diff --git a/configs/baremetal.h b/configs/baremetal.h
index 71bf463e7..465664279 100644
--- a/configs/baremetal.h
+++ b/configs/baremetal.h
@@ -137,7 +137,6 @@
 
 #define MBEDTLS_OID_C
 #define MBEDTLS_PLATFORM_C
-#define MBEDTLS_CRC_C
 #define MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY
 
 /* I/O buffer configuration */
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 5fb020fa8..b410b5ad4 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -91,7 +91,7 @@ typedef struct mbedtls_aes_context
     uint32_t frk[8];            /*!< Fake AES round keys. */
 #endif
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-    uint16_t crc;               /*!< CRC-16 of the set key */
+    uint32_t hash;               /*!< hash of the set key */
 #endif
 #if defined(MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH) && !defined(MBEDTLS_PADLOCK_C)
     uint32_t buf[44];           /*!< Unaligned data buffer */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 974bf7b1f..7239557a0 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -986,10 +986,6 @@
 #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
 #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
 
-#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY) && ( !defined(MBEDTLS_CRC_C) )
-#error "MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY defined, but not MBEDTLS_CRC_C"
-#endif
-
 /*
  * Avoid warning from -pedantic. This is a convenient place for this
  * workaround since this is included by every single file before the
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index db38e81cc..c4d98e42f 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -2742,12 +2742,11 @@
 /**
  * \def MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY
  *
- * Enable validation of AES keys by checking their CRC
+ * Enable validation of AES keys by checking their hash
  * during every encryption/decryption.
  *
  * Module:  library/aes.c
  *
- * Requires: MBEDTLS_CRC_C
  */
 //#define MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY
 
diff --git a/library/aes.c b/library/aes.c
index d6a6b0097..800517295 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -45,10 +45,6 @@
 #include "mbedtls/aesni.h"
 #endif
 
-#if defined(MBEDTLS_CRC_C) && defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-#include "mbedtls/crc.h"
-#endif
-
 #if defined(MBEDTLS_SELF_TEST)
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
@@ -89,6 +85,19 @@
 }
 #endif
 
+#if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
+static uint32_t mbedtls_hash( const void *data, size_t data_len_bytes )
+{
+    uint32_t result = 0;
+    size_t i;
+    /* data_len_bytes - only multiples of 4 are considered, rest is truncated */
+    for( i = 0; i < data_len_bytes >> 2; i++ )
+    {
+        result ^= ( (uint32_t*) data )[i];
+    }
+    return result;
+}
+#endif
 /*
  * Data structure for AES round data
  */
@@ -835,7 +844,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
     ) )
     {
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-        ctx->crc = mbedtls_crc_update( 0, ctx->rk, keybits >> 3 );
+        ctx->hash = mbedtls_hash( ctx->rk, keybits >> 3 );
 #endif
         return 0;
     }
@@ -933,7 +942,7 @@ exit:
     else if( ( i == 0 ) && ( j == 4 ) )
     {
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-        ctx->crc = mbedtls_crc_update( 0, ctx->rk, keybits >> 3 );
+        ctx->hash = mbedtls_hash( ctx->rk, keybits >> 3 );
 #endif
         return( ret );
     }
@@ -1099,7 +1108,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
 
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
     unsigned key_bytes = 0;
-    uint16_t check_crc = 0;
+    uint32_t check_hash = 0;
     switch( ctx->nr )
     {
         case 10: key_bytes = 16; break;
@@ -1109,7 +1118,7 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
 #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
-    check_crc = mbedtls_crc_update( 0, ctx->rk, key_bytes );
+    check_hash = mbedtls_hash( ctx->rk, key_bytes );
 #endif
 
     aes_data_real.rk_ptr = ctx->rk;
@@ -1209,13 +1218,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
     /* Double negation is used to silence an "extraneous parentheses" warning */
     if( ! ( flow_control != tindex + dummy_rounds + 8 )
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-         && check_crc == ctx->crc
+         && check_hash == ctx->hash
 #endif
       )
     {
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
         mbedtls_platform_random_delay();
-        if( mbedtls_crc_update( 0, ctx->rk, key_bytes ) == ctx->crc )
+        if( mbedtls_hash( ctx->rk, key_bytes ) == ctx->hash )
 #endif
         {
             return 0;
@@ -1406,7 +1415,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
 
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
     unsigned key_bytes = 0;
-    uint16_t check_crc = 0;
+    uint32_t check_hash = 0;
     switch( ctx->nr )
     {
         case 10: key_bytes = 16; break;
@@ -1416,7 +1425,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
 #endif /* !MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH */
         default : return( MBEDTLS_ERR_AES_INVALID_KEY_LENGTH );
     }
-    check_crc = mbedtls_crc_update( 0, ctx->rk, key_bytes );
+    check_hash = mbedtls_hash( ctx->rk, key_bytes );
 #endif
 
     aes_data_real.rk_ptr = ctx->rk;
@@ -1516,13 +1525,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
     /* Double negation is used to silence an "extraneous parentheses" warning */
     if( ! ( flow_control != tindex + dummy_rounds + 8 )
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
-         && check_crc == ctx->crc
+         && check_hash == ctx->hash
 #endif
       )
     {
 #if defined(MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY)
         mbedtls_platform_random_delay();
-        if( mbedtls_crc_update( 0, ctx->rk, key_bytes ) == ctx->crc )
+        if( mbedtls_hash( ctx->rk, key_bytes ) == ctx->hash )
 #endif
         {
             return 0;
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 1a00ca0b0..de5ed6538 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -67,7 +67,7 @@ if(MSVC)
 endif(MSVC)
 
