreement_try_support(psa_algorithm_t alg)
     (void) alg;
     return PSA_ERROR_NOT_SUPPORTED;
 }
+
+static int psa_key_derivation_allows_free_form_secret_input(
+    psa_algorithm_t kdf_alg)
+{
+#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
+    if (kdf_alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
+        return 0;
+    }
+#endif
+    (void) kdf_alg;
+    return 1;
+}
 #endif /* AT_LEAST_ONE_BUILTIN_KDF */
 
 psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
@@ -5189,6 +5201,9 @@ psa_status_t psa_key_derivation_setup(psa_key_derivation_operation_t *operation,
         if (status != PSA_SUCCESS) {
             return status;
         }
+        if (!psa_key_derivation_allows_free_form_secret_input(kdf_alg)) {
+            return PSA_ERROR_INVALID_ARGUMENT;
+        }
         status = psa_key_derivation_setup_kdf(operation, kdf_alg);
 #else
         return PSA_ERROR_NOT_SUPPORTED;