Merge pull request #4407 from ARMmbed/dev3_signoffs

Merge development_3.0 into development
2021-04-26 19:48:16 +01:00 · 2021-04-26 19:48:16 +01:00 · 12f93f4fc2
commit 12f93f4fc2
parent b5939e814e dca8509bb6
183 changed files with 834 additions and 12758 deletions
--- a/BRANCHES.md
+++ b/BRANCHES.md
@ -6,8 +6,12 @@ At any point in time, we have a number of maintained branches consisting of:
  this always contains the latest release, including all publicly available
  security fixes.
 - The [`development`](https://github.com/ARMmbed/mbedtls/tree/development) branch:
-  this is where new features land,
+  this is where the next major version of Mbed TLS (version 3.0) is being
-  as well as bug fixes and security fixes.
+  prepared. It has API changes that make it incompatible with Mbed TLS 2.x,
  as well as all the new features and bug fixes and security fixes.
 - The [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x) branch:
  this branch retains the API of Mbed TLS 2.x, and has a subset of the
  features added after Mbed TLS 2.26.0 and bug fixes and security fixes.
 - One or more long-time support (LTS) branches:
  these only get bug fixes and security fixes.
@ -48,6 +52,7 @@ The following branches are currently maintained:
 - [master](https://github.com/ARMmbed/mbedtls/tree/master)
 - [`development`](https://github.com/ARMmbed/mbedtls/)
 - [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x)
 - [`mbedtls-2.16`](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
 maintained until at least the end of 2021, see
  <https://tls.mbed.org/tech-updates/blog/announcing-lts-branch-mbedtls-2.16>
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -10,10 +10,6 @@
 #     directories. That way, a target linking to a library (using the
 #     target_link_librairies command) inherits from the library PUBLIC include
 #     directories and not from the PRIVATE ones.
 #   + Note: there is currently one remaining include_directories command in the
 #     CMake files. It is related to ZLIB support which is planned to be removed.
 #     When the support is removed, the associated include_directories command
 #     will be removed as well as this note.
 # - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling
 #   CMake in order to avoid target name clashes, via the use of
 #   MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the
@ -42,9 +38,6 @@ endif()
 # Set the project root directory.
 set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
 option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@ -256,14 +249,6 @@ else()
    set(LIB_INSTALL_DIR lib)
 endif()
 if(ENABLE_ZLIB_SUPPORT)
    find_package(ZLIB)
    if(ZLIB_FOUND)
        include_directories(${ZLIB_INCLUDE_DIR})
    endif(ZLIB_FOUND)
 endif(ENABLE_ZLIB_SUPPORT)
 add_subdirectory(include)
 add_subdirectory(3rdparty)
--- a/100
+++ b/100
@ -1,5 +1,105 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 = Mbed TLS 3.0.0 branch released 2021-xx-xx
 API changes
   * Remove HAVEGE module.
     The design of HAVEGE makes it unsuitable for microcontrollers. Platforms
     with a more complex CPU usually have an operating system interface that
     provides better randomness. Instead of HAVEGE, declare OS or hardware RNG
     interfaces with mbedtls_entropy_add_source() and/or use an entropy seed
     file created securely during device provisioning. See
     https://tls.mbed.org/kb/how-to/add-entropy-sources-to-entropy-pool for
     more information.
   * Add missing const attributes to API functions.
   * Remove helpers for the transition from Mbed TLS 1.3 to Mbed TLS 2.0: the
     header compat-1.3.h and the script rename.pl.
   * Remove certs module from the API.
     Transfer keys and certificates embedded in the library to the test
     component. This contributes to minimizing library API and discourages
     users from using unsafe keys in production.
   * Move alt helpers and definitions.
     Various helpers and definitions available for use in alt implementations
     have been moved out of the include/ directory and into the library/
     directory. The files concerned are ecp_internal.h and rsa_internal.h
     which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
     respectively.
   * Move internal headers.
     Header files that were only meant for the library's internal use and
     were not meant to be used in application code have been moved out of
     the include/ directory. The headers concerned are bn_mul.h, aesni.h,
     padlock.h, entropy_poll.h and *_internal.h.
   * Drop support for parsing SSLv2 ClientHello
     (MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO).
   * Drop support for SSLv3 (MBEDTLS_SSL_PROTO_SSL3).
   * Drop support for compatibility with our own previous buggy
     implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT).
   * Drop support for TLS record-level compression (MBEDTLS_ZLIB_SUPPORT).
   * Drop support for RC4 TLS ciphersuites.
   * Drop support for single-DES ciphersuites.
   * Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL.
 Requirement changes
   * The library now uses the %zu format specifier with the printf() family of
     functions, so requires a toolchain that supports it. This change does not
     affect the maintained LTS branches, so when contributing changes please
     bear this in mind and do not add them to backported code.
 Removals
   * Remove the MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
     compile-time option, which was off by default. Users should not trust
     certificates signed with SHA-1 due to the known attacks against SHA-1.
     If needed, SHA-1 cerificate can still be used by providing custom
     verification profile to mbedtls_x509_crt_verify_with_profile function
     in x509_crt.h, or mbedtls_ssl_conf_cert_profile function in ssl.h.
     Example of custom verification profile, supporting SHA-1:
     const mbedtls_x509_crt_profile mbedtls_x509_crt_custom = {
         MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ),
         0xFFFFFFF, /* Any PK alg    */
         0xFFFFFFF, /* Any curve     */
         2048
     };
   * Removed deprecated things in psa/crypto_compat.h. Fixes #4284
   * Removed deprecated functions from hashing modules. Fixes #4280.
   * Remove PKCS#11 library wrapper. PKCS#11 has limited functionality,
     lacks automated tests and has scarce documentation. Also, PSA Crypto
     provides a more flexible private key management.
     More details on PCKS#11 wrapper removal can be found in the mailing list
     https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/000024.html
   * Remove deprecated error codes. Fix #4283
 Features
   * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
     signature with a specific salt length. This function allows to validate
     test cases provided in the NIST's CAVP test suite. Contributed by Cédric
     Meuter in PR #3183.
 Bugfix
   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
     lead to the seed file corruption in case if the path to the seed file is
     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
     Krasnoshchok in #3616.
   * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
     than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
     to create is not valid, bringing them in line with version 1.0.0 of the
     specification. Fix #4271.
   * Add printf function attributes to mbedtls_debug_print_msg to ensure we
     get printf format specifier warnings.
   * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
     rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
     in line with version 1.0.0 of the specification. Fix #4162.
   * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
     zero. Fixes #1792
   * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
     as equal to 0 in all cases. Fix it to produce the same object as "0".
 Changes
   * Fix the setting of the read timeout in the DTLS sample programs.
   * Add extra printf compiler warning flags to builds.
   * Fix memsan build false positive in x509_crt.c with clang 11
   * There is ongoing work for the next release (= Mbed TLS 3.0.0 branch to
     be released 2021-xx-xx), including various API-breaking changes.
 = mbed TLS 2.26.0 branch released 2021-03-08
 API changes
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ b/ChangeLog.d/bugfix_PR3616.txt
@ -1,5 +0,0 @@
 Bugfix
   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
     lead to the seed file corruption in case if the path to the seed file is
     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
     Krasnoshchok in #3616.
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ b/ChangeLog.d/dtls_sample_use_read_timeout.txt
@ -1,2 +0,0 @@
 Changes
   * Fix the setting of the read timeout in the DTLS sample programs.
--- a/ChangeLog.d/fix-invalid-id-error-code.txt
+++ b/ChangeLog.d/fix-invalid-id-error-code.txt
@ -1,5 +0,0 @@
 Bugfix
   * PSA functions creating a key now return PSA_ERROR_INVALID_ARGUMENT rather
     than PSA_ERROR_INVALID_HANDLE when the identifier specified for the key
     to create is not valid, bringing them in line with version 1.0.0 of the
     specification. Fix #4271.
--- a/ChangeLog.d/fix-printf-specifiers.txt
+++ b/ChangeLog.d/fix-printf-specifiers.txt
@ -1,10 +0,0 @@
 Bugfix
   * Add printf function attributes to mbedtls_debug_print_msg to ensure we
     get printf format specifier warnings.
 Changes
   * Add extra printf compiler warning flags to builds.
 Requirement changes
   * The library now uses the %zu format specifier with the printf() family of
     functions, so requires a toolchain that supports it. This change does not
     affect the maintained LTS branches, so when contributing changes please
     bear this in mind and do not add them to backported code.
--- a/ChangeLog.d/fix_memsan_build_clang11.txt
+++ b/ChangeLog.d/fix_memsan_build_clang11.txt
@ -1,2 +0,0 @@
 Changes
   * Fix memsan build false positive in x509_crt.c with clang 11
--- a/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
+++ b/ChangeLog.d/fix_return_type_for_invalid_crypto_key.txt
@ -1,4 +0,0 @@
 Bugfix
   * PSA functions other than psa_open_key now return PSA_ERROR_INVALID_HANDLE
     rather than PSA_ERROR_DOES_NOT_EXIST for an invalid handle, bringing them
     in line with version 1.0.0 of the specification. Fix #4162.
--- a/ChangeLog.d/issue1792.txt
+++ b/ChangeLog.d/issue1792.txt
@ -1,3 +0,0 @@
 Bugfix
   * Fix a bug in ECDSA that would cause it to fail when the hash is all-bits
     zero. Fixes #1792
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ b/ChangeLog.d/mpi_read_negative_zero.txt
@ -1,3 +0,0 @@
 Bugfix
   * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
     as equal to 0 in all cases. Fix it to produce the same object as "0".
--- a/ChangeLog.d/pkcs1_v21_sign_ext.txt
+++ b/ChangeLog.d/pkcs1_v21_sign_ext.txt
@ -1,5 +0,0 @@
 Features
   * Add mbedtls_rsa_rsassa_pss_sign_ext() function allowing to generate a
     signature with a specific salt length. This function allows to validate
     test cases provided in the NIST's CAVP test suite. Contributed by Cédric
     Meuter in PR #3183.
--- a/README.md
+++ b/README.md
@ -5,6 +5,11 @@ Mbed TLS is a C library that implements cryptographic primitives, X.509 certific
 Mbed TLS includes a reference implementation of the [PSA Cryptography API](#psa-cryptography-api). This is currently a preview for evaluation purposes only.
 Stability
 ---------
 **Warning: the [`development`](https://github.com/ARMmbed/mbedtls/tree/development) branch of Mbed TLS currently has an unstable API.** It is where work is happening on the next major release of Mbed TLS. Until Mbed TLS 3.0 is released, if you need a stable API, please use the branch [`development_2.x`](https://github.com/ARMmbed/mbedtls/tree/development_2.x) instead.
 Configuration
 -------------
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@ -65,7 +65,6 @@
 /* For test certificates */
 #define MBEDTLS_BASE64_C
 #define MBEDTLS_CERTS_C
 #define MBEDTLS_PEM_PARSE_C
 /* For testing with compat.sh */
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@ -39,7 +39,6 @@
 /* mbed TLS feature support */
 #define MBEDTLS_CIPHER_MODE_CBC
 #define MBEDTLS_CIPHER_PADDING_PKCS7
 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 #define MBEDTLS_ECP_DP_SECP256R1_ENABLED
 #define MBEDTLS_ECP_DP_SECP384R1_ENABLED
 #define MBEDTLS_ECP_DP_CURVE25519_ENABLED
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@ -48,7 +48,7 @@
 * Used in:
 *      library/aria.c
 *      library/timing.c
- *      include/mbedtls/bn_mul.h
+ *      library/bn_mul.h
 *
 * Required by:
 *      MBEDTLS_AESNI_C
@ -661,10 +661,6 @@
 * Warning: Only do so when you know what you are doing. This allows for
 * channels with virtually no security at all!
 *
 * This enables the following ciphersuites:
 *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
 *
 * Uncomment this macro to enable weak ciphersuites
 *
 * \warning   DES is considered a weak cipher and its use constitutes a
@ -672,19 +668,6 @@
 */
 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
 /**
 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 *
 * Remove RC4 ciphersuites by default in SSL / TLS.
 * This flag removes the ciphersuites based on RC4 from the default list as
 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
 * explicitly.
 *
 * Uncomment this macro to remove RC4 ciphersuites by default.
 */
 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 /**
 * \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
 *
@ -774,7 +757,6 @@
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -798,7 +780,6 @@
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 *
 * \warning    Using DHE constitutes a security risk as it
 *             is not possible to validate custom DH parameters.
@ -825,7 +806,6 @@
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -850,7 +830,6 @@
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -877,8 +856,6 @@
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
 */
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@ -936,7 +913,6 @@
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -960,7 +936,6 @@
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -973,7 +948,6 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
@ -997,7 +971,6 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
@ -1079,8 +1052,8 @@
 /**
 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 *
- * Do not add default entropy sources. These are the platform specific,
+ * Do not add default entropy sources. These are the platform specific
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ * or mbedtls_timing_hardclock poll function.
 *
 * This is useful to have more control over the added entropy sources in an
 * application.
@ -1370,20 +1343,10 @@
 */
 #define MBEDTLS_SSL_FALLBACK_SCSV
 /**
 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
 *
 * Enable hooking functions in SSL module for hardware acceleration of
 * individual records.
 *
 * Uncomment this macro to enable hooking functions.
 */
 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
 /**
 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
 *
- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ * Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
 *
 * This is a countermeasure to the BEAST attack, which also minimizes the risk
 * of interoperability issues compared to sending 0-length records.
@ -1414,16 +1377,6 @@
 */
 #define MBEDTLS_SSL_RENEGOTIATION
 /**
 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 *
 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
 * SSL Server module (MBEDTLS_SSL_SRV_C).
 *
 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
 */
 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 /**
 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
 *
@ -1443,18 +1396,6 @@
 */
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 /**
 * \def MBEDTLS_SSL_PROTO_SSL3
 *
 * Enable support for SSL 3.0.
 *
 * Requires: MBEDTLS_MD5_C
 *           MBEDTLS_SHA1_C
 *
 * Comment this macro to disable support for SSL 3.0
 */
 //#define MBEDTLS_SSL_PROTO_SSL3
 /**
 * \def MBEDTLS_SSL_PROTO_TLS1
 *
@ -1619,30 +1560,6 @@
 */
 #define MBEDTLS_SSL_TRUNCATED_HMAC
 /**
 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 *
 * Fallback to old (pre-2.7), non-conforming implementation of the truncated
 * HMAC extension which also truncates the HMAC key. Note that this option is
 * only meant for a transitory upgrade period and is likely to be removed in
 * a future version of the library.
 *
 * \warning The old implementation is non-compliant and has a security weakness
 *          (2^80 brute force attack on the HMAC key used for a single,
 *          uninterrupted connection). This should only be enabled temporarily
 *          when (1) the use of truncated HMAC is essential in order to save
 *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
 *          the fixed implementation yet (pre-2.7).
 *
 * \deprecated This option is deprecated and will likely be removed in a
 *             future version of Mbed TLS.
 *
 * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
 *
 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_THREADING_ALT
 *
@ -1754,31 +1671,6 @@
 * Comment this macro to disallow using RSASSA-PSS in certificates.
 */
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 /**
 * \def MBEDTLS_ZLIB_SUPPORT
 *
 * If set, the SSL/TLS module uses ZLIB to support compression and
 * decompression of packet data.
 *
 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
 * CRIME attack. Before enabling this option, you should examine with care if
 * CRIME or similar exploits may be applicable to your use case.
 *
 * \note Currently compression can't be used with DTLS.
 *
 * \deprecated This feature is deprecated and will be removed
 *             in the next major revision of the library.
 *
 * Used in: library/ssl_tls.c
 *          library/ssl_cli.c
 *          library/ssl_srv.c
 *
 * This feature requires zlib library and headers to be present.
 *
 * Uncomment to enable use of ZLIB
 */
 //#define MBEDTLS_ZLIB_SUPPORT
 /* \} name SECTION: mbed TLS feature support */
 /**
@ -1887,16 +1779,6 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 *
 * \warning   ARC4 is considered a weak cipher and its use constitutes a
 *            security risk. If possible, we recommend avoidng dependencies on
@ -1955,7 +1837,7 @@
 *          library/ecp.c
 *          library/ecdsa.c
 *          library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.h
 *          library/ssl_tls.c
 *
 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@ -2092,18 +1974,6 @@
 */
 #define MBEDTLS_CCM_C
 /**
 * \def MBEDTLS_CERTS_C
 *
 * Enable the test certificates.
 *
 * Module:  library/certs.c
 * Caller:
 *
 * This module is used for testing (ssl_client/server).
 */
 #define MBEDTLS_CERTS_C
 /**
 * \def MBEDTLS_CHACHA20_C
 *
@ -2333,29 +2203,6 @@
 */
 #define MBEDTLS_GCM_C
 /**
 * \def MBEDTLS_HAVEGE_C
 *
 * Enable the HAVEGE random generator.
 *
 * Warning: the HAVEGE random generator is not suitable for virtualized
 *          environments
 *
 * Warning: the HAVEGE random generator is dependent on timing and specific
 *          processor traits. It is therefore not advised to use HAVEGE as
 *          your applications primary random generator or primary entropy pool
 *          input. As a secondary input to your entropy pool, it IS able add
 *          the (limited) extra entropy it provides.
 *
 * Module:  library/havege.c
 * Caller:
 *
 * Requires: MBEDTLS_TIMING_C
 *
 * Uncomment to enable the HAVEGE random generator.
 */
 //#define MBEDTLS_HAVEGE_C
 /**
 * \def MBEDTLS_HKDF_C
 *
@ -2630,21 +2477,6 @@
 */
 #define MBEDTLS_PKCS5_C
 /**
 * \def MBEDTLS_PKCS11_C
 *
 * Enable wrapper for PKCS#11 smartcard support.
 *
 * Module:  library/pkcs11.c
 * Caller:  library/pk.c
 *
 * Requires: MBEDTLS_PK_C
 *
 * This module enables SSL/TLS PKCS #11 smartcard support.
 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
 */
 //#define MBEDTLS_PKCS11_C
 /**
 * \def MBEDTLS_PKCS12_C
 *
@ -2745,7 +2577,7 @@
 * Enable the RSA public-key cryptosystem.
 *
 * Module:  library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.h
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
@ -2929,9 +2761,6 @@
 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
 *
 * Module:  library/timing.c
 * Caller:  library/havege.c
 *
 * This module is used by the HAVEGE random number generator.
 */
 #define MBEDTLS_TIMING_C
@ -3263,7 +3092,6 @@
 */
 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
@ -3285,20 +3113,6 @@
 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
 /**
 * Allow SHA-1 in the default TLS configuration for certificate signing.
 * Without this build-time option, SHA-1 support must be activated explicitly
 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
 * recommended because of it is possible to generate SHA-1 collisions, however
 * this may be safe for legacy infrastructure where additional controls apply.
 *
 * \warning   SHA-1 is considered a weak message digest and its use constitutes
 *            a security risk. If possible, we recommend avoiding dependencies
 *            on it, and considering stronger message digests instead.