 add_test_suite(aes aes.ecb)
-add_test_suite(aes aes.ecb.crc)
+add_test_suite(aes aes.ecb.hash)
 add_test_suite(aes aes.cbc)
 add_test_suite(aes aes.cfb)
 add_test_suite(aes aes.ofb)
diff --git a/tests/suites/test_suite_aes.ecb.crc.data b/tests/suites/test_suite_aes.ecb.crc.data
deleted file mode 100644
index cd4262058..000000000
--- a/tests/suites/test_suite_aes.ecb.crc.data
+++ /dev/null
@@ -1,46 +0,0 @@
-AES-128-ECB Encrypt NIST KAT #1 good CRC
-aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0:1
-
-AES-128-ECB Encrypt NIST KAT #1 bad CRC
-aes_encrypt_ecb_crc:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
-AES-128-ECB Decrypt NIST KAT #1 good CRC
-depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":614:0:1
-
-AES-128-ECB Decrypt NIST KAT #1 bad CRC
-depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
-AES-192-ECB Encrypt NIST KAT #1 good CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0:1
-
-AES-192-ECB Encrypt NIST KAT #1 bad CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-aes_encrypt_ecb_crc:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
-AES-192-ECB Decrypt NIST KAT #1 good CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":31004:0:1
-
-AES-192-ECB Decrypt NIST KAT #1 bad CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
-AES-256-ECB Encrypt NIST KAT #1 good CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":61384:0:1
-
-AES-256-ECB Encrypt NIST KAT #1 bad CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-aes_encrypt_ecb_crc:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
-AES-256-ECB Decrypt NIST KAT #1 good CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":32504:0:1
-
-AES-256-ECB Decrypt NIST KAT #1 bad CRC
-depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
-aes_decrypt_ecb_crc:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
-
diff --git a/tests/suites/test_suite_aes.ecb.hash.data b/tests/suites/test_suite_aes.ecb.hash.data
new file mode 100644
index 000000000..da8bbc9b1
--- /dev/null
+++ b/tests/suites/test_suite_aes.ecb.hash.data
@@ -0,0 +1,46 @@
+AES-128-ECB Encrypt NIST KAT #1 good hash
+aes_encrypt_ecb_hash:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"0336763e966d92595a567cc9ce537f5e":0:0:1
+
+AES-128-ECB Encrypt NIST KAT #1 bad hash
+aes_encrypt_ecb_hash:"00000000000000000000000000000000":"f34481ec3cc627bacd5dc3fb08f273e6":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
+AES-128-ECB Decrypt NIST KAT #1 good hash
+depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"ff000000000000000000000000000000":2616204230:0:1
+
+AES-128-ECB Decrypt NIST KAT #1 bad hash
+depends_on:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"00000000000000000000000000000000":"db4f1aa530967d6732ce4715eb0ee24b":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
+AES-192-ECB Encrypt NIST KAT #1 good hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+aes_encrypt_ecb_hash:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"156f07767a85a4312321f63968338a01":0:0:1
+
+AES-192-ECB Encrypt NIST KAT #1 bad hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+aes_encrypt_ecb_hash:"000000000000000000000000000000000000000000000000":"fffffffffffffffffffff80000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
+AES-192-ECB Decrypt NIST KAT #1 good hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":197398770:0:1
+
+AES-192-ECB Decrypt NIST KAT #1 bad hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffff000000000000000":"bb2852c891c5947d2ed44032c421b85f":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
+AES-256-ECB Encrypt NIST KAT #1 good hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+aes_encrypt_ecb_hash:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"352065272169abf9856843927d0674fd":1553260283:0:1
+
+AES-256-ECB Encrypt NIST KAT #1 bad hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+aes_encrypt_ecb_hash:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
+AES-256-ECB Decrypt NIST KAT #1 good hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":1875230928:0:1
+
+AES-256-ECB Decrypt NIST KAT #1 bad hash
+depends_on:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:!MBEDTLS_AES_ONLY_ENCRYPT
+aes_decrypt_ecb_hash:"fffffffffffffffffffffffffffffffffffffffffffffff00000000000000000":"edf61ae362e882ddc0167474a7a77f3a":"00000000000000000000000000000000":42:MBEDTLS_ERR_PLATFORM_FAULT_DETECTED:0
+
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 2a2f9cbcd..dd5b24360 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -371,8 +371,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
-void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str,
-                          data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
+void aes_encrypt_ecb_hash( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, unsigned int hash, int crypt_result, int check_hash )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -383,10 +383,10 @@ void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str,
 
     TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
 
-    if( check_crc )
-        TEST_ASSERT( ctx.crc == crc );
+    if( check_hash )
+        TEST_ASSERT( ctx.hash == hash );
     else
-        ctx.crc = crc;
+        ctx.hash = hash;
 
     TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == crypt_result );
 
@@ -398,8 +398,8 @@ exit:
 /* END_CASE */
 
 /* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
-void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str,
-                          data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
+void aes_decrypt_ecb_hash( data_t * key_str, data_t * src_str,
+                           data_t * hex_dst_string, unsigned int hash, int crypt_result, int check_hash )
 {
     unsigned char output[100];
     mbedtls_aes_context ctx;
@@ -410,10 +410,10 @@ void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str,
 
     TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
 
-    if( check_crc )
-        TEST_ASSERT( ctx.crc == crc );
+    if( check_hash )
+        TEST_ASSERT( ctx.hash == hash );
     else
-        ctx.crc = crc;
+        ctx.hash = hash;
 
     TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == crypt_result );