diff --git a/.gitmodules b/.gitmodules
index fb1365daf..5e92ecbf0 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
 [submodule "vendor/trezor-crypto"]
 	path = vendor/trezor-crypto
 	url = https://github.com/trezor/trezor-crypto.git
+[submodule "vendor/mbedtls"]
+	path = vendor/mbedtls
+	url = https://github.com/trezor/mbedtls.git
diff --git a/extmod/modTrezorCrypto/mbedtls b/extmod/modTrezorCrypto/mbedtls
new file mode 120000
index 000000000..d49242457
--- /dev/null
+++ b/extmod/modTrezorCrypto/mbedtls
@@ -0,0 +1 @@
+../../vendor/mbedtls
\ No newline at end of file
diff --git a/extmod/modTrezorCrypto/modTrezorCrypto-ripemd160.h b/extmod/modTrezorCrypto/modTrezorCrypto-ripemd160.h
index b4741b79c..632a7404c 100644
--- a/extmod/modTrezorCrypto/modTrezorCrypto-ripemd160.h
+++ b/extmod/modTrezorCrypto/modTrezorCrypto-ripemd160.h
@@ -7,7 +7,7 @@
 
 #include "py/objstr.h"
 
-#include "trezor-crypto/ripemd160.h"
+#include "mbedtls/ripemd160.h"
 
 #define HASH_RIPEMD160_BLOCK_SIZE   64
 #define HASH_RIPEMD160_DIGEST_SIZE  20
@@ -15,21 +15,22 @@
 // class Ripemd160(object):
 typedef struct _mp_obj_Ripemd160_t {
     mp_obj_base_t base;
-    RIPEMD160_CTX ctx;
+    mbedtls_ripemd160_context ctx;
 } mp_obj_Ripemd160_t;
 
 // def Ripemd160.__init__(self, data: bytes = None)
 STATIC mp_obj_t mod_TrezorCrypto_Ripemd160_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
     mp_obj_Ripemd160_t *o = m_new_obj(mp_obj_Ripemd160_t);
     o->base.type = type;
-    ripemd160_Init(&(o->ctx));
+    mbedtls_ripemd160_init(&(o->ctx));
+    mbedtls_ripemd160_starts(&(o->ctx));
     // constructor called with bytes/str as first parameter
     if (n_args == 1) {
         if (!MP_OBJ_IS_STR_OR_BYTES(args[0])) {
             nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid argument"));
         }
         GET_STR_DATA_LEN(args[0], data, datalen);
-        ripemd160_Update(&(o->ctx), data, datalen);
+        mbedtls_ripemd160_update(&(o->ctx), data, datalen);
     } else if (n_args != 0) {
         nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid arguments"));
     }
@@ -41,7 +42,7 @@ STATIC mp_obj_t mod_TrezorCrypto_Ripemd160_update(mp_obj_t self, mp_obj_t data)
     mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self);
     mp_buffer_info_t databuf;
     mp_get_buffer_raise(data, &databuf, MP_BUFFER_READ);
-    ripemd160_Update(&(o->ctx), databuf.buf, databuf.len);
+    mbedtls_ripemd160_update(&(o->ctx), databuf.buf, databuf.len);
     return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_TrezorCrypto_Ripemd160_update_obj, mod_TrezorCrypto_Ripemd160_update);
@@ -51,9 +52,10 @@ STATIC mp_obj_t mod_TrezorCrypto_Ripemd160_digest(mp_obj_t self) {
     mp_obj_Ripemd160_t *o = MP_OBJ_TO_PTR(self);
     vstr_t vstr;
     vstr_init_len(&vstr, HASH_RIPEMD160_DIGEST_SIZE);
-    RIPEMD160_CTX ctx;
-    memcpy(&ctx, &(o->ctx), sizeof(RIPEMD160_CTX));
-    ripemd160_Final((uint8_t *)vstr.buf, &ctx);
+    mbedtls_ripemd160_context ctx;
+    mbedtls_ripemd160_clone(&ctx, &(o->ctx));
+    mbedtls_ripemd160_finish(&ctx, (uint8_t *)vstr.buf);
+    mbedtls_ripemd160_free(&ctx);
     return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_TrezorCrypto_Ripemd160_digest_obj, mod_TrezorCrypto_Ripemd160_digest);
diff --git a/extmod/modTrezorCrypto/modTrezorCrypto-sha256.h b/extmod/modTrezorCrypto/modTrezorCrypto-sha256.h
index 3e7e4b18f..16f66a35b 100644
--- a/extmod/modTrezorCrypto/modTrezorCrypto-sha256.h
+++ b/extmod/modTrezorCrypto/modTrezorCrypto-sha256.h
@@ -7,7 +7,7 @@
 