 *
 */
 // #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
 /**
 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
 * signature and ciphersuite selection. Without this build-time option, SHA-1
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@ -73,7 +73,6 @@
 /* For test certificates */
 #define MBEDTLS_BASE64_C
 #define MBEDTLS_CERTS_C
 #define MBEDTLS_PEM_PARSE_C
 /* Save RAM at the expense of ROM */
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@ -64,7 +64,6 @@
 #define MBEDTLS_ENTROPY_C
 #define MBEDTLS_ERROR_C
 #define MBEDTLS_GCM_C
 //#define MBEDTLS_HAVEGE_C
 #define MBEDTLS_HKDF_C
 #define MBEDTLS_HMAC_DRBG_C
 #define MBEDTLS_NIST_KW_C
--- a/docs/architecture/testing/invasive-testing.md
+++ b/docs/architecture/testing/invasive-testing.md
@ -31,7 +31,7 @@ Do not add test-specific interfaces if there's a practical way of doing it anoth
 ### Reliance on internal details
-In unit tests and in test programs, it's ok to include header files from `library/`. Do not define non-public interfaces in public headers (`include/mbedtls` has `*_internal.h` headers for legacy reasons, but this approach is deprecated). In contrast, sample programs must not include header files from `library/`.
+In unit tests and in test programs, it's ok to include internal header files from `library/`. Do not define non-public interfaces in public headers. In contrast, sample programs must not include header files from `library/`.
 Sometimes it makes sense to have unit tests on functions that aren't part of the public API. Declare such functions in `library/*.h` and include the corresponding header in the test code. If the function should be `static` for optimization but can't be `static` for testing, declare it as `MBEDTLS_STATIC_TESTABLE`, and make the tests that use it depend on `MBEDTLS_TEST_HOOKS` (see [“rules for compile-time options”](#rules-for-compile-time-options)).
--- a/docs/proposed/psa-driver-interface.md
+++ b/docs/proposed/psa-driver-interface.md
@ -134,7 +134,7 @@ Example 2: the following capability declares that the driver can perform determ
    "entry_points": ["sign_hash"],
    "algorithms": ["PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)",
                   "PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384)"],
-    "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)"],
+    "key_types": ["PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)"],
    "key_sizes": [256, 384]
 }
 ```
@ -164,7 +164,7 @@ The name `_` may be used instead of a curve or group to indicate that the capabi
 Valid examples:
 ```
 PSA_KEY_TYPE_AES
-PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1)
+PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)
 PSA_KEY_TYPE_ECC_KEY_PAIR(_)
 ```
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@ -38,7 +38,7 @@
 *
 * @section mainpage_modules Modules
 *
- * mbed TLS supports SSLv3 up to TLSv1.2 communication by providing the
+ * mbed TLS supports TLSv1.0 up to TLSv1.2 communication by providing the
 * following:
 * - TCP/IP communication functions: listen, connect, accept, read/write.
 * - SSL/TLS communication functions: init, handshake, read/write.
--- a/doxygen/input/doc_rng.h
+++ b/doxygen/input/doc_rng.h
@ -32,11 +32,6 @@
 * source of entropy. For these purposes \c mbedtls_entropy_func() can be used.
 * This is an implementation based on a simple entropy accumulator design.
 *
 * The other number generator that is included is less strong and uses the
 * HAVEGE (HArdware Volatile Entropy Gathering and Expansion) software heuristic
 * which considered unsafe for primary usage, but provides additional random
 * to the entropy pool if enables.
 *
 * Meaning that there seems to be no practical algorithm that can guess
 * the next bit with a probability larger than 1/2 in an output sequence.
 *
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@ -710,7 +710,7 @@ EXCLUDE_SYMLINKS       = YES
 # against the file with absolute path, so to exclude all test directories
 # for example use the pattern */test/*
-EXCLUDE_PATTERNS       = *_internal.h *_wrap.h
+EXCLUDE_PATTERNS       =
 # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
 # (namespaces, classes, functions, etc.) that should be excluded from the
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@ -60,12 +60,6 @@
 /* Error codes in range 0x0021-0x0025 */
 #define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021  /**< Invalid input data. */
 /* MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE is deprecated and should not be used. */
 #define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE               -0x0023  /**< Feature not available. For example, an unsupported AES key size. */
 /* MBEDTLS_ERR_AES_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_AES_HW_ACCEL_FAILED                   -0x0025  /**< AES hardware accelerator failed. */
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@ -34,9 +34,6 @@
 #include <stddef.h>
 /* MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED                  -0x0019  /**< ARC4 hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@ -47,20 +47,10 @@
 #define MBEDTLS_ARIA_MAX_ROUNDS  16 /**< Maxiumum number of rounds in ARIA. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32 /**< Maximum size of an ARIA key in bytes. */
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #define MBEDTLS_ERR_ARIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x005C )
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #define MBEDTLS_ERR_ARIA_BAD_INPUT_DATA -0x005C /**< Bad input data. */
 #define MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH -0x005E /**< Invalid data input length. */
 /* MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE  -0x005A  /**< Feature not available. For example, an unsupported ARIA key size. */
 /* MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED      -0x0058  /**< ARIA hardware accelerator failed. */
 #if !defined(MBEDTLS_ARIA_ALT)
 // Regular implementation
 //
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@ -578,7 +578,7 @@ int mbedtls_asn1_get_alg_null( unsigned char **p,
 *
 * \return      NULL if not found, or a pointer to the existing entry.
 */
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
                                       const char *oid, size_t len );
 /**
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@ -55,7 +55,7 @@ extern "C" {
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
                            size_t len );
 /**
 * \brief           Write an ASN.1 tag in ASN.1 format.
@ -69,7 +69,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
                            unsigned char tag );
 /**
@ -85,7 +85,7 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
                                   const unsigned char *buf, size_t size );
 #if defined(MBEDTLS_BIGNUM_C)
@ -103,7 +103,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
                            const mbedtls_mpi *X );
 #endif /* MBEDTLS_BIGNUM_C */
@ -119,7 +119,7 @@ int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
+int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
 /**
 * \brief           Write an OID tag (#MBEDTLS_ASN1_OID) and data
@ -135,7 +135,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
                            const char *oid, size_t oid_len );
 /**
@ -154,7 +154,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
 int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
-                                             unsigned char *start,
+                                             const unsigned char *start,
                                             const char *oid, size_t oid_len,
                                             size_t par_len );
@ -171,7 +171,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
                             int boolean );
 /**
@ -188,7 +188,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
+int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
 /**
 * \brief           Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
@ -203,7 +203,7 @@ int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
 * \return          The number of bytes written to \p p on success.
 * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
 */
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
+int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
 /**
 * \brief           Write a string in ASN.1 format using a specific
@ -222,7 +222,7 @@ int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val );
 * \return          The number of bytes written to \p p on success.
 * \return          A negative error code on failure.
 */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
                                      int tag, const char *text,
                                      size_t text_len );
@ -242,7 +242,7 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start,
 * \return          A negative error code on failure.
 */
 int mbedtls_asn1_write_printable_string( unsigned char **p,
-                                         unsigned char *start,
+                                         const unsigned char *start,
                                         const char *text, size_t text_len );
 /**
@ -260,7 +260,7 @@ int mbedtls_asn1_write_printable_string( unsigned char **p,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative error code on failure.
 */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
                                    const char *text, size_t text_len );
 /**
@ -278,7 +278,7 @@ int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative error code on failure.
 */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
                                   const char *text, size_t text_len );
 /**
@ -295,7 +295,7 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative error code on failure.
 */
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
                                  const unsigned char *buf, size_t bits );
 /**
@ -316,7 +316,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
 * \return          A negative error code on failure.
 */
 int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        unsigned char *start,
+                                        const unsigned char *start,
                                        const unsigned char *buf,
                                        size_t bits );
@ -334,7 +334,7 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
 * \return          The number of bytes written to \p p on success.
 * \return          A negative error code on failure.
 */
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
                                     const unsigned char *buf, size_t size );
 /**
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@ -40,17 +40,10 @@
 #define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
 #define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0016 )
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #define MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA -0x0016 /**< Bad input data. */
 #define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH -0x0018 /**< Invalid data input length. */
 /* MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED                   -0x0017  /**< Blowfish hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@ -36,17 +36,10 @@
 #define MBEDTLS_CAMELLIA_ENCRYPT     1
 #define MBEDTLS_CAMELLIA_DECRYPT     0
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( -0x0024 )
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024 /**< Bad input data. */
 #define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH -0x0026 /**< Invalid data input length. */
 /* MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED              -0x0027  /**< Camellia hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@ -58,9 +58,6 @@
 #define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D /**< Bad input parameters to the function. */
 #define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F /**< Authenticated decryption failed. */
 /* MBEDTLS_ERR_CCM_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_CCM_HW_ACCEL_FAILED -0x0011 /**< CCM hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@ -43,14 +43,6 @@
 #define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0051 /**< Invalid input parameter(s). */
 /* MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE is deprecated and should not be
 * used. */
 #define MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE    -0x0053 /**< Feature not available. For example, s part of the API is not implemented. */
 /* MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED        -0x0055  /**< Chacha20 hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -81,10 +81,6 @@
 #error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) && !defined(MBEDTLS_SSL_TRUNCATED_HMAC)
 #error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_CMAC_C) && \
    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
 #error "MBEDTLS_CMAC_C defined, but not all prerequisites"
@ -210,8 +206,7 @@
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
-     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \
+     ( defined(MBEDTLS_ENTROPY_NV_SEED) || defined(MBEDTLS_ENTROPY_HARDWARE_ALT) )
    defined(MBEDTLS_HAVEGE_C) )
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but entropy sources too"
 #endif
@ -256,10 +251,6 @@
 #error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
 #endif
 #if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
 #error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
 #error "MBEDTLS_HKDF_C defined, but not all prerequisites"
 #endif
@ -371,18 +362,6 @@
 #error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
 #error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_PKCS11_C)
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 #error "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
 #elif defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "MBEDTLS_PKCS11_C is deprecated and will be removed in a future version of Mbed TLS"
 #endif
 #endif /* MBEDTLS_PKCS11_C */
 #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
 #error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
 #endif
@ -643,11 +622,6 @@
 #error "MBEDTLS_SHA512_NO_SHA384 defined without MBEDTLS_SHA512_C"
 #endif
 #if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
    !defined(MBEDTLS_SHA1_C) )
 #error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
    !defined(MBEDTLS_SHA1_C) )
 #error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
@ -668,8 +642,8 @@
 #error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
 #endif
-#if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) ||  \
+#if (defined(MBEDTLS_SSL_PROTO_TLS1) || defined(MBEDTLS_SSL_PROTO_TLS1_1) ||\
-     defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
+     defined(MBEDTLS_SSL_PROTO_TLS1_2)) &&                                  \
    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \
      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
@ -704,28 +678,16 @@
 #error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
 #endif
-#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_TLS1) && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1_2))
    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
 #error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
 #endif
 #if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
 #error "Illegal protocol selection"
 #endif
 #if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
 #error "Illegal protocol selection"
 #endif
 #if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
 #error "Illegal protocol selection"
 #endif
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
 #error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
@ -780,8 +742,7 @@
 #error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif
-#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && !defined(MBEDTLS_SSL_PROTO_TLS1)
    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
 #error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
 #endif
@ -829,10 +790,6 @@
 #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
 #error "MBEDTLS_CERTS_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
 #error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
 #endif
@ -862,30 +819,6 @@
 #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
 #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 #error "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
 #elif defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "MBEDTLS_SSL_PROTO_SSL3 is deprecated and will be removed in a future version of Mbed TLS"
 #endif
 #endif /* MBEDTLS_SSL_PROTO_SSL3 */
 #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 #error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
 #elif defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO is deprecated and will be removed in a future version of Mbed TLS"
 #endif
 #endif /* MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 #error "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
 #elif defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "MBEDTLS_SSL_HW_RECORD_ACCEL is deprecated and will be removed in a future version of Mbed TLS"
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
 #if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
 #error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
 #endif
@ -894,6 +827,40 @@
 #error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
 #endif
 /* Reject attempts to enable options that have been removed and that could
 * cause a build to succeed but with features removed. */
 #if defined(MBEDTLS_HAVEGE_C) //no-check-names
 #error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
 #endif
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
 #error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 #if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
 #error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
 #error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
 #error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
 #error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
 #endif
 #if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
 #error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 /*
 * Avoid warning from -pedantic. This is a convenient place for this
 * workaround since this is included by every single file before the
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@ -62,9 +62,6 @@
 #define MBEDTLS_ERR_CIPHER_AUTH_FAILED          -0x6300  /**< Authentication failed (for AEAD modes). */
 #define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT      -0x6380  /**< The context is invalid. For example, because it was freed. */
 /* MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED      -0x6400  /**< Cipher hardware accelerator failed. */
 #define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length. */
 #define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length. */
@ -229,13 +226,13 @@ enum {
 /** Maximum length of any IV, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
 * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in ssl_internal.h. */
+ * in library/ssl_misc.h. */
 #define MBEDTLS_MAX_IV_LENGTH      16
 /** Maximum block size of any cipher, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
 * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h. */
+ * in library/ssl_misc.h. */
 #define MBEDTLS_MAX_BLOCK_LENGTH   16
 /** Maximum key length, in Bytes. */
@ -243,7 +240,7 @@ enum {
 * For now, only check whether XTS is enabled which uses 64 Byte keys,
 * and use 32 Bytes as an upper bound for the maximum key length otherwise.
 * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h, which however deliberately ignores the case of XTS
+ * in library/ssl_misc.h, which however deliberately ignores the case of XTS
 * since the latter isn't used in SSL/TLS. */
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 #define MBEDTLS_MAX_KEY_LENGTH     64
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -38,9 +38,6 @@
 extern "C" {
 #endif
 /* MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED -0x007A  /**< CMAC hardware accelerator failed. */
 #define MBEDTLS_AES_BLOCK_SIZE          16
 #define MBEDTLS_DES3_BLOCK_SIZE         8
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -48,7 +48,7 @@
 * Used in:
 *      library/aria.c
 *      library/timing.c
- *      include/mbedtls/bn_mul.h
+ *      library/bn_mul.h
 *
 * Required by:
 *      MBEDTLS_AESNI_C
@ -559,7 +559,8 @@
 * hardware entropy collector.
 *
 * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ * prototype as declared in library/entropy_poll.h, and accept NULL as first
 * argument.
 *
 * Uncomment to use your own hardware entropy collector.
 */
@ -714,10 +715,6 @@
 * Warning: Only do so when you know what you are doing. This allows for
 * channels with virtually no security at all!
 *
 * This enables the following ciphersuites:
 *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
 *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
 *
 * Uncomment this macro to enable weak ciphersuites
 *
 * \warning   DES is considered a weak cipher and its use constitutes a
@ -725,19 +722,6 @@
 */
 //#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
 /**
 * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 *
 * Remove RC4 ciphersuites by default in SSL / TLS.
 * This flag removes the ciphersuites based on RC4 from the default list as
 * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
 * enable (some of) them with mbedtls_ssl_conf_ciphersuites() by including them
 * explicitly.
 *
 * Uncomment this macro to remove RC4 ciphersuites by default.
 */
 #define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 /**
 * \def MBEDTLS_REMOVE_3DES_CIPHERSUITES
 *
@ -900,7 +884,6 @@
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
@ -924,7 +907,6 @@
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 *
 * \warning    Using DHE constitutes a security risk as it
 *             is not possible to validate custom DH parameters.
@ -951,7 +933,6 @@
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
@ -976,7 +957,6 @@
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
@ -1003,8 +983,6 @@
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
 */
 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
@ -1062,7 +1040,6 @@
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
@ -1086,7 +1063,6 @@
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 */
 #define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
@ -1099,7 +1075,6 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
@ -1123,7 +1098,6 @@
 *
 * This enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
@ -1205,8 +1179,8 @@
 /**
 * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 *
- * Do not add default entropy sources. These are the platform specific,
+ * Do not add default entropy sources. These are the platform specific
- * mbedtls_timing_hardclock and HAVEGE based poll functions.
+ * or mbedtls_timing_hardclock poll function.
 *
 * This is useful to have more control over the added entropy sources in an
 * application.
@ -1688,23 +1662,10 @@
 */
 #define MBEDTLS_SSL_KEEP_PEER_CERTIFICATE
 /**
 * \def MBEDTLS_SSL_HW_RECORD_ACCEL
 *
 * Enable hooking functions in SSL module for hardware acceleration of
 * individual records.
 *
 * \deprecated This option is deprecated and will be removed in a future
 *             version of Mbed TLS.
 *
 * Uncomment this macro to enable hooking functions.
 */
 //#define MBEDTLS_SSL_HW_RECORD_ACCEL
 /**
 * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
 *
- * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
+ * Enable 1/n-1 record splitting for CBC mode in TLS 1.0.
 *
 * This is a countermeasure to the BEAST attack, which also minimizes the risk
 * of interoperability issues compared to sending 0-length records.
@ -1735,19 +1696,6 @@
 */
 #define MBEDTLS_SSL_RENEGOTIATION
 /**
 * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 *
 * Enable support for receiving and parsing SSLv2 Client Hello messages for the
 * SSL Server module (MBEDTLS_SSL_SRV_C).
 *
 * \deprecated This option is deprecated and will be removed in a future
 *             version of Mbed TLS.
 *
 * Uncomment this macro to enable support for SSLv2 Client Hello messages.
 */
 //#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 /**
 * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
 *
@ -1767,21 +1715,6 @@
 */
 #define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 /**
 * \def MBEDTLS_SSL_PROTO_SSL3
 *
 * Enable support for SSL 3.0.
 *
 * Requires: MBEDTLS_MD5_C
 *           MBEDTLS_SHA1_C
 *
 * \deprecated This option is deprecated and will be removed in a future
 *             version of Mbed TLS.
 *
 * Comment this macro to disable support for SSL 3.0
 */
 //#define MBEDTLS_SSL_PROTO_SSL3
 /**
 * \def MBEDTLS_SSL_PROTO_TLS1
 *
@ -1996,30 +1929,6 @@
 */
 #define MBEDTLS_SSL_TRUNCATED_HMAC
 /**
 * \def MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 *
 * Fallback to old (pre-2.7), non-conforming implementation of the truncated
 * HMAC extension which also truncates the HMAC key. Note that this option is
 * only meant for a transitory upgrade period and will be removed in a future
 * version of the library.
 *
 * \warning The old implementation is non-compliant and has a security weakness
 *          (2^80 brute force attack on the HMAC key used for a single,
 *          uninterrupted connection). This should only be enabled temporarily
 *          when (1) the use of truncated HMAC is essential in order to save
 *          bandwidth, and (2) the peer is an Mbed TLS stack that doesn't use
 *          the fixed implementation yet (pre-2.7).
 *
 * \deprecated This option is deprecated and will be removed in a
 *             future version of Mbed TLS.
 *
 * Uncomment to fallback to old, non-compliant truncated HMAC implementation.
 *
 * Requires: MBEDTLS_SSL_TRUNCATED_HMAC
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
 *
@ -2243,31 +2152,6 @@
 * Comment this macro to disallow using RSASSA-PSS in certificates.
 */
 #define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 /**
 * \def MBEDTLS_ZLIB_SUPPORT
 *
 * If set, the SSL/TLS module uses ZLIB to support compression and
 * decompression of packet data.
 *
 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
 * CRIME attack. Before enabling this option, you should examine with care if
 * CRIME or similar exploits may be applicable to your use case.
 *
 * \note Currently compression can't be used with DTLS.
 *
 * \deprecated This feature is deprecated and will be removed
 *             in the next major revision of the library.
 *
 * Used in: library/ssl_tls.c
 *          library/ssl_cli.c
 *          library/ssl_srv.c
 *
 * This feature requires zlib library and headers to be present.
