diff --git a/src/rescue.c b/src/rescue.c
index 73f6f7c..3cf5a39 100644
--- a/src/rescue.c
+++ b/src/rescue.c
@@ -197,7 +197,7 @@ static int cmd_keydev_sign(void) {
                 return SW_EXEC_ERROR();
             }
         }
-        int ret = mbedtls_ecp_mul(&ecp.MBEDTLS_PRIVATE(grp), &ecp.MBEDTLS_PRIVATE(Q), &ecp.MBEDTLS_PRIVATE(d), &ecp.MBEDTLS_PRIVATE(grp).G, random_fill_iterator, NULL);
+        int ret = mbedtls_ecp_keypair_calc_public(&ecp, random_fill_iterator, NULL);
         if (ret != 0) {
             mbedtls_ecp_keypair_free(&ecp);
             return SW_EXEC_ERROR();
diff --git a/src/usb/emulation/openssl.c b/src/usb/emulation/openssl.c
index d123297..fec611e 100644
--- a/src/usb/emulation/openssl.c
+++ b/src/usb/emulation/openssl.c
@@ -1888,9 +1888,7 @@ int openssl_mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id,
     if (rc != 0) {
         goto out;
     }
-    rc = mbedtls_ecp_mul(&key->MBEDTLS_PRIVATE(grp), &key->MBEDTLS_PRIVATE(Q),
-                         &key->MBEDTLS_PRIVATE(d), &key->MBEDTLS_PRIVATE(grp).G,
-                         f_rng, p_rng);
+    rc = mbedtls_ecp_keypair_calc_public(key, f_rng, p_rng);
 out:
     BN_free(bn_d);
     EVP_PKEY_free(pkey);
diff --git a/src/usb/lwip/rest_server.c b/src/usb/lwip/rest_server.c
index d247b76..d942d4b 100644
--- a/src/usb/lwip/rest_server.c
+++ b/src/usb/lwip/rest_server.c
@@ -883,7 +883,7 @@ void rest_check_and_load_credentials(void) {
         if (ret != 0) goto out;
         mbedtls_ecp_read_key(MBEDTLS_ECP_DP_SECP256R1, mbedtls_pk_ec(key), file, file_len);
         mbedtls_ecp_check_privkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->d);
-        mbedtls_ecp_mul(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q, &mbedtls_pk_ec(key)->d, &mbedtls_pk_ec(key)->grp.G, random_fill_iterator, NULL);
+        mbedtls_ecp_keypair_calc_public(&mbedtls_pk_ec(key), random_fill_iterator, NULL);
         mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(key)->grp, &mbedtls_pk_ec(key)->Q);
 
         mbedtls_x509write_crt_set_md_alg(&crt, MBEDTLS_MD_SHA256);
diff --git a/src/usb/lwip/rest_server_tls.c b/src/usb/lwip/rest_server_tls.c
index 3d31897..1c1986a 100644
--- a/src/usb/lwip/rest_server_tls.c
+++ b/src/usb/lwip/rest_server_tls.c
@@ -66,7 +66,7 @@ int tls_init_tls_context(const tls_credentials_t *tls_creds) {
         return ret;
     }
     mbedtls_ecp_check_privkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->d);
-    mbedtls_ecp_mul(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q, &mbedtls_pk_ec(tls_key)->d, &mbedtls_pk_ec(tls_key)->grp.G, random_fill_iterator, NULL);
+    mbedtls_ecp_keypair_calc_public(&mbedtls_pk_ec(tls_key), random_fill_iterator, NULL);
     mbedtls_ecp_check_pubkey(&mbedtls_pk_ec(tls_key)->grp, &mbedtls_pk_ec(tls_key)->Q);
     ret = mbedtls_ssl_config_defaults(&tls_conf, MBEDTLS_SSL_IS_SERVER, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
     if (ret != 0) {