 #include "py/objstr.h"
 
-#include "trezor-crypto/sha2.h"
+#include "mbedtls/sha256.h"
 
 #define HASH_SHA256_BLOCK_SIZE   64
 #define HASH_SHA256_DIGEST_SIZE  32
@@ -15,21 +15,22 @@
 // class Sha256(object):
 typedef struct _mp_obj_Sha256_t {
     mp_obj_base_t base;
-    SHA256_CTX ctx;
+    mbedtls_sha256_context ctx;
 } mp_obj_Sha256_t;
 
 // def Sha256.__init__(self, data: bytes = None)
 STATIC mp_obj_t mod_TrezorCrypto_Sha256_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
     mp_obj_Sha256_t *o = m_new_obj(mp_obj_Sha256_t);
     o->base.type = type;
-    sha256_Init(&(o->ctx));
+    mbedtls_sha256_init(&(o->ctx));
+    mbedtls_sha256_starts(&(o->ctx), 0);
     // constructor called with bytes/str as first parameter
     if (n_args == 1) {
         if (!MP_OBJ_IS_STR_OR_BYTES(args[0])) {
             nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid argument"));
         }
         GET_STR_DATA_LEN(args[0], data, datalen);
-        sha256_Update(&(o->ctx), data, datalen);
+        mbedtls_sha256_update(&(o->ctx), data, datalen);
     } else if (n_args != 0) {
         nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid arguments"));
     }
@@ -41,7 +42,7 @@ STATIC mp_obj_t mod_TrezorCrypto_Sha256_update(mp_obj_t self, mp_obj_t data) {
     mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self);
     mp_buffer_info_t databuf;
     mp_get_buffer_raise(data, &databuf, MP_BUFFER_READ);
-    sha256_Update(&(o->ctx), databuf.buf, databuf.len);
+    mbedtls_sha256_update(&(o->ctx), databuf.buf, databuf.len);
     return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_TrezorCrypto_Sha256_update_obj, mod_TrezorCrypto_Sha256_update);
@@ -51,9 +52,10 @@ STATIC mp_obj_t mod_TrezorCrypto_Sha256_digest(mp_obj_t self) {
     mp_obj_Sha256_t *o = MP_OBJ_TO_PTR(self);
     vstr_t vstr;
     vstr_init_len(&vstr, HASH_SHA256_DIGEST_SIZE);
-    SHA256_CTX ctx;
-    memcpy(&ctx, &(o->ctx), sizeof(SHA256_CTX));
-    sha256_Final((uint8_t *)vstr.buf, &ctx);
+    mbedtls_sha256_context ctx;
+    mbedtls_sha256_clone(&ctx, &(o->ctx));
+    mbedtls_sha256_finish(&ctx, (uint8_t *)vstr.buf);
+    mbedtls_sha256_free(&ctx);
     return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_TrezorCrypto_Sha256_digest_obj, mod_TrezorCrypto_Sha256_digest);
diff --git a/extmod/modTrezorCrypto/modTrezorCrypto-sha512.h b/extmod/modTrezorCrypto/modTrezorCrypto-sha512.h
index 9102d3e7e..e9f43b1a4 100644
--- a/extmod/modTrezorCrypto/modTrezorCrypto-sha512.h
+++ b/extmod/modTrezorCrypto/modTrezorCrypto-sha512.h
@@ -7,7 +7,7 @@
 