 *
 * Uncomment to enable use of ZLIB
 */
 //#define MBEDTLS_ZLIB_SUPPORT
 /* \} name SECTION: mbed TLS feature support */
 /**
@ -2376,16 +2260,6 @@
 *
 * This module enables the following ciphersuites (if other requisites are
 * enabled as well):
 *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
 *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
 *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
 *
 * \warning   ARC4 is considered a weak cipher and its use constitutes a
 *            security risk. If possible, we recommend avoidng dependencies on
@ -2444,7 +2318,7 @@
 *          library/ecp.c
 *          library/ecdsa.c
 *          library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.c
 *          library/ssl_tls.c
 *
 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@ -2581,18 +2455,6 @@
 */
 #define MBEDTLS_CCM_C
 /**
 * \def MBEDTLS_CERTS_C
 *
 * Enable the test certificates.
 *
 * Module:  library/certs.c
 * Caller:
 *
 * This module is used for testing (ssl_client/server).
 */
 #define MBEDTLS_CERTS_C
 /**
 * \def MBEDTLS_CHACHA20_C
 *
@ -2828,29 +2690,6 @@
 */
 #define MBEDTLS_GCM_C
 /**
 * \def MBEDTLS_HAVEGE_C
 *
 * Enable the HAVEGE random generator.
 *
 * Warning: the HAVEGE random generator is not suitable for virtualized
 *          environments
 *
 * Warning: the HAVEGE random generator is dependent on timing and specific
 *          processor traits. It is therefore not advised to use HAVEGE as
 *          your applications primary random generator or primary entropy pool
 *          input. As a secondary input to your entropy pool, it IS able add
 *          the (limited) extra entropy it provides.
 *
 * Module:  library/havege.c
 * Caller:
 *
 * Requires: MBEDTLS_TIMING_C
 *
 * Uncomment to enable the HAVEGE random generator.
 */
 //#define MBEDTLS_HAVEGE_C
 /**
 * \def MBEDTLS_HKDF_C
 *
@ -3125,24 +2964,6 @@
 */
 #define MBEDTLS_PKCS5_C
 /**
 * \def MBEDTLS_PKCS11_C
 *
 * Enable wrapper for PKCS#11 smartcard support via the pkcs11-helper library.
 *
 * \deprecated This option is deprecated and will be removed in a future
 *             version of Mbed TLS.
 *
 * Module:  library/pkcs11.c
 * Caller:  library/pk.c
 *
 * Requires: MBEDTLS_PK_C
 *
 * This module enables SSL/TLS PKCS #11 smartcard support.
 * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
 */
 //#define MBEDTLS_PKCS11_C
 /**
 * \def MBEDTLS_PKCS12_C
 *
@ -3265,7 +3086,7 @@
 * Enable the RSA public-key cryptosystem.
 *
 * Module:  library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
@ -3449,9 +3270,6 @@
 * https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS
 *
 * Module:  library/timing.c
 * Caller:  library/havege.c
 *
 * This module is used by the HAVEGE random number generator.
 */
 #define MBEDTLS_TIMING_C
@ -3859,7 +3677,6 @@
 */
 //#define MBEDTLS_SSL_DTLS_MAX_BUFFERING             32768
 //#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 //#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
@ -3881,20 +3698,6 @@
 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
 /**
 * Allow SHA-1 in the default TLS configuration for certificate signing.
 * Without this build-time option, SHA-1 support must be activated explicitly
 * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
 * recommended because of it is possible to generate SHA-1 collisions, however
 * this may be safe for legacy infrastructure where additional controls apply.
 *
 * \warning   SHA-1 is considered a weak message digest and its use constitutes
 *            a security risk. If possible, we recommend avoiding dependencies
 *            on it, and considering stronger message digests instead.
 *
 */
 //#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
 /**
 * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
 * signature and ciphersuite selection. Without this build-time option, SHA-1
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@ -41,9 +41,6 @@
 #define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
 /* MBEDTLS_ERR_DES_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_DES_HW_ACCEL_FAILED                   -0x0033  /**< DES hardware accelerator failed. */
 #define MBEDTLS_DES_KEY_SIZE    8
 #ifdef __cplusplus
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@ -82,10 +82,6 @@
 #define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
 #define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400  /**< Allocation of memory failed. */
 #define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read or write of file failed. */
 /* MBEDTLS_ERR_DHM_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_DHM_HW_ACCEL_FAILED                   -0x3500  /**< DHM hardware accelerator failed. */
 #define MBEDTLS_ERR_DHM_SET_GROUP_FAILED                  -0x3580  /**< Setting the modulus and generator failed. */
 #ifdef __cplusplus
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -53,10 +53,6 @@
 #define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as ephemeral key, failed. */
 #define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
 #define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< The buffer contains a valid signature followed by more data. */
 /* MBEDTLS_ERR_ECP_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_ECP_HW_ACCEL_FAILED                   -0x4B80  /**< The ECP hardware accelerator failed. */
 #define MBEDTLS_ERR_ECP_IN_PROGRESS                       -0x4B00  /**< Operation in progress, call again with the same parameters to continue. */
 /* Flags indicating whether to include code that is specific to certain
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -44,9 +44,6 @@
 #include "mbedtls/threading.h"
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
 #include "mbedtls/havege.h"
 #endif
 #define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
 #define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
@ -130,9 +127,6 @@ typedef struct mbedtls_entropy_context
 #endif
    int             source_count; /* Number of entries used in source. */
    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_state    havege_data;
 #endif
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
 #endif
@ -142,6 +136,14 @@ typedef struct mbedtls_entropy_context
 }
 mbedtls_entropy_context;
 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
 /**
 * \brief           Platform-specific entropy poll callback
 */
 int mbedtls_platform_entropy_poll( void *data,
                           unsigned char *output, size_t len, size_t *olen );
 #endif
 /**
 * \brief           Initialize the context
 *
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -114,6 +114,9 @@ extern "C" {
 #define MBEDTLS_ERR_ERROR_GENERIC_ERROR       -0x0001  /**< Generic error */
 #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E  /**< This is a bug in the library */
 #define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED     -0x0070 /**< Hardware accelerator failed */
 #define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
 /**
 * \brief Translate a mbed TLS error code into a string representation,
 *        Result is truncated if necessary and always includes a terminating
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@ -45,10 +45,6 @@
 #define MBEDTLS_GCM_DECRYPT     0
 #define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
 /* MBEDTLS_ERR_GCM_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_GCM_HW_ACCEL_FAILED                   -0x0013  /**< GCM hardware accelerator failed. */
 #define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
 #ifdef __cplusplus
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@ -1,80 +0,0 @@
 /**
 * \file havege.h
 *
 * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
 */
 /*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
 #ifndef MBEDTLS_HAVEGE_H
 #define MBEDTLS_HAVEGE_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #include <stddef.h>
 #include <stdint.h>
 #define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
 #ifdef __cplusplus
 extern "C" {
 #endif
 /**
 * \brief          HAVEGE state structure
 */
 typedef struct mbedtls_havege_state
 {
    uint32_t PT1, PT2, offset[2];
    uint32_t pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
    uint32_t WALK[8192];
 }
 mbedtls_havege_state;
 /**
 * \brief          HAVEGE initialization
 *
 * \param hs       HAVEGE state to be initialized
 */
 void mbedtls_havege_init( mbedtls_havege_state *hs );
 /**
 * \brief          Clear HAVEGE state
 *
 * \param hs       HAVEGE state to be cleared
 */
 void mbedtls_havege_free( mbedtls_havege_state *hs );
 /**
 * \brief          HAVEGE rand function
 *
 * \param p_rng    A HAVEGE state
 * \param output   Buffer to fill
 * \param len      Length of buffer
 *
 * \return         0
 */
 int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
 #ifdef __cplusplus
 }
 #endif
 #endif /* havege.h */
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -38,9 +38,6 @@
 #define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
 #define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
 /* MBEDTLS_ERR_MD_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_MD_HW_ACCEL_FAILED                    -0x5280  /**< MD hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -79,8 +76,15 @@ typedef enum {
 #endif
 /**
- * Opaque struct defined in md_internal.h.
+ * Opaque struct.
 *
 * Constructed using either #mbedtls_md_info_from_string or
 * #mbedtls_md_info_from_type.
 *
 * Fields can be accessed with #mbedtls_md_get_size,
 * #mbedtls_md_get_type and #mbedtls_md_get_name.
 */
 /* Defined internally in library/md_wrap.h. */
 typedef struct mbedtls_md_info_t mbedtls_md_info_t;
 /**
@ -158,33 +162,6 @@ void mbedtls_md_init( mbedtls_md_context_t *ctx );
 */
 void mbedtls_md_free( mbedtls_md_context_t *ctx );
 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED    __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief           This function selects the message digest algorithm to use,
 *                  and allocates internal structures.
 *
 *                  It should be called after mbedtls_md_init() or mbedtls_md_free().
 *                  Makes it necessary to call mbedtls_md_free() later.
 *
 * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
 *
 * \param ctx       The context to set up.
 * \param md_info   The information structure of the message-digest algorithm
 *                  to use.
 *
 * \return          \c 0 on success.
 * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
 *                  failure.
 * \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
 */
 int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
 #undef MBEDTLS_DEPRECATED
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief           This function selects the message digest algorithm to use,
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@ -35,9 +35,6 @@
 #include <stddef.h>
 /* MBEDTLS_ERR_MD2_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_MD2_HW_ACCEL_FAILED                   -0x002B  /**< MD2 hardware accelerator failed */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -167,77 +164,6 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
 */
 int mbedtls_internal_md2_process( mbedtls_md2_context *ctx );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          MD2 context setup
 *
 * \deprecated     Superseded by mbedtls_md2_starts_ret() in 2.7.0
 *
 * \param ctx      context to be initialized
 *
 * \warning        MD2 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md2_starts( mbedtls_md2_context *ctx );
 /**
 * \brief          MD2 process buffer
 *
 * \deprecated     Superseded by mbedtls_md2_update_ret() in 2.7.0
 *
 * \param ctx      MD2 context
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 *
 * \warning        MD2 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md2_update( mbedtls_md2_context *ctx,
                                            const unsigned char *input,
                                            size_t ilen );
 /**
 * \brief          MD2 final digest
 *
 * \deprecated     Superseded by mbedtls_md2_finish_ret() in 2.7.0
 *
 * \param ctx      MD2 context
 * \param output   MD2 checksum result
 *
 * \warning        MD2 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md2_finish( mbedtls_md2_context *ctx,
                                            unsigned char output[16] );
 /**
 * \brief          MD2 process data block (internal use only)
 *
 * \deprecated     Superseded by mbedtls_internal_md2_process() in 2.7.0
 *
 * \param ctx      MD2 context
 *
 * \warning        MD2 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md2_process( mbedtls_md2_context *ctx );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          Output = MD2( input buffer )
 *
@ -254,33 +180,6 @@ int mbedtls_md2_ret( const unsigned char *input,
                     size_t ilen,
                     unsigned char output[16] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          Output = MD2( input buffer )
 *
 * \deprecated     Superseded by mbedtls_md2_ret() in 2.7.0
 *
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 * \param output   MD2 checksum result
 *
 * \warning        MD2 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
                                     size_t ilen,
                                     unsigned char output[16] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@ -36,9 +36,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_MD4_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_MD4_HW_ACCEL_FAILED                   -0x002D  /**< MD4 hardware accelerator failed */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -168,79 +165,6 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
 int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
                                  const unsigned char data[64] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          MD4 context setup
 *
 * \deprecated     Superseded by mbedtls_md4_starts_ret() in 2.7.0
 *
 * \param ctx      context to be initialized
 *
 * \warning        MD4 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md4_starts( mbedtls_md4_context *ctx );
 /**
 * \brief          MD4 process buffer
 *
 * \deprecated     Superseded by mbedtls_md4_update_ret() in 2.7.0
 *
 * \param ctx      MD4 context
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 *
 * \warning        MD4 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md4_update( mbedtls_md4_context *ctx,
                                            const unsigned char *input,
                                            size_t ilen );
 /**
 * \brief          MD4 final digest
 *
 * \deprecated     Superseded by mbedtls_md4_finish_ret() in 2.7.0
 *
 * \param ctx      MD4 context
 * \param output   MD4 checksum result
 *
 * \warning        MD4 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md4_finish( mbedtls_md4_context *ctx,
                                            unsigned char output[16] );
 /**
 * \brief          MD4 process data block (internal use only)
 *
 * \deprecated     Superseded by mbedtls_internal_md4_process() in 2.7.0
 *
 * \param ctx      MD4 context
 * \param data     buffer holding one block of data
 *
 * \warning        MD4 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md4_process( mbedtls_md4_context *ctx,
                                             const unsigned char data[64] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          Output = MD4( input buffer )
 *
@ -259,33 +183,6 @@ int mbedtls_md4_ret( const unsigned char *input,
                     size_t ilen,
                     unsigned char output[16] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          Output = MD4( input buffer )
 *
 * \deprecated     Superseded by mbedtls_md4_ret() in 2.7.0
 *
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 * \param output   MD4 checksum result
 *
 * \warning        MD4 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
                                     size_t ilen,
                                     unsigned char output[16] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@ -35,9 +35,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_MD5_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_MD5_HW_ACCEL_FAILED                   -0x002F  /**< MD5 hardware accelerator failed */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -168,79 +165,6 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
 int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
                                  const unsigned char data[64] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          MD5 context setup
 *
 * \deprecated     Superseded by mbedtls_md5_starts_ret() in 2.7.0
 *
 * \param ctx      context to be initialized
 *
 * \warning        MD5 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md5_starts( mbedtls_md5_context *ctx );
 /**
 * \brief          MD5 process buffer
 *
 * \deprecated     Superseded by mbedtls_md5_update_ret() in 2.7.0
 *
 * \param ctx      MD5 context
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 *
 * \warning        MD5 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md5_update( mbedtls_md5_context *ctx,
                                            const unsigned char *input,
                                            size_t ilen );
 /**
 * \brief          MD5 final digest
 *
 * \deprecated     Superseded by mbedtls_md5_finish_ret() in 2.7.0
 *
 * \param ctx      MD5 context
 * \param output   MD5 checksum result
 *
 * \warning        MD5 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md5_finish( mbedtls_md5_context *ctx,
                                            unsigned char output[16] );
 /**
 * \brief          MD5 process data block (internal use only)
 *
 * \deprecated     Superseded by mbedtls_internal_md5_process() in 2.7.0
 *
 * \param ctx      MD5 context
 * \param data     buffer holding one block of data
 *
 * \warning        MD5 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md5_process( mbedtls_md5_context *ctx,
                                             const unsigned char data[64] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          Output = MD5( input buffer )
 *
@ -259,33 +183,6 @@ int mbedtls_md5_ret( const unsigned char *input,
                     size_t ilen,
                     unsigned char output[16] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          Output = MD5( input buffer )
 *
 * \deprecated     Superseded by mbedtls_md5_ret() in 2.7.0
 *
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 * \param output   MD5 checksum result
 *
 * \warning        MD5 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
                                     size_t ilen,
                                     unsigned char output[16] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -67,9 +67,6 @@
 #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
 #define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900  /**< The buffer contains a valid signature followed by more data. */
 /* MBEDTLS_ERR_PK_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_PK_HW_ACCEL_FAILED     -0x3880  /**< PK hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -118,7 +115,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
 /* For RSA, the signature can be as large as the bignum module allows.
 * For RSA_ALT, the signature size is not necessarily tied to what the
 * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in pk_wrap will check). */
+ * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
 #undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
 #define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
 #endif
@ -760,7 +757,7 @@ int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path )
 * \return          length of data written if successful, or a specific
 *                  error code
 */
-int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 /**
 * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
@ -775,7 +772,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_
 * \return          length of data written if successful, or a specific
 *                  error code
 */
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 #if defined(MBEDTLS_PEM_WRITE_C)
 /**
@ -788,7 +785,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, si
 *
 * \return          0 if successful, or a specific error code
 */
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 /**
 * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
@ -800,7 +797,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, si
 *
 * \return          0 if successful, or a specific error code
 */
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 #endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_PK_WRITE_C */
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@ -1,246 +0,0 @@
 /**
 * \file pkcs11.h
 *
 * \brief Wrapper for PKCS#11 library libpkcs11-helper
 *
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
 #ifndef MBEDTLS_PKCS11_H
 #define MBEDTLS_PKCS11_H
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
 #include MBEDTLS_CONFIG_FILE
 #endif
 #if defined(MBEDTLS_PKCS11_C)
 #include "mbedtls/x509_crt.h"
 #include <pkcs11-helper-1.0/pkcs11h-certificate.h>
 #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
    !defined(inline) && !defined(__cplusplus)
 #define inline __inline
 #endif
 #ifdef __cplusplus
 extern "C" {
 #endif
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 /**
 * Context for PKCS #11 private keys.
 */
 typedef struct mbedtls_pkcs11_context
 {
        pkcs11h_certificate_t pkcs11h_cert;
        int len;
 } mbedtls_pkcs11_context;
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * Initialize a mbedtls_pkcs11_context.
 * (Just making memory references valid.)
 *
 * \deprecated          This function is deprecated and will be removed in a
 *                      future version of the library.
 */
 MBEDTLS_DEPRECATED void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx );
 /**
 * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
 *
 * \deprecated          This function is deprecated and will be removed in a
 *                      future version of the library.
 *
 * \param cert          X.509 certificate to fill
 * \param pkcs11h_cert  PKCS #11 helper certificate
 *
 * \return              0 on success.
 */
 MBEDTLS_DEPRECATED int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert,
                                        pkcs11h_certificate_t pkcs11h_cert );
 /**
 * Set up a mbedtls_pkcs11_context storing the given certificate. Note that the
 * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
 * done.
 *
 * \deprecated          This function is deprecated and will be removed in a
 *                      future version of the library.
 *
 * \param priv_key      Private key structure to fill.
 * \param pkcs11_cert   PKCS #11 helper certificate
 *
 * \return              0 on success
 */
 MBEDTLS_DEPRECATED int mbedtls_pkcs11_priv_key_bind(
                                        mbedtls_pkcs11_context *priv_key,
                                        pkcs11h_certificate_t pkcs11_cert );
 /**
 * Free the contents of the given private key context. Note that the structure
 * itself is not freed.
 *
 * \deprecated          This function is deprecated and will be removed in a
 *                      future version of the library.
 *
 * \param priv_key      Private key structure to cleanup
 */
 MBEDTLS_DEPRECATED void mbedtls_pkcs11_priv_key_free(
                                            mbedtls_pkcs11_context *priv_key );
 /**
 * \brief          Do an RSA private key decrypt, then remove the message
 *                 padding
 *
 * \deprecated     This function is deprecated and will be removed in a future
 *                 version of the library.
 *
 * \param ctx      PKCS #11 context
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
 * \param input    buffer holding the encrypted data
 * \param output   buffer that will hold the plaintext
 * \param olen     will contain the plaintext length
 * \param output_max_len    maximum length of the output buffer
 *
 * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
 *
 * \note           The output buffer must be as large as the size
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
 *                 an error is thrown.
 */
 MBEDTLS_DEPRECATED int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
                                               int mode, size_t *olen,
                                               const unsigned char *input,
                                               unsigned char *output,
                                               size_t output_max_len );
 /**
 * \brief          Do a private RSA to sign a message digest
 *
 * \deprecated     This function is deprecated and will be removed in a future
 *                 version of the library.
