diff --git a/components/esp32/hwcrypto/aes.c b/components/esp32/hwcrypto/aes.c
index 716bc636f..1e9bdc852 100644
--- a/components/esp32/hwcrypto/aes.c
+++ b/components/esp32/hwcrypto/aes.c
@@ -155,7 +155,7 @@ static inline void esp_aes_block(const void *input, void *output)
 /*
  * AES-ECB block encryption
  */
-void esp_aes_encrypt( esp_aes_context *ctx,
+int esp_internal_aes_encrypt( esp_aes_context *ctx,
                       const unsigned char input[16],
                       unsigned char output[16] )
 {
@@ -163,13 +163,21 @@ void esp_aes_encrypt( esp_aes_context *ctx,
     esp_aes_setkey_hardware(ctx, ESP_AES_ENCRYPT);
     esp_aes_block(input, output);
     esp_aes_release_hardware();
+    return 0;
+}
+
+void esp_aes_encrypt( esp_aes_context *ctx,
+        const unsigned char input[16],
+        unsigned char output[16] )
+{
+    esp_internal_aes_encrypt(ctx, input, output);
 }
 
 /*
  * AES-ECB block decryption
  */
 
-void esp_aes_decrypt( esp_aes_context *ctx,
+int esp_internal_aes_decrypt( esp_aes_context *ctx,
                       const unsigned char input[16],
                       unsigned char output[16] )
 {
@@ -177,6 +185,14 @@ void esp_aes_decrypt( esp_aes_context *ctx,
     esp_aes_setkey_hardware(ctx, ESP_AES_DECRYPT);
     esp_aes_block(input, output);
     esp_aes_release_hardware();
+    return 0;
+}
+
+void esp_aes_decrypt( esp_aes_context *ctx,
+                      const unsigned char input[16],
+                      unsigned char output[16] )
+{
+    esp_internal_aes_decrypt(ctx, input, output);
 }
 
 
diff --git a/components/esp32/include/hwcrypto/aes.h b/components/esp32/include/hwcrypto/aes.h
index 0bcd1f490..cc0f56086 100644
--- a/components/esp32/include/hwcrypto/aes.h
+++ b/components/esp32/include/hwcrypto/aes.h
@@ -243,7 +243,10 @@ int esp_aes_crypt_ctr( esp_aes_context *ctx,
  * \param input     Plaintext block
  * \param output    Output (ciphertext) block
  */
-void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+int esp_internal_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+
+/** Deprecated, see esp_aes_internal_encrypt */
+void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
 
 /**
  * \brief           Internal AES block decryption function
@@ -254,7 +257,10 @@ void esp_aes_encrypt( esp_aes_context *ctx, const unsigned char input[16], unsig
  * \param input     Ciphertext block
  * \param output    Output (plaintext) block
  */
-void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+int esp_internal_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] );
+
+/** Deprecated, see esp_aes_internal_decrypt */
+void esp_aes_decrypt( esp_aes_context *ctx, const unsigned char input[16], unsigned char output[16] ) __attribute__((deprecated));
 
 #ifdef __cplusplus
 }
diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h
index a4d0b70c3..5c143f2c5 100644
--- a/components/mbedtls/port/include/aes_alt.h
+++ b/components/mbedtls/port/include/aes_alt.h
@@ -47,8 +47,8 @@ typedef esp_aes_context mbedtls_aes_context;
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
 #define mbedtls_aes_crypt_ctr       esp_aes_crypt_ctr
 #endif
-#define mbedtls_aes_encrypt         esp_aes_encrypt
-#define mbedtls_aes_decrypt         esp_aes_decrypt
+#define mbedtls_internal_aes_encrypt         esp_internal_aes_encrypt
+#define mbedtls_internal_aes_decrypt         esp_internal_aes_decrypt
 #endif /* MBEDTLS_AES_ALT */
 
 #ifdef __cplusplus
diff --git a/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c b/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c
index d6bfdfab1..fd4a49ff4 100644
--- a/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c
+++ b/components/wpa_supplicant/src/fast_crypto/fast_aes-unwrap.c
@@ -58,7 +58,10 @@ fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain
             os_memcpy(b, a, 8);
             b[7] ^= n * j + i;
             os_memcpy(b + 8, r, 8);
-            mbedtls_aes_decrypt(&ctx, b, b);
+            ret = mbedtls_internal_aes_decrypt(&ctx, b, b);
+            if (ret != 0) {
+                break;
+            }
             os_memcpy(a, b, 8);
             os_memcpy(r, b + 8, 8);
             r -= 8;
@@ -77,5 +80,5 @@ fast_aes_unwrap(const uint8_t *kek, int n, const uint8_t *cipher, uint8_t *plain
         }
     }
 
-    return 0;
+    return ret;
 }
diff --git a/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c b/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c
index 01a98a3ad..3b9eec1c1 100644
--- a/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c
+++ b/components/wpa_supplicant/src/fast_crypto/fast_aes-wrap.c
@@ -61,7 +61,10 @@ int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *ciph
 	for (i = 1; i <= n; i++) {
             os_memcpy(b, a, 8);
             os_memcpy(b + 8, r, 8);
-            mbedtls_aes_encrypt(&ctx, b, b);
+            ret = mbedtls_internal_aes_encrypt(&ctx, b, b);
+            if (ret != 0) {
+                break;
+            }
             os_memcpy(a, b, 8);
             a[7] ^= n * j + i;
             os_memcpy(r, b + 8, 8);
@@ -76,5 +79,5 @@ int fast_aes_wrap(const uint8_t *kek, int n, const uint8_t *plain, uint8_t *ciph
      * variables.
      */
 
-    return 0;
+    return ret;
 }
diff --git a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
index fb00760bd..472e17326 100644
--- a/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
+++ b/components/wpa_supplicant/src/fast_crypto/fast_crypto_internal-cipher.c
@@ -136,7 +136,9 @@ int  fast_crypto_cipher_encrypt(struct crypto_cipher *ctx, const uint8_t *plain,
             for (i = 0; i < blocks; i++) {
                 for (j = 0; j < AES_BLOCK_SIZE; j++)
                     fast_ctx->u.aes.cbc[j] ^= plain[j];
-                mbedtls_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc);
+                if (mbedtls_internal_aes_encrypt(&(fast_ctx->u.aes.ctx_enc), fast_ctx->u.aes.cbc, fast_ctx->u.aes.cbc) != 0) {
+                    return -1;
+                }
                 os_memcpy(crypt, fast_ctx->u.aes.cbc, AES_BLOCK_SIZE);
                 plain += AES_BLOCK_SIZE;
                 crypt += AES_BLOCK_SIZE;
@@ -209,7 +211,9 @@ int  fast_crypto_cipher_decrypt(struct crypto_cipher *ctx, const uint8_t *crypt,
             blocks = len / AES_BLOCK_SIZE;
             for (i = 0; i < blocks; i++) {
                 os_memcpy(tmp, crypt, AES_BLOCK_SIZE);
-                mbedtls_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain);
+                if (mbedtls_internal_aes_decrypt(&(fast_ctx->u.aes.ctx_dec), crypt, plain) != 0) {
+                    return -1;
+                }
                 for (j = 0; j < AES_BLOCK_SIZE; j++)
                     plain[j] ^= fast_ctx->u.aes.cbc[j];
                 os_memcpy(fast_ctx->u.aes.cbc, tmp, AES_BLOCK_SIZE);