 #include "py/objstr.h"
 
-#include "trezor-crypto/sha2.h"
+#include "mbedtls/sha512.h"
 
 #define HASH_SHA512_BLOCK_SIZE   128
 #define HASH_SHA512_DIGEST_SIZE  64
@@ -15,21 +15,22 @@
 // class Sha512(object):
 typedef struct _mp_obj_Sha512_t {
     mp_obj_base_t base;
-    SHA512_CTX ctx;
+    mbedtls_sha512_context ctx;
 } mp_obj_Sha512_t;
 
 // def Sha512.__init__(self, data: bytes = None)
 STATIC mp_obj_t mod_TrezorCrypto_Sha512_make_new(const mp_obj_type_t *type, size_t n_args, size_t n_kw, const mp_obj_t *args) {
     mp_obj_Sha512_t *o = m_new_obj(mp_obj_Sha512_t);
     o->base.type = type;
-    sha512_Init(&(o->ctx));
+    mbedtls_sha512_init(&(o->ctx));
+    mbedtls_sha512_starts(&(o->ctx), 0);
     // constructor called with bytes/str as first parameter
     if (n_args == 1) {
         if (!MP_OBJ_IS_STR_OR_BYTES(args[0])) {
             nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid argument"));
         }
         GET_STR_DATA_LEN(args[0], data, datalen);
-        sha512_Update(&(o->ctx), data, datalen);
+        mbedtls_sha512_update(&(o->ctx), data, datalen);
     } else if (n_args != 0) {
         nlr_raise(mp_obj_new_exception_msg(&mp_type_TypeError, "Invalid arguments"));
     }
@@ -41,7 +42,7 @@ STATIC mp_obj_t mod_TrezorCrypto_Sha512_update(mp_obj_t self, mp_obj_t data) {
     mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self);
     mp_buffer_info_t databuf;
     mp_get_buffer_raise(data, &databuf, MP_BUFFER_READ);
-    sha512_Update(&(o->ctx), databuf.buf, databuf.len);
+    mbedtls_sha512_update(&(o->ctx), databuf.buf, databuf.len);
     return mp_const_none;
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_2(mod_TrezorCrypto_Sha512_update_obj, mod_TrezorCrypto_Sha512_update);
@@ -51,9 +52,10 @@ STATIC mp_obj_t mod_TrezorCrypto_Sha512_digest(mp_obj_t self) {
     mp_obj_Sha512_t *o = MP_OBJ_TO_PTR(self);
     vstr_t vstr;
     vstr_init_len(&vstr, HASH_SHA512_DIGEST_SIZE);
-    SHA512_CTX ctx;
-    memcpy(&ctx, &(o->ctx), sizeof(SHA512_CTX));
-    sha512_Final((uint8_t *)vstr.buf, &ctx);
+    mbedtls_sha512_context ctx;
+    mbedtls_sha512_clone(&ctx, &(o->ctx));
+    mbedtls_sha512_finish(&ctx, (uint8_t *)vstr.buf);
+    mbedtls_sha512_free(&ctx);
     return mp_obj_new_str_from_vstr(&mp_type_bytes, &vstr);
 }
 STATIC MP_DEFINE_CONST_FUN_OBJ_1(mod_TrezorCrypto_Sha512_digest_obj, mod_TrezorCrypto_Sha512_digest);
diff --git a/vendor/mbedtls b/vendor/mbedtls
new file mode 160000
index 000000000..0e4d9afa6
--- /dev/null
+++ b/vendor/mbedtls
@@ -0,0 +1 @@
+Subproject commit 0e4d9afa61cd33f4757abf60f834ba596dfc46a8
diff --git a/vendor/micropython b/vendor/micropython
index 52d6f0318..fe1e443bd 160000
--- a/vendor/micropython
+++ b/vendor/micropython
@@ -1 +1 @@
-Subproject commit 52d6f0318203eaa2c1ab58da944aafdb857e0119
+Subproject commit fe1e443bd439be3e0c7942f0ed3f7cbfd3efd5dc