 *
 * \param ctx      PKCS #11 context
 * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
 * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
 * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
 * \param hash     buffer holding the message digest
 * \param sig      buffer that will hold the ciphertext
 *
 * \return         0 if the signing operation was successful,
 *                 or an MBEDTLS_ERR_RSA_XXX error code
 *
 * \note           The "sig" buffer must be as large as the size
 *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
 */
 MBEDTLS_DEPRECATED int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
                                            int mode,
                                            mbedtls_md_type_t md_alg,
                                            unsigned int hashlen,
                                            const unsigned char *hash,
                                            unsigned char *sig );
 /**
 * SSL/TLS wrappers for PKCS#11 functions
 *
 * \deprecated     This function is deprecated and will be removed in a future
 *                 version of the library.
 */
 MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx,
                            int mode, size_t *olen,
                            const unsigned char *input, unsigned char *output,
                            size_t output_max_len )
 {
    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
                           output_max_len );
 }
 /**
 * \brief          This function signs a message digest using RSA.
 *
 * \deprecated     This function is deprecated and will be removed in a future
 *                 version of the library.
 *
 * \param ctx      The PKCS #11 context.
 * \param f_rng    The RNG function. This parameter is unused.
 * \param p_rng    The RNG context. This parameter is unused.
 * \param mode     The operation to run. This must be set to
 *                 MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's
 *                 signature.
 * \param md_alg   The message digest algorithm. One of the MBEDTLS_MD_XXX
 *                 must be passed to this function and MBEDTLS_MD_NONE can be
 *                 used for signing raw data.
 * \param hashlen  The message digest length (for MBEDTLS_MD_NONE only).
 * \param hash     The buffer holding the message digest.
 * \param sig      The buffer that will hold the ciphertext.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         A non-zero error code on failure.
 *
 * \note           The \p sig buffer must be as large as the size of
 *                 <code>ctx->N</code>. For example, 128 bytes if RSA-1024 is
 *                 used.
 */
 MBEDTLS_DEPRECATED static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
                    const unsigned char *hash, unsigned char *sig )
 {
    ((void) f_rng);
    ((void) p_rng);
    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
                        hashlen, hash, sig );
 }
 /**
 * This function gets the length of the private key.
 *
 * \deprecated     This function is deprecated and will be removed in a future
 *                 version of the library.
 *
 * \param ctx      The PKCS #11 context.
 *
 * \return         The length of the private key.
 */
 MBEDTLS_DEPRECATED static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
 {
    return ( (mbedtls_pkcs11_context *) ctx )->len;
 }
 #undef MBEDTLS_DEPRECATED
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 #ifdef __cplusplus
 }
 #endif
 #endif /* MBEDTLS_PKCS11_C */
 #endif /* MBEDTLS_PKCS11_H */
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@ -41,9 +41,6 @@
 #include "mbedtls/platform_time.h"
 #endif
 #define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED     -0x0070 /**< Hardware accelerator failed */
 #define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072 /**< The requested feature is not supported by the platform */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@ -43,14 +43,6 @@
 #define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057 /**< Invalid input parameter(s). */
 /* MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE is deprecated and should not be
 * used. */
 #define MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE    -0x0059 /**< Feature not available. For example, s part of the API is not implemented. */
 /* MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED        -0x005B  /**< Poly1305 hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@ -40,6 +40,7 @@
 #include "mbedtls/md.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/error.h"
 #include <string.h>
@ -353,11 +354,11 @@ static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
        case PSA_ERROR_COMMUNICATION_FAILURE:
        case PSA_ERROR_HARDWARE_FAILURE:
        case PSA_ERROR_CORRUPTION_DETECTED:
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        default: /* We return the same as for the 'other failures',
                  * but list them separately nonetheless to indicate
                  * which failure conditions we have considered. */
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
    }
 }
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@ -31,10 +31,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED             -0x0031  /**< RIPEMD160 hardware accelerator failed */
 #ifdef __cplusplus
 extern "C" {
 #endif
@ -125,63 +121,6 @@ int mbedtls_ripemd160_finish_ret( mbedtls_ripemd160_context *ctx,
 int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
                                        const unsigned char data[64] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          RIPEMD-160 context setup
 *
 * \deprecated     Superseded by mbedtls_ripemd160_starts_ret() in 2.7.0
 *
 * \param ctx      context to be initialized
 */
 MBEDTLS_DEPRECATED void mbedtls_ripemd160_starts(
                                            mbedtls_ripemd160_context *ctx );
 /**
 * \brief          RIPEMD-160 process buffer
 *
 * \deprecated     Superseded by mbedtls_ripemd160_update_ret() in 2.7.0
 *
 * \param ctx      RIPEMD-160 context
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 */
 MBEDTLS_DEPRECATED void mbedtls_ripemd160_update(
                                                mbedtls_ripemd160_context *ctx,
                                                const unsigned char *input,
                                                size_t ilen );
 /**
 * \brief          RIPEMD-160 final digest
 *
 * \deprecated     Superseded by mbedtls_ripemd160_finish_ret() in 2.7.0
 *
 * \param ctx      RIPEMD-160 context
 * \param output   RIPEMD-160 checksum result
 */
 MBEDTLS_DEPRECATED void mbedtls_ripemd160_finish(
                                                mbedtls_ripemd160_context *ctx,
                                                unsigned char output[20] );
 /**
 * \brief          RIPEMD-160 process data block (internal use only)
 *
 * \deprecated     Superseded by mbedtls_internal_ripemd160_process() in 2.7.0
 *
 * \param ctx      RIPEMD-160 context
 * \param data     buffer holding one block of data
 */
 MBEDTLS_DEPRECATED void mbedtls_ripemd160_process(
                                            mbedtls_ripemd160_context *ctx,
                                            const unsigned char data[64] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          Output = RIPEMD-160( input buffer )
 *
@ -195,28 +134,6 @@ int mbedtls_ripemd160_ret( const unsigned char *input,
                           size_t ilen,
                           unsigned char output[20] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          Output = RIPEMD-160( input buffer )
 *
 * \deprecated     Superseded by mbedtls_ripemd160_ret() in 2.7.0
 *
 * \param input    buffer holding the data
 * \param ilen     length of the input data
 * \param output   RIPEMD-160 checksum result
 */
 MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
                                           size_t ilen,
                                           unsigned char output[20] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -54,13 +54,6 @@
 #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400  /**< The output buffer for decryption is not large enough. */
 #define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480  /**< The random generator failed to generate non-zeros. */
 /* MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is deprecated and should not be used.
 */
 #define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION             -0x4500  /**< The implementation does not offer the requested operation, for example, because of security violations or lack of functionality. */
 /* MBEDTLS_ERR_RSA_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_RSA_HW_ACCEL_FAILED                   -0x4580  /**< RSA hardware accelerator failed. */
 /*
 * RSA constants
 */
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@ -38,8 +38,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED                  -0x0035  /**< SHA-1 hardware accelerator failed */
 #define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA                   -0x0073  /**< SHA-1 input data was malformed. */
 #ifdef __cplusplus
@ -185,85 +183,6 @@ int mbedtls_sha1_finish_ret( mbedtls_sha1_context *ctx,
 int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
                                   const unsigned char data[64] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function starts a SHA-1 checksum calculation.
 *
 * \warning        SHA-1 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 * \deprecated     Superseded by mbedtls_sha1_starts_ret() in 2.7.0.
 *
 * \param ctx      The SHA-1 context to initialize. This must be initialized.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
 /**
 * \brief          This function feeds an input buffer into an ongoing SHA-1
 *                 checksum calculation.
 *
 * \warning        SHA-1 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 * \deprecated     Superseded by mbedtls_sha1_update_ret() in 2.7.0.
 *
 * \param ctx      The SHA-1 context. This must be initialized and
 *                 have a hash operation started.
 * \param input    The buffer holding the input data.
 *                 This must be a readable buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data \p input in Bytes.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_sha1_update( mbedtls_sha1_context *ctx,
                                             const unsigned char *input,
                                             size_t ilen );
 /**
 * \brief          This function finishes the SHA-1 operation, and writes
 *                 the result to the output buffer.
 *
 * \warning        SHA-1 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 * \deprecated     Superseded by mbedtls_sha1_finish_ret() in 2.7.0.
 *
 * \param ctx      The SHA-1 context. This must be initialized and
 *                 have a hash operation started.
 * \param output   The SHA-1 checksum result.
 *                 This must be a writable buffer of length \c 20 Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
                                             unsigned char output[20] );
 /**
 * \brief          SHA-1 process data block (internal use only).
 *
 * \warning        SHA-1 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 * \deprecated     Superseded by mbedtls_internal_sha1_process() in 2.7.0.
 *
 * \param ctx      The SHA-1 context. This must be initialized.
 * \param data     The data block being processed.
 *                 This must be a readable buffer of length \c 64 bytes.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_sha1_process( mbedtls_sha1_context *ctx,
                                              const unsigned char data[64] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          This function calculates the SHA-1 checksum of a buffer.
 *
@ -291,41 +210,6 @@ int mbedtls_sha1_ret( const unsigned char *input,
                      size_t ilen,
                      unsigned char output[20] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function calculates the SHA-1 checksum of a buffer.
 *
 *                 The function allocates the context, performs the
 *                 calculation, and frees the context.
 *
 *                 The SHA-1 result is calculated as
 *                 output = SHA-1(input buffer).
 *
 * \warning        SHA-1 is considered a weak message digest and its use
 *                 constitutes a security risk. We recommend considering
 *                 stronger message digests instead.
 *
 * \deprecated     Superseded by mbedtls_sha1_ret() in 2.7.0
 *
 * \param input    The buffer holding the input data.
 *                 This must be a readable buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data \p input in Bytes.
 * \param output   The SHA-1 checksum result. This must be a writable
 *                 buffer of size \c 20 Bytes.
 *
 */
 MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
                                      size_t ilen,
                                      unsigned char output[20] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@ -34,8 +34,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED                -0x0037  /**< SHA-256 hardware accelerator failed */
 #define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA                 -0x0074  /**< SHA-256 input data was malformed. */
 #ifdef __cplusplus
@ -152,72 +150,6 @@ int mbedtls_sha256_finish_ret( mbedtls_sha256_context *ctx,
 int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
                                     const unsigned char data[64] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function starts a SHA-224 or SHA-256 checksum
 *                 calculation.
 *
 * \deprecated     Superseded by mbedtls_sha256_starts_ret() in 2.7.0.
 *
 * \param ctx      The context to use. This must be initialized.
 * \param is224    Determines which function to use. This must be
 *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha256_starts( mbedtls_sha256_context *ctx,
                                               int is224 );
 /**
 * \brief          This function feeds an input buffer into an ongoing
 *                 SHA-256 checksum calculation.
 *
 * \deprecated     Superseded by mbedtls_sha256_update_ret() in 2.7.0.
 *
 * \param ctx      The SHA-256 context to use. This must be
 *                 initialized and have a hash operation started.
 * \param input    The buffer holding the data. This must be a readable
 *                 buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data in Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha256_update( mbedtls_sha256_context *ctx,
                                               const unsigned char *input,
                                               size_t ilen );
 /**
 * \brief          This function finishes the SHA-256 operation, and writes
 *                 the result to the output buffer.
 *
 * \deprecated     Superseded by mbedtls_sha256_finish_ret() in 2.7.0.
 *
 * \param ctx      The SHA-256 context. This must be initialized and
 *                 have a hash operation started.
 * \param output   The SHA-224 or SHA-256 checksum result. This must be
 *                 a writable buffer of length \c 32 Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
                                               unsigned char output[32] );
 /**
 * \brief          This function processes a single data block within
 *                 the ongoing SHA-256 computation. This function is for
 *                 internal use only.
 *
 * \deprecated     Superseded by mbedtls_internal_sha256_process() in 2.7.0.
 *
 * \param ctx      The SHA-256 context. This must be initialized.
 * \param data     The buffer holding one block of data. This must be
 *                 a readable buffer of size \c 64 Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha256_process( mbedtls_sha256_context *ctx,
                                                const unsigned char data[64] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          This function calculates the SHA-224 or SHA-256
 *                 checksum of a buffer.
@ -241,41 +173,6 @@ int mbedtls_sha256_ret( const unsigned char *input,
                        unsigned char output[32],
                        int is224 );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function calculates the SHA-224 or SHA-256 checksum
 *                 of a buffer.
 *
 *                 The function allocates the context, performs the
 *                 calculation, and frees the context.
 *
 *                 The SHA-256 result is calculated as
 *                 output = SHA-256(input buffer).
 *
 * \deprecated     Superseded by mbedtls_sha256_ret() in 2.7.0.
 *
 * \param input    The buffer holding the data. This must be a readable
 *                 buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data in Bytes.
 * \param output   The SHA-224 or SHA-256 checksum result. This must be
 *                 a writable buffer of length \c 32 Bytes.
 * \param is224    Determines which function to use. This must be either
 *                 \c 0 for SHA-256, or \c 1 for SHA-224.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
                                        size_t ilen,
                                        unsigned char output[32],
                                        int is224 );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@ -33,8 +33,6 @@
 #include <stddef.h>
 #include <stdint.h>
 /* MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED                -0x0039  /**< SHA-512 hardware accelerator failed */
 #define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA                 -0x0075  /**< SHA-512 input data was malformed. */
 #ifdef __cplusplus
@ -158,75 +156,6 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
 */
 int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
                                     const unsigned char data[128] );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function starts a SHA-384 or SHA-512 checksum
 *                 calculation.
 *
 * \deprecated     Superseded by mbedtls_sha512_starts_ret() in 2.7.0
 *
 * \param ctx      The SHA-512 context to use. This must be initialized.
 * \param is384    Determines which function to use. This must be either
 *                 \c 0 for SHA-512 or \c 1 for SHA-384.
 *
 * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
 *                 be \c 0, or the function will fail to work.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha512_starts( mbedtls_sha512_context *ctx,
                                               int is384 );
 /**
 * \brief          This function feeds an input buffer into an ongoing
 *                 SHA-512 checksum calculation.
 *
 * \deprecated     Superseded by mbedtls_sha512_update_ret() in 2.7.0.
 *
 * \param ctx      The SHA-512 context. This must be initialized
 *                 and have a hash operation started.
 * \param input    The buffer holding the data. This must be a readable
 *                 buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data in Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha512_update( mbedtls_sha512_context *ctx,
                                               const unsigned char *input,
                                               size_t ilen );
 /**
 * \brief          This function finishes the SHA-512 operation, and writes
 *                 the result to the output buffer.
 *
 * \deprecated     Superseded by mbedtls_sha512_finish_ret() in 2.7.0.
 *
 * \param ctx      The SHA-512 context. This must be initialized
 *                 and have a hash operation started.
 * \param output   The SHA-384 or SHA-512 checksum result. This must
 *                 be a writable buffer of size \c 64 Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
                                               unsigned char output[64] );
 /**
 * \brief          This function processes a single data block within
 *                 the ongoing SHA-512 computation. This function is for
 *                 internal use only.
 *
 * \deprecated     Superseded by mbedtls_internal_sha512_process() in 2.7.0.
 *
 * \param ctx      The SHA-512 context. This must be initialized.
 * \param data     The buffer holding one block of data. This must be
 *                 a readable buffer of length \c 128 Bytes.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha512_process(
                                            mbedtls_sha512_context *ctx,
                                            const unsigned char data[128] );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 /**
 * \brief          This function calculates the SHA-512 or SHA-384
@ -258,44 +187,6 @@ int mbedtls_sha512_ret( const unsigned char *input,
                        unsigned char output[64],
                        int is384 );
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif
 /**
 * \brief          This function calculates the SHA-512 or SHA-384
 *                 checksum of a buffer.
 *
 *                 The function allocates the context, performs the
 *                 calculation, and frees the context.
 *
 *                 The SHA-512 result is calculated as
 *                 output = SHA-512(input buffer).
 *
 * \deprecated     Superseded by mbedtls_sha512_ret() in 2.7.0
 *
 * \param input    The buffer holding the data. This must be a
 *                 readable buffer of length \p ilen Bytes.
 * \param ilen     The length of the input data in Bytes.
 * \param output   The SHA-384 or SHA-512 checksum result. This must
 *                 be a writable buffer of length \c 64 Bytes.
 * \param is384    Determines which function to use. This must be either
 *                 \c 0 for SHA-512, or \c 1 for SHA-384.
 *
 * \note           When \c MBEDTLS_SHA512_NO_SHA384 is defined, \p is384 must
 *                 be \c 0, or the function will fail to work.
 */
 MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
                                        size_t ilen,
                                        unsigned char output[64],
                                        int is384 );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #if defined(MBEDTLS_SELF_TEST)
 /**
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -51,19 +51,6 @@
 #include "mbedtls/ecdh.h"
 #endif
 #if defined(MBEDTLS_ZLIB_SUPPORT)
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #warning "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and will be removed in the next major revision of the library"
 #endif
 #if defined(MBEDTLS_DEPRECATED_REMOVED)
 #error "Record compression support via MBEDTLS_ZLIB_SUPPORT is deprecated and cannot be used if MBEDTLS_DEPRECATED_REMOVED is set"
 #endif
 #include "zlib.h"
 #endif
 #if defined(MBEDTLS_HAVE_TIME)
 #include "mbedtls/platform_time.h"
 #endif
@ -107,7 +94,6 @@
 #define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00  /**< Memory allocation failed */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80  /**< Hardware acceleration function returned with error */
 #define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80  /**< Hardware acceleration function skipped / left alone data */
 #define MBEDTLS_ERR_SSL_COMPRESSION_FAILED                -0x6F00  /**< Processing of the compression / decompression failed */
 #define MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION           -0x6E80  /**< Handshake protocol not within min/max boundaries */
 #define MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET         -0x6E00  /**< Processing of the NewSessionTicket handshake message failed. */
 #define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80  /**< Session ticket has expired. */
@ -137,8 +123,14 @@
 /*
 * Various constants
 */
 /* These are the high an low bytes of ProtocolVersion as defined by:
 * - RFC 2246: ProtocolVersion version = { 3, 1 };     // TLS v1.0
 * - RFC 4346: ProtocolVersion version = { 3, 2 };     // TLS v1.1
 * - RFC 5246: ProtocolVersion version = { 3, 3 };     // TLS v1.2
 * - RFC 8446: see section 4.2.1
 */
 #define MBEDTLS_SSL_MAJOR_VERSION_3             3
 #define MBEDTLS_SSL_MINOR_VERSION_0             0   /*!< SSL v3.0 */
 #define MBEDTLS_SSL_MINOR_VERSION_1             1   /*!< TLS v1.0 */
 #define MBEDTLS_SSL_MINOR_VERSION_2             2   /*!< TLS v1.1 */
 #define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
@ -177,7 +169,6 @@
 #define MBEDTLS_SSL_ETM_ENABLED                 1
 #define MBEDTLS_SSL_COMPRESS_NULL               0
 #define MBEDTLS_SSL_COMPRESS_DEFLATE            1
 #define MBEDTLS_SSL_VERIFY_NONE                 0
 #define MBEDTLS_SSL_VERIFY_OPTIONAL             1
@ -210,9 +201,6 @@
 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED    0
 #define MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED     1
 #define MBEDTLS_SSL_ARC4_ENABLED                0
 #define MBEDTLS_SSL_ARC4_DISABLED               1
 #define MBEDTLS_SSL_PRESET_DEFAULT              0
 #define MBEDTLS_SSL_PRESET_SUITEB               2
@ -237,10 +225,6 @@
 * \{
 */
 #if !defined(MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME)
 #define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
 #endif
 /*
 * Maximum fragment length in bytes,
 * determines the size of each of the two internal I/O buffers.
@ -296,11 +280,7 @@
 /*
 * Length of the verify data for secure renegotiation
 */
 #if defined(MBEDTLS_SSL_PROTO_SSL3)
 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 36
 #else
 #define MBEDTLS_SSL_VERIFY_DATA_MAX_LEN 12
 #endif
 /*
 * Signaling ciphersuite values (SCSV)
@ -499,7 +479,6 @@ mbedtls_ssl_states;
 typedef enum
 {
   MBEDTLS_SSL_TLS_PRF_NONE,
   MBEDTLS_SSL_TLS_PRF_SSL3,
   MBEDTLS_SSL_TLS_PRF_TLS1,
   MBEDTLS_SSL_TLS_PRF_SHA384,
   MBEDTLS_SSL_TLS_PRF_SHA256
@ -619,7 +598,7 @@ typedef struct mbedtls_ssl_session mbedtls_ssl_session;
 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
 typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
-/* Defined in ssl_internal.h */
+/* Defined in library/ssl_misc.h */
 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
 typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
@ -961,7 +940,10 @@ struct mbedtls_ssl_config
     * Pointers
     */
-    const int *ciphersuite_list[4]; /*!< allowed ciphersuites per version   */
+    /** Allowed ciphersuites per version. To access list's elements, please use
     *  \c mbedtls_ssl_get_protocol_version_ciphersuites
     */
    const int *ciphersuite_list[3];
    /** Callback for printing debug output                                  */
    void (*f_dbg)(void *, int, const char *, int, const char *);
@ -1151,9 +1133,6 @@ struct mbedtls_ssl_config
    unsigned int authmode : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
    /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
    unsigned int allow_legacy_renegotiation : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
 #if defined(MBEDTLS_ARC4_C)
    unsigned int arc4_disabled : 1; /*!< blacklist RC4 ciphersuites?        */
 #endif
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
    unsigned int mfl_code : 3;      /*!< desired fragment length            */
 #endif
@ -1212,7 +1191,7 @@ struct mbedtls_ssl_context
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
    int major_ver;              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
-    int minor_ver;              /*!< either 0 (SSL3) or 1 (TLS1.0)    */
+    int minor_ver;              /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
 #if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT)
    unsigned badmac_seen;       /*!< records with a bad MAC received    */
@ -1330,9 +1309,6 @@ struct mbedtls_ssl_context
    uint16_t mtu;               /*!< path mtu, used to fragment outgoing messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 #if defined(MBEDTLS_ZLIB_SUPPORT)
    unsigned char *compress_buf;        /*!<  zlib data buffer        */
 #endif /* MBEDTLS_ZLIB_SUPPORT */
 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
    signed char split_done;     /*!< current record already splitted? */
 #endif /* MBEDTLS_SSL_CBC_RECORD_SPLITTING */
@ -1397,44 +1373,6 @@ struct mbedtls_ssl_context
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 };
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL)
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 #define MBEDTLS_SSL_CHANNEL_OUTBOUND   MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 0 )
 #define MBEDTLS_SSL_CHANNEL_INBOUND    MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( 1 )
 #if defined(MBEDTLS_DEPRECATED_WARNING)
 #define MBEDTLS_DEPRECATED      __attribute__((deprecated))
 #else
 #define MBEDTLS_DEPRECATED
 #endif /* MBEDTLS_DEPRECATED_WARNING */
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_init)(
                    mbedtls_ssl_context *ssl,
                    const unsigned char *key_enc, const unsigned char *key_dec,
                    size_t keylen,
                    const unsigned char *iv_enc,  const unsigned char *iv_dec,
                    size_t ivlen,
                    const unsigned char *mac_enc, const unsigned char *mac_dec,
                    size_t maclen);
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_activate)(
                                                    mbedtls_ssl_context *ssl,
                                                    int direction );
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_reset)(
                                                    mbedtls_ssl_context *ssl );
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_write)(
                                                    mbedtls_ssl_context *ssl );
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_read)(
                                                    mbedtls_ssl_context *ssl );
 MBEDTLS_DEPRECATED extern int (*mbedtls_ssl_hw_record_finish)(
                                                    mbedtls_ssl_context *ssl );
 #undef MBEDTLS_DEPRECATED
 #endif /* !MBEDTLS_DEPRECATED_REMOVED */
 #endif /* MBEDTLS_SSL_HW_RECORD_ACCEL */
 /**
 * \brief               Return the name of the ciphersuite associated with the
 *                      given ID
@ -1493,9 +1431,8 @@ int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
 *                 pointers and data.
 *
 * \param ssl      SSL context
- * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED,
+ * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
-                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED or
+                   MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
 *                 MBEDTLS_ERR_SSL_COMPRESSION_FAILED
 */
 int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
@ -1810,9 +1747,6 @@ int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
 * \note           Values lower than the current record layer expansion will
 *                 result in an error when trying to send data.
 *
 * \note           Using record compression together with a non-zero MTU value
 *                 will result in an error when trying to send data.
 *
 * \param ssl      SSL context
 * \param mtu      Value of the path MTU in bytes
 */
@ -2557,6 +2491,17 @@ const mbedtls_ssl_session *mbedtls_ssl_get_session_pointer( const mbedtls_ssl_co
 void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
                                   const int *ciphersuites );
 /**
 * \brief               Get ciphersuite for given protocol's minor version.
 *
 * \param conf          The SSL configuration.
 * \param prot_version  Protocol version. One of MBEDTLS_SSL_MINOR_VERSION_x macros.
 * \return              Ciphersuites pointer if succesful.
 * \return              \c NULL if no ciphersuites where found.
 */
 const int *mbedtls_ssl_get_protocol_version_ciphersuites(
    const mbedtls_ssl_config *conf, int prot_version );
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 #define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
 #define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
@ -2608,8 +2553,8 @@ int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
 * \param ciphersuites  0-terminated list of allowed ciphersuites
 * \param major         Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3
 *                      supported)
- * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ * \param minor         Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
- *                      MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                      MBEDTLS_SSL_MINOR_VERSION_2,
 *                      MBEDTLS_SSL_MINOR_VERSION_3 supported)
 *
 * \note                With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0
@ -3296,8 +3241,7 @@ void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ss
 *
 * \param conf     SSL configuration
 * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
 *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
 *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
 */
 void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
@ -3309,15 +3253,13 @@ void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int mino
 * \note           Input outside of the SSL_MAX_XXXXX_VERSION and
 *                 SSL_MIN_XXXXX_VERSION range is ignored.
 *
 * \note           MBEDTLS_SSL_MINOR_VERSION_0 (SSL v3) should be avoided.
 *
 * \note           With DTLS, use MBEDTLS_SSL_MINOR_VERSION_2 for DTLS 1.0 and
 *                 MBEDTLS_SSL_MINOR_VERSION_3 for DTLS 1.2
 *
 * \param conf     SSL configuration
 * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
- * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_0,
+ * \param minor    Minor version number (MBEDTLS_SSL_MINOR_VERSION_1,
- *                 MBEDTLS_SSL_MINOR_VERSION_1 and MBEDTLS_SSL_MINOR_VERSION_2,
+ *                 MBEDTLS_SSL_MINOR_VERSION_2,
 *                 MBEDTLS_SSL_MINOR_VERSION_3 supported)
 */
 void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
@ -3375,25 +3317,6 @@ void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
 void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 #if defined(MBEDTLS_ARC4_C)
 /**
 * \brief          Disable or enable support for RC4
 *                 (Default: MBEDTLS_SSL_ARC4_DISABLED)
 *
 * \warning        Use of RC4 in DTLS/TLS has been prohibited by RFC 7465
 *                 for security reasons. Use at your own risk.
 *
 * \note           This function is deprecated and will be removed in
 *                 a future version of the library.
 *                 RC4 is disabled by default at compile time and needs to be
 *                 actively enabled for use with legacy systems.
 *
 * \param conf     SSL configuration
 * \param arc4     MBEDTLS_SSL_ARC4_ENABLED or MBEDTLS_SSL_ARC4_DISABLED
 */
 void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
 #endif /* MBEDTLS_ARC4_C */
 #if defined(MBEDTLS_SSL_SRV_C)
 /**
 * \brief          Whether to send a list of acceptable CAs in
@ -3463,7 +3386,7 @@ void mbedtls_ssl_conf_truncated_hmac( mbedtls_ssl_config *conf, int truncate );
 * \brief          Enable / Disable 1/n-1 record splitting
 *                 (Default: MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED)
 *
- * \note           Only affects SSLv3 and TLS 1.0, not higher versions.
+ * \note           Only affects TLS 1.0, not higher versions.
 *                 Does not affect non-CBC ciphersuites in any version.
 *
 * \param conf     SSL configuration
@ -3687,11 +3610,11 @@ uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
 const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
 /**
- * \brief          Return the current SSL version (SSLv3/TLSv1/etc)
+ * \brief          Return the current TLS version
 *
 * \param ssl      SSL context
 *
- * \return         a string containing the SSL version
+ * \return         a string containing the TLS version
 */
 const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
@ -3699,14 +3622,9 @@ const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
 * \brief          Return the (maximum) number of bytes added by the record
 *                 layer: header + encryption/MAC overhead (inc. padding)
 *
 * \note           This function is not available (always returns an error)
 *                 when record compression is enabled.
 *
 * \param ssl      SSL context
 *
- * \return         Current maximum record expansion in bytes, or
+ * \return         Current maximum record expansion in bytes
 *                 MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE if compression is
 *                 enabled, which makes expansion much less predictable
 */
 int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
@ -3783,9 +3701,6 @@ MBEDTLS_DEPRECATED size_t mbedtls_ssl_get_max_frag_len(
 *                 to the caller to call \c mbedtls_ssl_write() again in
 *                 order to send the remaining bytes if any.
 *
 * \note           This function is not available (always returns an error)
 *                 when record compression is enabled.
 *
 * \sa             mbedtls_ssl_set_mtu()
 * \sa             mbedtls_ssl_get_output_max_frag_len()
 * \sa             mbedtls_ssl_get_input_max_frag_len()
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@ -42,13 +42,8 @@ extern "C" {
 #define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01   /**< Weak! */
 #define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02   /**< Weak! */
 #define MBEDTLS_TLS_RSA_WITH_RC4_128_MD5                 0x04
 #define MBEDTLS_TLS_RSA_WITH_RC4_128_SHA                 0x05
 #define MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA                 0x09   /**< Weak! Not in TLS 1.2 */
 #define MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA            0x0A
 #define MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA             0x15   /**< Weak! Not in TLS 1.2 */
 #define MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA        0x16
 #define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C   /**< Weak! */
@ -73,17 +68,14 @@ extern "C" {
 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
 #define MBEDTLS_TLS_PSK_WITH_RC4_128_SHA                 0x8A
 #define MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA            0x8B
 #define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
 #define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
 #define MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA             0x8E
 #define MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA        0x8F
 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
 #define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
 #define MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA             0x92
 #define MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA        0x93
 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
 #define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
@ -122,28 +114,24 @@ extern "C" {
 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4   /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001 /**< Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA          0xC002 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA     0xC003 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005
 #define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005 /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA         0xC007 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA    0xC008 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B /**< Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA            0xC00C /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D
-#define MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA       0xC00D /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F
 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010 /**< Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA           0xC011 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA      0xC012 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014
 #define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014 /**< Not in SSL3! */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024 /**< TLS 1.2 */
@ -163,15 +151,14 @@ extern "C" {
 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA           0xC033 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA      0xC034 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039 /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A /**< Weak! No SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B /**< Weak! No SSL3! */
 #define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256         0xC03C /**< TLS 1.2 */
 #define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384         0xC03D /**< TLS 1.2 */
@ -212,14 +199,14 @@ extern "C" {
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256   0xC070 /**< TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384   0xC071 /**< TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256  0xC074
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384  0xC075
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   0xC076
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   0xC077
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256    0xC078
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079 /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079
 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A /**< TLS 1.2 */
 #define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B /**< TLS 1.2 */
@ -247,8 +234,8 @@ extern "C" {
 #define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC097
 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256   0xC098
 #define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384   0xC099
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256 0xC09A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B /**< Not in SSL3! */
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
 #define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C  /**< TLS 1.2 */
 #define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D  /**< TLS 1.2 */
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@ -34,10 +34,6 @@
 extern "C" {
 #endif
 /* MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE is deprecated and should not be
 * used. */
 #define MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE         -0x001A  /**< The selected feature is not available. */
 #define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C  /**< Bad input parameters to function. */
 #define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E  /**< Locking / unlocking / free failed with error code. */
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@ -291,17 +291,6 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
 */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
 #if defined(MBEDTLS_SELF_TEST)
 /**
 * \brief          Checkup routine
 *
 * \return         0 if successful, or 1 if the test failed
 */
 int mbedtls_x509_self_test( int verbose );
 #endif /* MBEDTLS_SELF_TEST */
 /*
 * Internal module functions. You probably do not want to use these unless you
 * know you do.
--- a/include/mbedtls/xtea.h
+++ b/include/mbedtls/xtea.h
@ -36,9 +36,6 @@
 #define MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH             -0x0028  /**< The data input has an invalid length. */
 /* MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED is deprecated and should not be used. */
 #define MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED                  -0x0029  /**< XTEA hardware accelerator failed. */
 #ifdef __cplusplus
 extern "C" {
 #endif
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@ -55,222 +55,6 @@ static inline int psa_key_handle_is_null( psa_key_handle_t handle )
    return( mbedtls_svc_key_id_is_null( handle ) );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 /*
 * Mechanism for declaring deprecated values
 */
 #if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(MBEDTLS_PSA_DEPRECATED)
 #define MBEDTLS_PSA_DEPRECATED __attribute__((deprecated))
 #else
 #define MBEDTLS_PSA_DEPRECATED
 #endif
 typedef MBEDTLS_PSA_DEPRECATED size_t mbedtls_deprecated_size_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_status_t mbedtls_deprecated_psa_status_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_key_usage_t mbedtls_deprecated_psa_key_usage_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t mbedtls_deprecated_psa_ecc_family_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t mbedtls_deprecated_psa_dh_family_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_ecc_family_t psa_ecc_curve_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_dh_family_t psa_dh_group_t;
 typedef MBEDTLS_PSA_DEPRECATED psa_algorithm_t mbedtls_deprecated_psa_algorithm_t;
 #define PSA_KEY_TYPE_GET_CURVE PSA_KEY_TYPE_ECC_GET_FAMILY
 #define PSA_KEY_TYPE_GET_GROUP PSA_KEY_TYPE_DH_GET_FAMILY
 #define MBEDTLS_DEPRECATED_CONSTANT( type, value )      \
    ( (mbedtls_deprecated_##type) ( value ) )
 /*
 * Deprecated PSA Crypto error code definitions (PSA Crypto API  <= 1.0 beta2)
 */
 #define PSA_ERROR_UNKNOWN_ERROR \
    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_GENERIC_ERROR )
 #define PSA_ERROR_OCCUPIED_SLOT \
    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_ALREADY_EXISTS )
 #define PSA_ERROR_EMPTY_SLOT \
    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_DOES_NOT_EXIST )
 #define PSA_ERROR_INSUFFICIENT_CAPACITY \
    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_INSUFFICIENT_DATA )
 #define PSA_ERROR_TAMPERING_DETECTED \
    MBEDTLS_DEPRECATED_CONSTANT( psa_status_t, PSA_ERROR_CORRUPTION_DETECTED )
 /*
 * Deprecated PSA Crypto numerical encodings (PSA Crypto API  <= 1.0 beta3)
 */
 #define PSA_KEY_USAGE_SIGN \
    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_SIGN_HASH )
 #define PSA_KEY_USAGE_VERIFY \
    MBEDTLS_DEPRECATED_CONSTANT( psa_key_usage_t, PSA_KEY_USAGE_VERIFY_HASH )
 /*
 * Deprecated PSA Crypto size calculation macros (PSA Crypto API  <= 1.0 beta3)
 */
 #define PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGNATURE_MAX_SIZE )
 #define PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_SIGN_OUTPUT_SIZE( key_type, key_bits, alg ) )
 #define PSA_KEY_EXPORT_MAX_SIZE( key_type, key_bits ) \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_EXPORT_KEY_OUTPUT_SIZE( key_type, key_bits ) )
 #define PSA_BLOCK_CIPHER_BLOCK_SIZE( type ) \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_LENGTH( type ) )
 #define PSA_MAX_BLOCK_CIPHER_BLOCK_SIZE \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE )
 #define PSA_HASH_SIZE( alg ) \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_HASH_LENGTH( alg ) )
 #define PSA_MAC_FINAL_SIZE( key_type, key_bits, alg ) \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_MAC_LENGTH( key_type, key_bits, alg ) )
 #define PSA_ALG_TLS12_PSK_TO_MS_MAX_PSK_LEN \
    MBEDTLS_DEPRECATED_CONSTANT( size_t, PSA_TLS12_PSK_TO_MS_PSK_MAX_SIZE )
 /*
 * Deprecated PSA Crypto function names (PSA Crypto API  <= 1.0 beta3)
 */
 MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_sign( psa_key_handle_t key,
                            psa_algorithm_t alg,
                            const uint8_t *hash,
                            size_t hash_length,
                            uint8_t *signature,
                            size_t signature_size,
                            size_t *signature_length )
 {
    return psa_sign_hash( key, alg, hash, hash_length, signature, signature_size, signature_length );
 }
 MBEDTLS_PSA_DEPRECATED static inline psa_status_t psa_asymmetric_verify( psa_key_handle_t key,
                              psa_algorithm_t alg,
                              const uint8_t *hash,
                              size_t hash_length,
                              const uint8_t *signature,
                              size_t signature_length )
 {
    return psa_verify_hash( key, alg, hash, hash_length, signature, signature_length );
 }
 /*
 * Size-specific elliptic curve families.
 */
 #define PSA_ECC_CURVE_SECP160K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
 #define PSA_ECC_CURVE_SECP192K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
 #define PSA_ECC_CURVE_SECP224K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
 #define PSA_ECC_CURVE_SECP256K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
 #define PSA_ECC_CURVE_SECP160R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP192R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP224R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP256R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP384R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP521R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP160R2 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
 #define PSA_ECC_CURVE_SECT163K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT233K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT239K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT283K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT409K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT571K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT163R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT193R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT233R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT283R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT409R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT571R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT163R2 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
 #define PSA_ECC_CURVE_SECT193R2 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
 #define PSA_ECC_CURVE_BRAINPOOL_P256R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
 #define PSA_ECC_CURVE_BRAINPOOL_P384R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
 #define PSA_ECC_CURVE_BRAINPOOL_P512R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
 #define PSA_ECC_CURVE_CURVE25519 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
 #define PSA_ECC_CURVE_CURVE448 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
 /*
 * Curves that changed name due to PSA specification.
 */
 #define PSA_ECC_CURVE_SECP_K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_K1 )
 #define PSA_ECC_CURVE_SECP_R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R1 )
 #define PSA_ECC_CURVE_SECP_R2 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECP_R2 )
 #define PSA_ECC_CURVE_SECT_K1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_K1 )
 #define PSA_ECC_CURVE_SECT_R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R1 )
 #define PSA_ECC_CURVE_SECT_R2 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_SECT_R2 )
 #define PSA_ECC_CURVE_BRAINPOOL_P_R1 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_BRAINPOOL_P_R1 )
 #define PSA_ECC_CURVE_MONTGOMERY \
    MBEDTLS_DEPRECATED_CONSTANT( psa_ecc_family_t, PSA_ECC_FAMILY_MONTGOMERY )
 /*
 * Finite-field Diffie-Hellman families.
 */
 #define PSA_DH_GROUP_FFDHE2048 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 #define PSA_DH_GROUP_FFDHE3072 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 #define PSA_DH_GROUP_FFDHE4096 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 #define PSA_DH_GROUP_FFDHE6144 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 #define PSA_DH_GROUP_FFDHE8192 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 /*
 * Diffie-Hellman families that changed name due to PSA specification.
 */
 #define PSA_DH_GROUP_RFC7919 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_RFC7919 )
 #define PSA_DH_GROUP_CUSTOM \
    MBEDTLS_DEPRECATED_CONSTANT( psa_dh_family_t, PSA_DH_FAMILY_CUSTOM )
 /*
 * Deprecated PSA Crypto stream cipher algorithms (PSA Crypto API  <= 1.0 beta3)
 */
 #define PSA_ALG_ARC4 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
 #define PSA_ALG_CHACHA20 \
    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_STREAM_CIPHER )
 /*
 * Renamed AEAD tag length macros (PSA Crypto API  <= 1.0 beta3)
 */
 #define PSA_ALG_AEAD_WITH_DEFAULT_TAG_LENGTH( aead_alg ) \
    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG( aead_alg ) )
 #define PSA_ALG_AEAD_WITH_TAG_LENGTH( aead_alg, tag_length ) \
    MBEDTLS_DEPRECATED_CONSTANT( psa_algorithm_t, PSA_ALG_AEAD_WITH_SHORTENED_TAG( aead_alg, tag_length ) )
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 /** Open a handle to an existing persistent key.
 *
 * Open a handle to a persistent key. A key is persistent if it was created
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -306,8 +306,10 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
 * \param[in] seed          Buffer containing the seed value to inject.
 * \param[in] seed_size     Size of the \p seed buffer.
 *                          The size of the seed in bytes must be greater
- *                          or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM
+ *                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
- *                          and #MBEDTLS_ENTROPY_BLOCK_SIZE.
+ *                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
 *                          in `library/entropy_poll.h` in the Mbed TLS source
 *                          code.
 *                          It must be less or equal to
 *                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
 *
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -39,7 +39,6 @@ set(src_crypto
    entropy_poll.c
    error.c
    gcm.c
    havege.c
    hkdf.c
    hmac_drbg.c
    md.c
@ -76,7 +75,7 @@ set(src_crypto
    psa_its_file.c
    ripemd160.c
    rsa.c
-    rsa_internal.c
+    rsa_alt_helpers.c
    sha1.c
    sha256.c
    sha512.c
@ -90,8 +89,6 @@ set(src_crypto
 list(APPEND src_crypto ${thirdparty_src})
 set(src_x509
    certs.c
    pkcs11.c
    x509.c
    x509_create.c
    x509_crl.c
@ -138,14 +135,6 @@ if(HAIKU)
    set(libs ${libs} network)
 endif(HAIKU)
 if(USE_PKCS11_HELPER_LIBRARY)
    set(libs ${libs} pkcs11-helper)
 endif(USE_PKCS11_HELPER_LIBRARY)
 if(ENABLE_ZLIB_SUPPORT)
    set(libs ${libs} ${ZLIB_LIBRARIES})
 endif(ENABLE_ZLIB_SUPPORT)
 if(LINK_WITH_PTHREAD)
    set(libs ${libs} pthread)
 endif()
--- a/library/Makefile
+++ b/library/Makefile
@ -96,7 +96,6 @@ OBJS_CRYPTO= \
 	     entropy_poll.o \
 	     error.o \
 	     gcm.o \
 	     havege.o \
 	     hkdf.o \
 	     hmac_drbg.o \
 	     md.o \
@ -133,7 +132,7 @@ OBJS_CRYPTO= \
 	     psa_its_file.o \
 	     ripemd160.o \
 	     rsa.o \
-	     rsa_internal.o \
+	     rsa_alt_helpers.o \
 	     sha1.o \
 	     sha256.o \
 	     sha512.o \
@ -149,8 +148,6 @@ LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
 OBJS_CRYPTO+=$(THIRDPARTY_CRYPTO_OBJECTS)
 OBJS_X509= \
 	   certs.o \
 	   pkcs11.o \
 	   x509.o \
 	   x509_create.o \
 	   x509_crl.o \
--- a/library/aes.c
+++ b/library/aes.c
@ -34,10 +34,10 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
+#include "padlock.h"
 #endif
 #if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
+#include "aesni.h"
 #endif
 #if defined(MBEDTLS_SELF_TEST)
--- a/library/aesni.c
+++ b/library/aesni.c
@ -32,7 +32,7 @@
 #endif
 #endif
-#include "mbedtls/aesni.h"
+#include "aesni.h"
 #include <string.h>
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
--- a/library/asn1parse.c
+++ b/library/asn1parse.c
@ -461,7 +461,7 @@ void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head )
    }
 }
-mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
+const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
                                       const char *oid, size_t len )
 {
    while( list != NULL )
--- a/library/asn1write.c
+++ b/library/asn1write.c
@ -34,7 +34,7 @@
 #define mbedtls_free       free
 #endif
-int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len )
+int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start, size_t len )
 {
    if( len < 0x80 )
    {
@ -98,7 +98,7 @@ int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len
 #endif
 }
-int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned char tag )
+int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start, unsigned char tag )
 {
    if( *p - start < 1 )
        return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
@ -108,7 +108,7 @@ int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start, unsigned ch
    return( 1 );
 }
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
                           const unsigned char *buf, size_t size )
 {
    size_t len = 0;
@ -124,7 +124,7 @@ int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
 }
 #if defined(MBEDTLS_BIGNUM_C)
-int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X )
+int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start, const mbedtls_mpi *X )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
@ -161,7 +161,7 @@ cleanup:
 }
 #endif /* MBEDTLS_BIGNUM_C */
-int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
+int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
@ -174,7 +174,7 @@ int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start )
    return( (int) len );
 }
-int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
                    const char *oid, size_t oid_len )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -188,7 +188,7 @@ int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
    return( (int) len );
 }
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, const unsigned char *start,
                                     const char *oid, size_t oid_len,
                                     size_t par_len )
 {
@ -209,7 +209,7 @@ int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *s
    return( (int) len );
 }
-int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean )
+int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start, int boolean )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
@ -226,7 +226,7 @@ int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolea
    return( (int) len );
 }
-static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int val, int tag )
+static int asn1_write_tagged_int( unsigned char **p, const unsigned char *start, int val, int tag )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    size_t len = 0;
@ -255,17 +255,17 @@ static int asn1_write_tagged_int( unsigned char **p, unsigned char *start, int v
    return( (int) len );
 }
-int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val )
+int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val )
 {
    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_INTEGER ) );
 }
-int mbedtls_asn1_write_enum( unsigned char **p, unsigned char *start, int val )
+int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val )
 {
    return( asn1_write_tagged_int( p, start, val, MBEDTLS_ASN1_ENUMERATED ) );
 }
-int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, int tag,
+int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start, int tag,
    const char *text, size_t text_len )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -280,26 +280,26 @@ int mbedtls_asn1_write_tagged_string( unsigned char **p, unsigned char *start, i
    return( (int) len );
 }
-int mbedtls_asn1_write_utf8_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
    const char *text, size_t text_len )
 {
    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_UTF8_STRING, text, text_len) );
 }
-int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_printable_string( unsigned char **p, const unsigned char *start,
                                 const char *text, size_t text_len )
 {
    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_PRINTABLE_STRING, text, text_len) );
 }
-int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
                           const char *text, size_t text_len )
 {
    return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
 }
 int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        unsigned char *start,
+                                        const unsigned char *start,
                                        const unsigned char *buf,
                                        size_t bits )
 {
@ -341,7 +341,7 @@ int mbedtls_asn1_write_named_bitstring( unsigned char **p,
    return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
 }
-int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
                          const unsigned char *buf, size_t bits )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@ -374,7 +374,7 @@ int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
    return( (int) len );
 }
-int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
                             const unsigned char *buf, size_t size )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
--- a/library/bignum.c
+++ b/library/bignum.c
@ -38,7 +38,7 @@
 #if defined(MBEDTLS_BIGNUM_C)
 #include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
+#include "bn_mul.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
--- a/library/cipher.c
+++ b/library/cipher.c
@ -26,7 +26,7 @@
 #if defined(MBEDTLS_CIPHER_C)
 #include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
+#include "cipher_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
@ -328,7 +328,7 @@ int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
            case PSA_ERROR_NOT_SUPPORTED:
                return( MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
            default:
-                return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+                return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        }
        /* Indicate that we own the key slot and need to
         * destroy it in mbedtls_cipher_free(). */
@ -1244,23 +1244,23 @@ int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
         * are terminated by unsuccessful calls to psa_cipher_update(),
         * and by any call to psa_cipher_finish(). */
        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        status = psa_cipher_set_iv( &cipher_op, iv, iv_len );
        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        status = psa_cipher_update( &cipher_op,
                                    input, ilen,
                                    output, ilen, olen );
        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        status = psa_cipher_finish( &cipher_op,
                                    output + *olen, ilen - *olen,
                                    &part_len );
        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        *olen += part_len;
        return( 0 );
@ -1323,7 +1323,7 @@ static int mbedtls_cipher_aead_encrypt( mbedtls_cipher_context_t *ctx,
                                   input, ilen,
                                   output, ilen + tag_len, olen );
        if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        *olen -= tag_len;
        return( 0 );
@ -1405,7 +1405,7 @@ static int mbedtls_cipher_aead_decrypt( mbedtls_cipher_context_t *ctx,
        if( status == PSA_ERROR_INVALID_SIGNATURE )
            return( MBEDTLS_ERR_CIPHER_AUTH_FAILED );
        else if( status != PSA_SUCCESS )
-            return( MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        return( 0 );
    }
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@ -25,7 +25,7 @@
 #if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher_internal.h"
+#include "cipher_wrap.h"
 #include "mbedtls/error.h"
 #if defined(MBEDTLS_CHACHAPOLY_C)
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@ -1,5 +1,5 @@
 /**
- * \file cipher_internal.h
+ * \file cipher_wrap.h
 *
 * \brief Cipher wrappers.
 *
--- a/library/ecp.c
+++ b/library/ecp.c
@ -99,7 +99,7 @@
 #define mbedtls_free       free
 #endif
-#include "mbedtls/ecp_internal.h"
+#include "ecp_alt.h"
 #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
 #if defined(MBEDTLS_HMAC_DRBG_C)
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@ -1,5 +1,5 @@
 /**
- * \file ecp_internal.h
+ * \file ecp_alt.h
 *
 * \brief Function declarations for alternative implementation of elliptic curve
 * point arithmetic.
@ -293,5 +293,5 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
 #endif /* MBEDTLS_ECP_INTERNAL_ALT */
-#endif /* ecp_internal.h */
+#endif /* ecp_alt.h */
--- a/library/entropy.c
+++ b/library/entropy.c
@ -28,7 +28,7 @@
 #endif
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
@ -51,9 +51,6 @@
 #endif /* MBEDTLS_PLATFORM_C */
 #endif /* MBEDTLS_SELF_TEST */
 #if defined(MBEDTLS_HAVEGE_C)
 #include "mbedtls/havege.h"
 #endif
 #define ENTROPY_MAX_LOOP    256     /**< Maximum amount to loop before error */
@ -72,9 +69,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
 #else
    mbedtls_sha256_init( &ctx->accumulator );
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_init( &ctx->havege_data );
 #endif
    /* Reminder: Update ENTROPY_HAVE_STRONG in the test files
     *           when adding more strong entropy sources here. */
@ -95,11 +89,6 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
                                MBEDTLS_ENTROPY_MIN_HARDCLOCK,
                                MBEDTLS_ENTROPY_SOURCE_WEAK );
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_entropy_add_source( ctx, mbedtls_havege_poll, &ctx->havege_data,
                                MBEDTLS_ENTROPY_MIN_HAVEGE,
                                MBEDTLS_ENTROPY_SOURCE_STRONG );
 #endif
 #if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
    mbedtls_entropy_add_source( ctx, mbedtls_hardware_poll, NULL,
                                MBEDTLS_ENTROPY_MIN_HARDWARE,
@ -121,9 +110,6 @@ void mbedtls_entropy_free( mbedtls_entropy_context *ctx )
    if( ctx->accumulator_started == -1 )
        return;
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_free( &ctx->havege_data );
 #endif
 #if defined(MBEDTLS_THREADING_C)
    mbedtls_mutex_free( &ctx->mutex );
 #endif
--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@ -29,15 +29,12 @@
 #if defined(MBEDTLS_ENTROPY_C)
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 #include "mbedtls/error.h"
 #if defined(MBEDTLS_TIMING_C)
 #include "mbedtls/timing.h"
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
 #include "mbedtls/havege.h"
 #endif
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
 #include "mbedtls/platform.h"
 #endif
@ -249,22 +246,6 @@ int mbedtls_hardclock_poll( void *data,
 }
 #endif /* MBEDTLS_TIMING_C */
 #if defined(MBEDTLS_HAVEGE_C)
 int mbedtls_havege_poll( void *data,
                 unsigned char *output, size_t len, size_t *olen )
 {
    mbedtls_havege_state *hs = (mbedtls_havege_state *) data;
    *olen = 0;
    if( mbedtls_havege_random( hs, output, len ) != 0 )
        return( MBEDTLS_ERR_ENTROPY_SOURCE_FAILED );
    *olen = len;
    return( 0 );
 }
 #endif /* MBEDTLS_HAVEGE_C */
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
 int mbedtls_nv_seed_poll( void *data,
                          unsigned char *output, size_t len, size_t *olen )
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@ -38,7 +38,6 @@ extern "C" {
 * Default thresholds for built-in sources, in bytes
 */
 #define MBEDTLS_ENTROPY_MIN_PLATFORM     32     /**< Minimum for platform source    */
 #define MBEDTLS_ENTROPY_MIN_HAVEGE       32     /**< Minimum for HAVEGE             */
 #define MBEDTLS_ENTROPY_MIN_HARDCLOCK     4     /**< Minimum for mbedtls_timing_hardclock()        */
 #if !defined(MBEDTLS_ENTROPY_MIN_HARDWARE)
 #define MBEDTLS_ENTROPY_MIN_HARDWARE     32     /**< Minimum for the hardware source */
@ -60,16 +59,6 @@ int mbedtls_platform_entropy_poll( void *data,
                           unsigned char *output, size_t len, size_t *olen );
 #endif
 #if defined(MBEDTLS_HAVEGE_C)
 /**
 * \brief           HAVEGE based entropy poll callback
 *
 * Requires an HAVEGE state as its data pointer.
 */
 int mbedtls_havege_poll( void *data,
                 unsigned char *output, size_t len, size_t *olen );
 #endif
 #if defined(MBEDTLS_TIMING_C)
 /**
 * \brief           mbedtls_timing_hardclock-based entropy poll callback
--- a/library/error.c
+++ b/library/error.c
@ -38,10 +38,6 @@
 #include "mbedtls/aes.h"
 #endif
 #if defined(MBEDTLS_ARC4_C)
 #include "mbedtls/arc4.h"
 #endif
 #if defined(MBEDTLS_ARIA_C)
 #include "mbedtls/aria.h"
 #endif
@ -82,10 +78,6 @@
 #include "mbedtls/cipher.h"
 #endif
 #if defined(MBEDTLS_CMAC_C)
 #include "mbedtls/cmac.h"
 #endif
 #if defined(MBEDTLS_CTR_DRBG_C)
 #include "mbedtls/ctr_drbg.h"
 #endif
@ -110,6 +102,10 @@
 #include "mbedtls/error.h"
 #endif
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #endif
 #if defined(MBEDTLS_GCM_C)
 #include "mbedtls/gcm.h"
 #endif
@ -126,18 +122,6 @@
 #include "mbedtls/md.h"
 #endif
 #if defined(MBEDTLS_MD2_C)
 #include "mbedtls/md2.h"
 #endif
 #if defined(MBEDTLS_MD4_C)
 #include "mbedtls/md4.h"
 #endif
 #if defined(MBEDTLS_MD5_C)
 #include "mbedtls/md5.h"
 #endif
 #if defined(MBEDTLS_NET_C)
 #include "mbedtls/net_sockets.h"
 #endif
@ -146,10 +130,6 @@
 #include "mbedtls/oid.h"
 #endif
 #if defined(MBEDTLS_PADLOCK_C)
 #include "mbedtls/padlock.h"
 #endif
 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
 #include "mbedtls/pem.h"
 #endif
@ -166,18 +146,10 @@
 #include "mbedtls/pkcs5.h"
 #endif
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #endif
 #if defined(MBEDTLS_POLY1305_C)
 #include "mbedtls/poly1305.h"
 #endif
 #if defined(MBEDTLS_RIPEMD160_C)
 #include "mbedtls/ripemd160.h"
 #endif
 #if defined(MBEDTLS_RSA_C)
 #include "mbedtls/rsa.h"
 #endif
@ -239,8 +211,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "CIPHER - Authentication failed (for AEAD modes)" );
        case -(MBEDTLS_ERR_CIPHER_INVALID_CONTEXT):
            return( "CIPHER - The context is invalid. For example, because it was freed" );
        case -(MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED):
            return( "CIPHER - Cipher hardware accelerator failed" );
 #endif /* MBEDTLS_CIPHER_C */
 #if defined(MBEDTLS_DHM_C)
@ -262,8 +232,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "DHM - Allocation of memory failed" );
        case -(MBEDTLS_ERR_DHM_FILE_IO_ERROR):
            return( "DHM - Read or write of file failed" );
        case -(MBEDTLS_ERR_DHM_HW_ACCEL_FAILED):
            return( "DHM - DHM hardware accelerator failed" );
        case -(MBEDTLS_ERR_DHM_SET_GROUP_FAILED):
            return( "DHM - Setting the modulus and generator failed" );
 #endif /* MBEDTLS_DHM_C */
@ -285,8 +253,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "ECP - Invalid private or public key" );
        case -(MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH):
            return( "ECP - The buffer contains a valid signature followed by more data" );
        case -(MBEDTLS_ERR_ECP_HW_ACCEL_FAILED):
            return( "ECP - The ECP hardware accelerator failed" );
        case -(MBEDTLS_ERR_ECP_IN_PROGRESS):
            return( "ECP - Operation in progress, call again with the same parameters to continue" );
 #endif /* MBEDTLS_ECP_C */
@ -300,8 +266,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "MD - Failed to allocate memory" );
        case -(MBEDTLS_ERR_MD_FILE_IO_ERROR):
            return( "MD - Opening or reading of file failed" );
        case -(MBEDTLS_ERR_MD_HW_ACCEL_FAILED):
            return( "MD - MD hardware accelerator failed" );
 #endif /* MBEDTLS_MD_C */
 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
@ -354,8 +318,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "PK - Unavailable feature, e.g. RSA disabled for RSA key" );
        case -(MBEDTLS_ERR_PK_SIG_LEN_MISMATCH):
            return( "PK - The buffer contains a valid signature followed by more data" );
        case -(MBEDTLS_ERR_PK_HW_ACCEL_FAILED):
            return( "PK - PK hardware accelerator failed" );
 #endif /* MBEDTLS_PK_C */
 #if defined(MBEDTLS_PKCS12_C)
@ -399,10 +361,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "RSA - The output buffer for decryption is not large enough" );
        case -(MBEDTLS_ERR_RSA_RNG_FAILED):
            return( "RSA - The random generator failed to generate non-zeros" );
        case -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION):
            return( "RSA - The implementation does not offer the requested operation, for example, because of security violations or lack of functionality" );
        case -(MBEDTLS_ERR_RSA_HW_ACCEL_FAILED):
            return( "RSA - RSA hardware accelerator failed" );
 #endif /* MBEDTLS_RSA_C */
 #if defined(MBEDTLS_SSL_TLS_C)
@ -470,8 +428,6 @@ const char * mbedtls_high_level_strerr( int error_code )
            return( "SSL - Hardware acceleration function returned with error" );
        case -(MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH):
            return( "SSL - Hardware acceleration function skipped / left alone data" );
        case -(MBEDTLS_ERR_SSL_COMPRESSION_FAILED):
            return( "SSL - Processing of the compression / decompression failed" );
        case -(MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION):
            return( "SSL - Handshake protocol not within min/max boundaries" );
        case -(MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET):
@ -595,26 +551,13 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "AES - Invalid data input length" );
        case -(MBEDTLS_ERR_AES_BAD_INPUT_DATA):
            return( "AES - Invalid input data" );
        case -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE):
            return( "AES - Feature not available. For example, an unsupported AES key size" );
        case -(MBEDTLS_ERR_AES_HW_ACCEL_FAILED):
            return( "AES - AES hardware accelerator failed" );
 #endif /* MBEDTLS_AES_C */
 #if defined(MBEDTLS_ARC4_C)
        case -(MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED):
            return( "ARC4 - ARC4 hardware accelerator failed" );
 #endif /* MBEDTLS_ARC4_C */
 #if defined(MBEDTLS_ARIA_C)
        case -(MBEDTLS_ERR_ARIA_BAD_INPUT_DATA):
            return( "ARIA - Bad input data" );
        case -(MBEDTLS_ERR_ARIA_INVALID_INPUT_LENGTH):
            return( "ARIA - Invalid data input length" );
        case -(MBEDTLS_ERR_ARIA_FEATURE_UNAVAILABLE):
            return( "ARIA - Feature not available. For example, an unsupported ARIA key size" );
        case -(MBEDTLS_ERR_ARIA_HW_ACCEL_FAILED):
            return( "ARIA - ARIA hardware accelerator failed" );
 #endif /* MBEDTLS_ARIA_C */
 #if defined(MBEDTLS_ASN1_PARSE_C)
@ -665,8 +608,6 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "BLOWFISH - Bad input data" );
        case -(MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH):
            return( "BLOWFISH - Invalid data input length" );
        case -(MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED):
            return( "BLOWFISH - Blowfish hardware accelerator failed" );
 #endif /* MBEDTLS_BLOWFISH_C */
 #if defined(MBEDTLS_CAMELLIA_C)
@ -674,8 +615,6 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "CAMELLIA - Bad input data" );
        case -(MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH):
            return( "CAMELLIA - Invalid data input length" );
        case -(MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED):
            return( "CAMELLIA - Camellia hardware accelerator failed" );
 #endif /* MBEDTLS_CAMELLIA_C */
 #if defined(MBEDTLS_CCM_C)
@ -683,17 +622,11 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "CCM - Bad input parameters to the function" );
        case -(MBEDTLS_ERR_CCM_AUTH_FAILED):
            return( "CCM - Authenticated decryption failed" );
        case -(MBEDTLS_ERR_CCM_HW_ACCEL_FAILED):
            return( "CCM - CCM hardware accelerator failed" );
 #endif /* MBEDTLS_CCM_C */
 #if defined(MBEDTLS_CHACHA20_C)
        case -(MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA):
            return( "CHACHA20 - Invalid input parameter(s)" );
        case -(MBEDTLS_ERR_CHACHA20_FEATURE_UNAVAILABLE):
            return( "CHACHA20 - Feature not available. For example, s part of the API is not implemented" );
        case -(MBEDTLS_ERR_CHACHA20_HW_ACCEL_FAILED):
            return( "CHACHA20 - Chacha20 hardware accelerator failed" );
 #endif /* MBEDTLS_CHACHA20_C */
 #if defined(MBEDTLS_CHACHAPOLY_C)
@ -703,11 +636,6 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "CHACHAPOLY - Authenticated decryption failed: data was not authentic" );
 #endif /* MBEDTLS_CHACHAPOLY_C */
 #if defined(MBEDTLS_CMAC_C)
        case -(MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED):
            return( "CMAC - CMAC hardware accelerator failed" );
 #endif /* MBEDTLS_CMAC_C */
 #if defined(MBEDTLS_CTR_DRBG_C)
        case -(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED):
            return( "CTR_DRBG - The entropy source failed" );
@ -722,8 +650,6 @@ const char * mbedtls_low_level_strerr( int error_code )
 #if defined(MBEDTLS_DES_C)
        case -(MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH):
            return( "DES - The data input has an invalid length" );
        case -(MBEDTLS_ERR_DES_HW_ACCEL_FAILED):
            return( "DES - DES hardware accelerator failed" );
 #endif /* MBEDTLS_DES_C */
 #if defined(MBEDTLS_ENTROPY_C)
@ -746,11 +672,16 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "ERROR - This is a bug in the library" );
 #endif /* MBEDTLS_ERROR_C */
 #if defined(MBEDTLS_PLATFORM_C)
        case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
            return( "PLATFORM - Hardware accelerator failed" );
        case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
            return( "PLATFORM - The requested feature is not supported by the platform" );
 #endif /* MBEDTLS_PLATFORM_C */
 #if defined(MBEDTLS_GCM_C)
        case -(MBEDTLS_ERR_GCM_AUTH_FAILED):
            return( "GCM - Authenticated decryption failed" );
        case -(MBEDTLS_ERR_GCM_HW_ACCEL_FAILED):
            return( "GCM - GCM hardware accelerator failed" );
        case -(MBEDTLS_ERR_GCM_BAD_INPUT):
            return( "GCM - Bad input parameters to function" );
 #endif /* MBEDTLS_GCM_C */
@ -771,21 +702,6 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "HMAC_DRBG - The entropy source failed" );
 #endif /* MBEDTLS_HMAC_DRBG_C */
 #if defined(MBEDTLS_MD2_C)
        case -(MBEDTLS_ERR_MD2_HW_ACCEL_FAILED):
            return( "MD2 - MD2 hardware accelerator failed" );
 #endif /* MBEDTLS_MD2_C */
 #if defined(MBEDTLS_MD4_C)
        case -(MBEDTLS_ERR_MD4_HW_ACCEL_FAILED):
            return( "MD4 - MD4 hardware accelerator failed" );
 #endif /* MBEDTLS_MD4_C */
 #if defined(MBEDTLS_MD5_C)
        case -(MBEDTLS_ERR_MD5_HW_ACCEL_FAILED):
            return( "MD5 - MD5 hardware accelerator failed" );
 #endif /* MBEDTLS_MD5_C */
 #if defined(MBEDTLS_NET_C)
        case -(MBEDTLS_ERR_NET_SOCKET_FAILED):
            return( "NET - Failed to open a socket" );
@ -822,56 +738,27 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "OID - output buffer is too small" );
 #endif /* MBEDTLS_OID_C */
 #if defined(MBEDTLS_PADLOCK_C)
        case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED):
            return( "PADLOCK - Input data should be aligned" );
 #endif /* MBEDTLS_PADLOCK_C */
 #if defined(MBEDTLS_PLATFORM_C)
        case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
            return( "PLATFORM - Hardware accelerator failed" );
        case -(MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED):
            return( "PLATFORM - The requested feature is not supported by the platform" );
 #endif /* MBEDTLS_PLATFORM_C */
 #if defined(MBEDTLS_POLY1305_C)
        case -(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA):
            return( "POLY1305 - Invalid input parameter(s)" );
        case -(MBEDTLS_ERR_POLY1305_FEATURE_UNAVAILABLE):
            return( "POLY1305 - Feature not available. For example, s part of the API is not implemented" );
        case -(MBEDTLS_ERR_POLY1305_HW_ACCEL_FAILED):
            return( "POLY1305 - Poly1305 hardware accelerator failed" );
 #endif /* MBEDTLS_POLY1305_C */
 #if defined(MBEDTLS_RIPEMD160_C)
        case -(MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED):
            return( "RIPEMD160 - RIPEMD160 hardware accelerator failed" );
 #endif /* MBEDTLS_RIPEMD160_C */
 #if defined(MBEDTLS_SHA1_C)
        case -(MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED):
            return( "SHA1 - SHA-1 hardware accelerator failed" );
        case -(MBEDTLS_ERR_SHA1_BAD_INPUT_DATA):
            return( "SHA1 - SHA-1 input data was malformed" );
 #endif /* MBEDTLS_SHA1_C */
 #if defined(MBEDTLS_SHA256_C)
        case -(MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED):
            return( "SHA256 - SHA-256 hardware accelerator failed" );
        case -(MBEDTLS_ERR_SHA256_BAD_INPUT_DATA):
            return( "SHA256 - SHA-256 input data was malformed" );
 #endif /* MBEDTLS_SHA256_C */
 #if defined(MBEDTLS_SHA512_C)
        case -(MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED):
            return( "SHA512 - SHA-512 hardware accelerator failed" );
        case -(MBEDTLS_ERR_SHA512_BAD_INPUT_DATA):
            return( "SHA512 - SHA-512 input data was malformed" );
 #endif /* MBEDTLS_SHA512_C */
 #if defined(MBEDTLS_THREADING_C)
        case -(MBEDTLS_ERR_THREADING_FEATURE_UNAVAILABLE):
            return( "THREADING - The selected feature is not available" );
        case -(MBEDTLS_ERR_THREADING_BAD_INPUT_DATA):
            return( "THREADING - Bad input parameters to function" );
        case -(MBEDTLS_ERR_THREADING_MUTEX_ERROR):
@ -881,8 +768,6 @@ const char * mbedtls_low_level_strerr( int error_code )
 #if defined(MBEDTLS_XTEA_C)
        case -(MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH):
            return( "XTEA - The data input has an invalid length" );
        case -(MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED):
            return( "XTEA - XTEA hardware accelerator failed" );
 #endif /* MBEDTLS_XTEA_C */
        /* End Auto-Generated Code. */
--- a/library/gcm.c
+++ b/library/gcm.c
@ -38,7 +38,7 @@
 #include <string.h>
 #if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
+#include "aesni.h"
 #endif
 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
--- a/library/havege.c
+++ b/library/havege.c
@ -1,237 +0,0 @@
 /**
 *  \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
 /*
 *  The HAVEGE RNG was designed by Andre Seznec in 2002.
 *
 *  http://www.irisa.fr/caps/projects/hipsor/publi.php
 *
 *  Contact: seznec(at)irisa_dot_fr - orocheco(at)irisa_dot_fr
 */
 #include "common.h"
 #if defined(MBEDTLS_HAVEGE_C)
 #include "mbedtls/havege.h"
 #include "mbedtls/timing.h"
 #include "mbedtls/platform_util.h"
 #include <stdint.h>
 #include <string.h>
 /* ------------------------------------------------------------------------
 * On average, one iteration accesses two 8-word blocks in the havege WALK
 * table, and generates 16 words in the RES array.
 *
 * The data read in the WALK table is updated and permuted after each use.
 * The result of the hardware clock counter read is used  for this update.
 *
 * 25 conditional tests are present.  The conditional tests are grouped in
 * two nested  groups of 12 conditional tests and 1 test that controls the
 * permutation; on average, there should be 6 tests executed and 3 of them
 * should be mispredicted.
 * ------------------------------------------------------------------------
 */
 #define SWAP(X,Y) { uint32_t *T = (X); (X) = (Y); (Y) = T; }
 #define TST1_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
 #define TST2_ENTER if( PTEST & 1 ) { PTEST ^= 3; PTEST >>= 1;
 #define TST1_LEAVE U1++; }
 #define TST2_LEAVE U2++; }
 #define ONE_ITERATION                                   \
                                                        \
    PTEST = PT1 >> 20;                                  \
                                                        \
    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
    TST1_ENTER  TST1_ENTER  TST1_ENTER  TST1_ENTER      \
                                                        \
    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
    TST1_LEAVE  TST1_LEAVE  TST1_LEAVE  TST1_LEAVE      \
                                                        \
    PTX = (PT1 >> 18) & 7;                              \
    PT1 &= 0x1FFF;                                      \
    PT2 &= 0x1FFF;                                      \
    CLK = (uint32_t) mbedtls_timing_hardclock();        \
                                                        \
    i = 0;                                              \
    A = &WALK[PT1    ]; RES[i++] ^= *A;                 \
    B = &WALK[PT2    ]; RES[i++] ^= *B;                 \
    C = &WALK[PT1 ^ 1]; RES[i++] ^= *C;                 \
    D = &WALK[PT2 ^ 4]; RES[i++] ^= *D;                 \
                                                        \
    IN = (*A >> (1)) ^ (*A << (31)) ^ CLK;              \
    *A = (*B >> (2)) ^ (*B << (30)) ^ CLK;              \
    *B = IN ^ U1;                                       \
    *C = (*C >> (3)) ^ (*C << (29)) ^ CLK;              \
    *D = (*D >> (4)) ^ (*D << (28)) ^ CLK;              \
                                                        \
    A = &WALK[PT1 ^ 2]; RES[i++] ^= *A;                 \
    B = &WALK[PT2 ^ 2]; RES[i++] ^= *B;                 \
    C = &WALK[PT1 ^ 3]; RES[i++] ^= *C;                 \
    D = &WALK[PT2 ^ 6]; RES[i++] ^= *D;                 \
                                                        \
    if( PTEST & 1 ) SWAP( A, C );                       \
                                                        \
    IN = (*A >> (5)) ^ (*A << (27)) ^ CLK;              \
    *A = (*B >> (6)) ^ (*B << (26)) ^ CLK;              \
    *B = IN; CLK = (uint32_t) mbedtls_timing_hardclock();       \
    *C = (*C >> (7)) ^ (*C << (25)) ^ CLK;              \
    *D = (*D >> (8)) ^ (*D << (24)) ^ CLK;              \
                                                        \
    A = &WALK[PT1 ^ 4];                                 \
    B = &WALK[PT2 ^ 1];                                 \
                                                        \
    PTEST = PT2 >> 1;                                   \
                                                        \
    PT2 = (RES[(i - 8) ^ PTY] ^ WALK[PT2 ^ PTY ^ 7]);   \
    PT2 = ((PT2 & 0x1FFF) & (~8)) ^ ((PT1 ^ 8) & 0x8);  \
    PTY = (PT2 >> 10) & 7;                              \
                                                        \
    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
    TST2_ENTER  TST2_ENTER  TST2_ENTER  TST2_ENTER      \
                                                        \
    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
    TST2_LEAVE  TST2_LEAVE  TST2_LEAVE  TST2_LEAVE      \
                                                        \
    C = &WALK[PT1 ^ 5];                                 \
    D = &WALK[PT2 ^ 5];                                 \
                                                        \
    RES[i++] ^= *A;                                     \
    RES[i++] ^= *B;                                     \
    RES[i++] ^= *C;                                     \
    RES[i++] ^= *D;                                     \
                                                        \
    IN = (*A >> ( 9)) ^ (*A << (23)) ^ CLK;             \
    *A = (*B >> (10)) ^ (*B << (22)) ^ CLK;             \
    *B = IN ^ U2;                                       \
    *C = (*C >> (11)) ^ (*C << (21)) ^ CLK;             \
    *D = (*D >> (12)) ^ (*D << (20)) ^ CLK;             \
                                                        \
    A = &WALK[PT1 ^ 6]; RES[i++] ^= *A;                 \
    B = &WALK[PT2 ^ 3]; RES[i++] ^= *B;                 \
    C = &WALK[PT1 ^ 7]; RES[i++] ^= *C;                 \
    D = &WALK[PT2 ^ 7]; RES[i++] ^= *D;                 \
                                                        \
    IN = (*A >> (13)) ^ (*A << (19)) ^ CLK;             \
    *A = (*B >> (14)) ^ (*B << (18)) ^ CLK;             \
    *B = IN;                                            \
    *C = (*C >> (15)) ^ (*C << (17)) ^ CLK;             \
    *D = (*D >> (16)) ^ (*D << (16)) ^ CLK;             \
                                                        \
    PT1 = ( RES[( i - 8 ) ^ PTX] ^                      \
            WALK[PT1 ^ PTX ^ 7] ) & (~1);               \
    PT1 ^= (PT2 ^ 0x10) & 0x10;                         \
                                                        \
    for( n++, i = 0; i < 16; i++ )                      \
        hs->pool[n % MBEDTLS_HAVEGE_COLLECT_SIZE] ^= RES[i];
 /*
 * Entropy gathering function
 */
 static void havege_fill( mbedtls_havege_state *hs )
 {
    size_t n = 0;
    size_t i;
    uint32_t  U1,  U2, *A, *B, *C, *D;
    uint32_t PT1, PT2, *WALK, RES[16];
    uint32_t PTX, PTY, CLK, PTEST, IN;
    WALK = hs->WALK;
    PT1  = hs->PT1;
    PT2  = hs->PT2;
    PTX  = U1 = 0;
    PTY  = U2 = 0;
    (void)PTX;
    memset( RES, 0, sizeof( RES ) );
    while( n < MBEDTLS_HAVEGE_COLLECT_SIZE * 4 )
    {
        ONE_ITERATION
        ONE_ITERATION
        ONE_ITERATION
        ONE_ITERATION
    }
    hs->PT1 = PT1;
    hs->PT2 = PT2;
    hs->offset[0] = 0;
    hs->offset[1] = MBEDTLS_HAVEGE_COLLECT_SIZE / 2;
 }
 /*
 * HAVEGE initialization
 */
 void mbedtls_havege_init( mbedtls_havege_state *hs )
 {
    memset( hs, 0, sizeof( mbedtls_havege_state ) );
    havege_fill( hs );
 }
 void mbedtls_havege_free( mbedtls_havege_state *hs )
 {
    if( hs == NULL )
        return;
    mbedtls_platform_zeroize( hs, sizeof( mbedtls_havege_state ) );
 }
 /*
 * HAVEGE rand function
 */
 int mbedtls_havege_random( void *p_rng, unsigned char *buf, size_t len )
 {
    uint32_t val;
    size_t use_len;
    mbedtls_havege_state *hs = (mbedtls_havege_state *) p_rng;
    unsigned char *p = buf;
    while( len > 0 )
    {
        use_len = len;
        if( use_len > sizeof( val ) )
            use_len = sizeof( val );
        if( hs->offset[1] >= MBEDTLS_HAVEGE_COLLECT_SIZE )
            havege_fill( hs );
        val  = hs->pool[hs->offset[0]++];
        val ^= hs->pool[hs->offset[1]++];
        memcpy( p, &val, use_len );
        len -= use_len;
        p += use_len;
    }
    return( 0 );
 }
 #endif /* MBEDTLS_HAVEGE_C */
--- a/library/md.c
+++ b/library/md.c
@ -26,7 +26,7 @@
 #if defined(MBEDTLS_MD_C)
 #include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
+#include "md_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
@ -390,13 +390,6 @@ int mbedtls_md_clone( mbedtls_md_context_t *dst,
    return( 0 );
 }
 #if ! defined(MBEDTLS_DEPRECATED_REMOVED)
 int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info )
 {
    return mbedtls_md_setup( ctx, md_info, 1 );
 }
 #endif
 #define ALLOC( type )                                                   \
    do {                                                                \
        ctx->md_ctx = mbedtls_calloc( 1, sizeof( mbedtls_##type##_context ) ); \
--- a/library/md2.c
+++ b/library/md2.c
@ -106,13 +106,6 @@ int mbedtls_md2_starts_ret( mbedtls_md2_context *ctx )
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md2_starts( mbedtls_md2_context *ctx )
 {
    mbedtls_md2_starts_ret( ctx );
 }
 #endif
 #if !defined(MBEDTLS_MD2_PROCESS_ALT)
 int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
 {
@ -153,12 +146,6 @@ int mbedtls_internal_md2_process( mbedtls_md2_context *ctx )
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md2_process( mbedtls_md2_context *ctx )
 {
    mbedtls_internal_md2_process( ctx );
 }
 #endif
 #endif /* !MBEDTLS_MD2_PROCESS_ALT */
 /*
@ -195,15 +182,6 @@ int mbedtls_md2_update_ret( mbedtls_md2_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md2_update( mbedtls_md2_context *ctx,
                         const unsigned char *input,
                         size_t ilen )
 {
    mbedtls_md2_update_ret( ctx, input, ilen );
 }
 #endif
 /*
 * MD2 final digest
 */
@ -231,14 +209,6 @@ int mbedtls_md2_finish_ret( mbedtls_md2_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md2_finish( mbedtls_md2_context *ctx,
                         unsigned char output[16] )
 {
    mbedtls_md2_finish_ret( ctx, output );
 }
 #endif
 #endif /* !MBEDTLS_MD2_ALT */
 /*
@ -268,15 +238,6 @@ exit:
    return( ret );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md2( const unsigned char *input,
                  size_t ilen,
                  unsigned char output[16] )
 {
    mbedtls_md2_ret( input, ilen, output );
 }
 #endif
 #if defined(MBEDTLS_SELF_TEST)
 /*
--- a/library/md4.c
+++ b/library/md4.c
@ -102,13 +102,6 @@ int mbedtls_md4_starts_ret( mbedtls_md4_context *ctx )
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md4_starts( mbedtls_md4_context *ctx )
 {
    mbedtls_md4_starts_ret( ctx );
 }
 #endif
 #if !defined(MBEDTLS_MD4_PROCESS_ALT)
 int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
                                  const unsigned char data[64] )
@ -238,13 +231,6 @@ int mbedtls_internal_md4_process( mbedtls_md4_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md4_process( mbedtls_md4_context *ctx,
                          const unsigned char data[64] )
 {
    mbedtls_internal_md4_process( ctx, data );
 }
 #endif
 #endif /* !MBEDTLS_MD4_PROCESS_ALT */
 /*
@ -301,15 +287,6 @@ int mbedtls_md4_update_ret( mbedtls_md4_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md4_update( mbedtls_md4_context *ctx,
                         const unsigned char *input,
                         size_t ilen )
 {
    mbedtls_md4_update_ret( ctx, input, ilen );
 }
 #endif
 static const unsigned char md4_padding[64] =
 {
 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
@ -355,14 +332,6 @@ int mbedtls_md4_finish_ret( mbedtls_md4_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md4_finish( mbedtls_md4_context *ctx,
                         unsigned char output[16] )
 {
    mbedtls_md4_finish_ret( ctx, output );
 }
 #endif
 #endif /* !MBEDTLS_MD4_ALT */
 /*
@ -392,15 +361,6 @@ exit:
    return( ret );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md4( const unsigned char *input,
                  size_t ilen,
                  unsigned char output[16] )
 {
    mbedtls_md4_ret( input, ilen, output );
 }
 #endif
 #if defined(MBEDTLS_SELF_TEST)
 /*
--- a/library/md5.c
+++ b/library/md5.c
@ -101,13 +101,6 @@ int mbedtls_md5_starts_ret( mbedtls_md5_context *ctx )
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md5_starts( mbedtls_md5_context *ctx )
 {
    mbedtls_md5_starts_ret( ctx );
 }
 #endif
 #if !defined(MBEDTLS_MD5_PROCESS_ALT)
 int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
                                  const unsigned char data[64] )
@ -244,13 +237,6 @@ int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md5_process( mbedtls_md5_context *ctx,
                          const unsigned char data[64] )
 {
    mbedtls_internal_md5_process( ctx, data );
 }
 #endif
 #endif /* !MBEDTLS_MD5_PROCESS_ALT */
 /*
@ -304,15 +290,6 @@ int mbedtls_md5_update_ret( mbedtls_md5_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md5_update( mbedtls_md5_context *ctx,
                         const unsigned char *input,
                         size_t ilen )
 {
    mbedtls_md5_update_ret( ctx, input, ilen );
 }
 #endif
 /*
 * MD5 final digest
 */
@ -370,14 +347,6 @@ int mbedtls_md5_finish_ret( mbedtls_md5_context *ctx,
    return( 0 );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md5_finish( mbedtls_md5_context *ctx,
                         unsigned char output[16] )
 {
    mbedtls_md5_finish_ret( ctx, output );
 }
 #endif
 #endif /* !MBEDTLS_MD5_ALT */
 /*
@ -407,15 +376,6 @@ exit:
    return( ret );
 }
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
 void mbedtls_md5( const unsigned char *input,
                  size_t ilen,
                  unsigned char output[16] )
 {
    mbedtls_md5_ret( input, ilen, output );
 }
 #endif
 #if defined(MBEDTLS_SELF_TEST)
 /*
 * RFC 1321 test vectors
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@ -1,5 +1,5 @@
 /**
- * \file md_internal.h
+ * \file md_wrap.h
 *
 * \brief Message digest wrappers.
 *
--- a/library/padlock.c
+++ b/library/padlock.c
@ -27,7 +27,7 @@
 #if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
+#include "padlock.h"
 #include <string.h>
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
--- a/library/pk.c
+++ b/library/pk.c
@ -21,7 +21,7 @@
 #if defined(MBEDTLS_PK_C)
 #include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
@ -626,7 +626,7 @@ int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
    /* import private key into PSA */
    if( PSA_SUCCESS != psa_import_key( &attributes, d, d_len, key ) )
-        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
    /* make PK context wrap the key slot */
    mbedtls_pk_free( pk );
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -20,7 +20,7 @@
 #include "common.h"
 #if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"
 #include "mbedtls/error.h"
 /* Even if RSA not activated, for the sake of RSA-alt */
@ -941,7 +941,7 @@ static int asn1_write_mpibuf( unsigned char **p, unsigned char *start,
    /* this is only reached if the signature was invalid */
    if( len == 0 )
-        return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+        return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
    /* if the msb is 1, ASN.1 requires that we prepend a 0.
     * Neither r nor s can be 0, so we can assume len > 0 at all times. */
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@ -1,5 +1,5 @@
 /**
- * \file pk_internal.h
+ * \file pk_wrap.h
 *
 * \brief Public Key abstraction layer: wrapper functions
 */
--- a/library/pkcs11.c
+++ b/library/pkcs11.c
@ -1,238 +0,0 @@
 /**
 * \file pkcs11.c
 *
 * \brief Wrapper for PKCS#11 library libpkcs11-helper
 *
 * \author Adriaan de Jong <dejong@fox-it.com>
 *
 *  Copyright The Mbed TLS Contributors
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
 *  You may obtain a copy of the License at
 *
 *  http://www.apache.org/licenses/LICENSE-2.0
 *
 *  Unless required by applicable law or agreed to in writing, software
 *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
 #include "mbedtls/pkcs11.h"
 #if defined(MBEDTLS_PKCS11_C)
 #include "mbedtls/md.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/x509_crt.h"
 #if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
 #include <stdlib.h>
 #define mbedtls_calloc    calloc
 #define mbedtls_free       free
 #endif
 #include <string.h>
 void mbedtls_pkcs11_init( mbedtls_pkcs11_context *ctx )
 {
    memset( ctx, 0, sizeof( mbedtls_pkcs11_context ) );
 }
 int mbedtls_pkcs11_x509_cert_bind( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11_cert )
 {
    int ret = 1;
    unsigned char *cert_blob = NULL;
    size_t cert_blob_size = 0;
    if( cert == NULL )
    {
        ret = 2;
        goto cleanup;
    }
    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, NULL,
                                                &cert_blob_size ) != CKR_OK )
    {
        ret = 3;
        goto cleanup;
    }
    cert_blob = mbedtls_calloc( 1, cert_blob_size );
    if( NULL == cert_blob )
    {
        ret = 4;
        goto cleanup;
    }
    if( pkcs11h_certificate_getCertificateBlob( pkcs11_cert, cert_blob,
                                                &cert_blob_size ) != CKR_OK )
    {
        ret = 5;
        goto cleanup;
    }
    if( 0 != mbedtls_x509_crt_parse( cert, cert_blob, cert_blob_size ) )
    {
        ret = 6;
        goto cleanup;
    }
    ret = 0;
 cleanup:
    if( NULL != cert_blob )
        mbedtls_free( cert_blob );
    return( ret );
 }
 int mbedtls_pkcs11_priv_key_bind( mbedtls_pkcs11_context *priv_key,
        pkcs11h_certificate_t pkcs11_cert )
 {
    int ret = 1;
    mbedtls_x509_crt cert;
    mbedtls_x509_crt_init( &cert );
    if( priv_key == NULL )
        goto cleanup;
    if( 0 != mbedtls_pkcs11_x509_cert_bind( &cert, pkcs11_cert ) )
        goto cleanup;
    priv_key->len = mbedtls_pk_get_len( &cert.pk );
    priv_key->pkcs11h_cert = pkcs11_cert;
    ret = 0;
 cleanup:
    mbedtls_x509_crt_free( &cert );
    return( ret );
 }
 void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key )
 {
    if( NULL != priv_key )
        pkcs11h_certificate_freeCertificate( priv_key->pkcs11h_cert );
 }
 int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
                       int mode, size_t *olen,
                       const unsigned char *input,
                       unsigned char *output,
                       size_t output_max_len )
 {
    size_t input_len, output_len;
    if( NULL == ctx )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    if( MBEDTLS_RSA_PRIVATE != mode )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    output_len = input_len = ctx->len;
    if( input_len < 16 || input_len > output_max_len )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    /* Determine size of output buffer */
    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
            input_len, NULL, &output_len ) != CKR_OK )
    {
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    }
    if( output_len > output_max_len )
        return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
    if( pkcs11h_certificate_decryptAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, input,
            input_len, output, &output_len ) != CKR_OK )
    {
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    }
    *olen = output_len;
    return( 0 );
 }
 int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
                    int mode,
                    mbedtls_md_type_t md_alg,
                    unsigned int hashlen,
                    const unsigned char *hash,
                    unsigned char *sig )
 {
    size_t sig_len = 0, asn_len = 0, oid_size = 0;
    unsigned char *p = sig;
    const char *oid;
    if( NULL == ctx )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    if( MBEDTLS_RSA_PRIVATE != mode )
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    if( md_alg != MBEDTLS_MD_NONE )
    {
        const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg );
        if( md_info == NULL )
            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
        if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 )
            return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
        hashlen = mbedtls_md_get_size( md_info );
        asn_len = 10 + oid_size;
    }
    sig_len = ctx->len;
    if( hashlen > sig_len || asn_len > sig_len ||
        hashlen + asn_len > sig_len )
    {
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    }
    if( md_alg != MBEDTLS_MD_NONE )
    {
        /*
         * DigestInfo ::= SEQUENCE {
         *   digestAlgorithm DigestAlgorithmIdentifier,
         *   digest Digest }
         *
         * DigestAlgorithmIdentifier ::= AlgorithmIdentifier
         *
         * Digest ::= OCTET STRING
         */
        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
        *p++ = (unsigned char) ( 0x08 + oid_size + hashlen );
        *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED;
        *p++ = (unsigned char) ( 0x04 + oid_size );
        *p++ = MBEDTLS_ASN1_OID;
        *p++ = oid_size & 0xFF;
        memcpy( p, oid, oid_size );
        p += oid_size;
        *p++ = MBEDTLS_ASN1_NULL;
        *p++ = 0x00;
        *p++ = MBEDTLS_ASN1_OCTET_STRING;
        *p++ = hashlen;
    }
    memcpy( p, hash, hashlen );
    if( pkcs11h_certificate_signAny( ctx->pkcs11h_cert, CKM_RSA_PKCS, sig,
            asn_len + hashlen, sig, &sig_len ) != CKR_OK )
    {
        return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
    }
    return( 0 );
 }
 #endif /* defined(MBEDTLS_PKCS11_C) */
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@ -222,7 +222,7 @@ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
    return( (int) len );
 }
-int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char *c;
@ -271,7 +271,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
        key_id = *((psa_key_id_t*) key->pk_ctx );
        if( PSA_SUCCESS != psa_get_key_attributes( key_id, &attributes ) )
-            return( MBEDTLS_ERR_PK_HW_ACCEL_FAILED );
+            return( MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED );
        key_type = psa_get_key_type( &attributes );
        bits = psa_get_key_bits( &attributes );
        psa_reset_key_attributes( &attributes );
@ -310,7 +310,7 @@ int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *key, unsigned char *buf, si
    return( (int) len );
 }
-int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_der( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char *c;
@ -553,7 +553,7 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_
 #define PRV_DER_MAX_BYTES   ( RSA_PRV_DER_MAX_BYTES > ECP_PRV_DER_MAX_BYTES ? \
                              RSA_PRV_DER_MAX_BYTES : ECP_PRV_DER_MAX_BYTES )
-int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char output_buf[PUB_DER_MAX_BYTES];
@ -578,7 +578,7 @@ int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *key, unsigned char *buf, si
    return( 0 );
 }
-int mbedtls_pk_write_key_pem( mbedtls_pk_context *key, unsigned char *buf, size_t size )
+int mbedtls_pk_write_key_pem( const mbedtls_pk_context *key, unsigned char *buf, size_t size )
 {
    int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
    unsigned char output_buf[PRV_DER_MAX_BYTES];
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -78,9 +78,9 @@
 #include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
 #include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
+#include "md_wrap.h"
 #include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #include "mbedtls/ripemd160.h"
@ -151,14 +151,7 @@ psa_status_t mbedtls_to_psa_error( int ret )
        case MBEDTLS_ERR_AES_INVALID_KEY_LENGTH:
        case MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH:
        case MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_AES_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_ARC4_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_ASN1_OUT_OF_DATA:
        case MBEDTLS_ERR_ASN1_UNEXPECTED_TAG:
        case MBEDTLS_ERR_ASN1_INVALID_LENGTH:
@ -172,30 +165,20 @@ psa_status_t mbedtls_to_psa_error( int ret )
 #if defined(MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA)
        case MBEDTLS_ERR_BLOWFISH_BAD_INPUT_DATA:
 #elif defined(MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH)
        case MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH:
 #endif
        case MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_BLOWFISH_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
 #if defined(MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA)
        case MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA:
 #elif defined(MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH)
        case MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH:
 #endif
        case MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_CAMELLIA_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_CCM_BAD_INPUT:
            return( PSA_ERROR_INVALID_ARGUMENT );
        case MBEDTLS_ERR_CCM_AUTH_FAILED:
            return( PSA_ERROR_INVALID_SIGNATURE );
        case MBEDTLS_ERR_CCM_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA:
            return( PSA_ERROR_INVALID_ARGUMENT );
@ -219,11 +202,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_INVALID_SIGNATURE );
        case MBEDTLS_ERR_CIPHER_INVALID_CONTEXT:
            return( PSA_ERROR_CORRUPTION_DETECTED );
        case MBEDTLS_ERR_CIPHER_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_CMAC_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
 #if !( defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) ||      \
       defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE) )
@ -240,8 +218,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
        case MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_DES_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED:
        case MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE:
@ -252,8 +228,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_INVALID_SIGNATURE );
        case MBEDTLS_ERR_GCM_BAD_INPUT:
            return( PSA_ERROR_INVALID_ARGUMENT );
        case MBEDTLS_ERR_GCM_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
 #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) &&        \
    defined(MBEDTLS_PSA_HMAC_DRBG_MD_TYPE)
@ -268,11 +242,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
 #endif
        case MBEDTLS_ERR_MD2_HW_ACCEL_FAILED:
        case MBEDTLS_ERR_MD4_HW_ACCEL_FAILED:
        case MBEDTLS_ERR_MD5_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_MD_BAD_INPUT_DATA:
@ -281,8 +250,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_INSUFFICIENT_MEMORY );
        case MBEDTLS_ERR_MD_FILE_IO_ERROR:
            return( PSA_ERROR_STORAGE_FAILURE );
        case MBEDTLS_ERR_MD_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_MPI_FILE_IO_ERROR:
            return( PSA_ERROR_STORAGE_FAILURE );
@ -324,17 +291,12 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_PK_SIG_LEN_MISMATCH:
            return( PSA_ERROR_INVALID_SIGNATURE );
        case MBEDTLS_ERR_PK_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_RIPEMD160_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_RSA_BAD_INPUT_DATA:
            return( PSA_ERROR_INVALID_ARGUMENT );
        case MBEDTLS_ERR_RSA_INVALID_PADDING:
@ -352,20 +314,9 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_BUFFER_TOO_SMALL );
        case MBEDTLS_ERR_RSA_RNG_FAILED:
            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
        case MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION:
            return( PSA_ERROR_NOT_SUPPORTED );
        case MBEDTLS_ERR_RSA_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_SHA1_HW_ACCEL_FAILED:
        case MBEDTLS_ERR_SHA256_HW_ACCEL_FAILED:
        case MBEDTLS_ERR_SHA512_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_XTEA_INVALID_INPUT_LENGTH:
            return( PSA_ERROR_INVALID_ARGUMENT );
        case MBEDTLS_ERR_XTEA_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_ECP_BAD_INPUT_DATA:
        case MBEDTLS_ERR_ECP_INVALID_KEY:
@ -381,8 +332,6 @@ psa_status_t mbedtls_to_psa_error( int ret )
            return( PSA_ERROR_INSUFFICIENT_MEMORY );
        case MBEDTLS_ERR_ECP_RANDOM_FAILED:
            return( PSA_ERROR_INSUFFICIENT_ENTROPY );
        case MBEDTLS_ERR_ECP_HW_ACCEL_FAILED:
            return( PSA_ERROR_HARDWARE_FAILURE );
        case MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED:
            return( PSA_ERROR_CORRUPTION_DETECTED );
@ -4879,7 +4828,7 @@ int mbedtls_psa_get_random( void *p_rng,
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
                                         size_t seed_size )
--- a/library/psa_crypto_hash.h
+++ b/library/psa_crypto_hash.h
@ -23,7 +23,7 @@
 #include <psa/crypto.h>
-#include <mbedtls/md_internal.h>
+#include "md_wrap.h"
 /** Get Mbed TLS MD information of a hash algorithm given its PSA identifier
 *
--- a/library/psa_crypto_rsa.c
+++ b/library/psa_crypto_rsa.c
@ -39,7 +39,7 @@
 #include <mbedtls/rsa.h>
 #include <mbedtls/error.h>
 #include <mbedtls/pk.h>
-#include <mbedtls/pk_internal.h>
+#include "pk_wrap.h"
 #if ( defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) ||  \
      ( defined(PSA_CRYPTO_DRIVER_TEST) &&                   \
--- a/Show more
+++ b/Show more
		`@ -1,2 +0,0 @@`
			`Changes`
			`* Fix the setting of the read timeout in the DTLS sample programs.`
		`@ -1,2 +0,0 @@`
			`Changes`
			`* Fix memsan build false positive in x509_crt.c with clang 11`