diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 1ddde8264..fb97c7b75 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -83,24 +83,24 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx );
  *
  * \param ctx      AES context to be initialized
  * \param key      encryption key
- * \param keysize  must be 128, 192 or 256
+ * \param keybits  must be 128, 192 or 256
  *
  * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keysize );
+                    unsigned int keybits );
 
 /**
  * \brief          AES key schedule (decryption)
  *
  * \param ctx      AES context to be initialized
  * \param key      decryption key
- * \param keysize  must be 128, 192 or 256
+ * \param keybits  must be 128, 192 or 256
  *
  * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keysize );
+                    unsigned int keybits );
 
 /**
  * \brief          AES-ECB block encryption/decryption
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index bec24d1b2..675a8eb5c 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -119,7 +119,7 @@ extern "C" {
 typedef struct mbedtls_asn1_buf
 {
     int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t len;             /**< ASN1 length, e.g. in octets. */
+    size_t len;             /**< ASN1 length, in octets. */
     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
 }
 mbedtls_asn1_buf;
@@ -129,7 +129,7 @@ mbedtls_asn1_buf;
  */
 typedef struct mbedtls_asn1_bitstring
 {
-    size_t len;                 /**< ASN1 length, e.g. in octets. */
+    size_t len;                 /**< ASN1 length, in octets. */
     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
     unsigned char *p;           /**< Raw ASN1 data for the bit string */
 }
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index d69205866..74bbe2665 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -80,12 +80,12 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
  *
  * \param ctx      Blowfish context to be initialized
  * \param key      encryption key
- * \param keysize  must be between 32 and 448 bits
+ * \param keybits  must be between 32 and 448 bits
  *
  * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
  */
 int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keysize );
+                     unsigned int keybits );
 
 /**
  * \brief          Blowfish-ECB block encryption/decryption
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index c160341bb..37675d11c 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -76,24 +76,24 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
  *
  * \param ctx      CAMELLIA context to be initialized
  * \param key      encryption key
- * \param keysize  must be 128, 192 or 256
+ * \param keybits  must be 128, 192 or 256
  *
  * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keysize );
+                         unsigned int keybits );
 
 /**
  * \brief          CAMELLIA key schedule (decryption)
  *
  * \param ctx      CAMELLIA context to be initialized
  * \param key      decryption key
- * \param keysize  must be 128, 192 or 256
+ * \param keybits  must be 128, 192 or 256
  *
  * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keysize );
+                         unsigned int keybits );
 
 /**
  * \brief          CAMELLIA-ECB block encryption/decryption
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 894794d82..a1dba4fda 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -56,14 +56,14 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
  * \param ctx       CCM context to be initialized
  * \param cipher    cipher to use (a 128-bit block cipher)
  * \param key       encryption key
- * \param keysize   key size in bits (must be acceptable by the cipher)
+ * \param keybits   key size in bits (must be acceptable by the cipher)
  *
  * \return          0 if successful, or a cipher specific error code
  */
 int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
                         mbedtls_cipher_id_t cipher,
                         const unsigned char *key,
-                        unsigned int keysize );
+                        unsigned int keybits );
 
 /**
  * \brief           Free a CCM context and underlying cipher sub-context
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index 58c974bd3..46b82ca5e 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -282,14 +282,14 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher
  *
  * \param cipher_id     Id of the cipher to search for
  *                      (e.g. MBEDTLS_CIPHER_ID_AES)
- * \param key_length    Length of the key in bits
+ * \param key_bitlen    Length of the key in bits
  * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
  *
  * \return              the cipher information structure associated with the
  *                      given cipher_type, or NULL if not found.
  */
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_length,
+                                              int key_bitlen,
                                               const mbedtls_cipher_mode_t mode );
 
 /**
@@ -447,7 +447,7 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
  *                      initialised using cipher_context_from_type or
  *                      cipher_context_from_string.
  * \param key           The key to use.
- * \param key_length    key length to use, in bits.
+ * \param key_bitlen    key length to use, in bits.
  * \param operation     Operation that the key will be used for, either
  *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
  *
@@ -456,7 +456,7 @@ static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_ci
  *                      error code.
  */
 int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
-                   int key_length, const mbedtls_operation_t operation );
+                   int key_bitlen, const mbedtls_operation_t operation );
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
 /**
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index c2f6d68ea..c6e9d26c5 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -69,14 +69,14 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
  * \param ctx       GCM context to be initialized
  * \param cipher    cipher to use (a 128-bit block cipher)
  * \param key       encryption key
- * \param keysize   must be 128, 192 or 256
+ * \param keybits   must be 128, 192 or 256
  *
  * \return          0 if successful, or a cipher specific error code
  */
 int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
                         mbedtls_cipher_id_t cipher,
                         const unsigned char *key,
-                        unsigned int keysize );
+                        unsigned int keybits );
 
 /**
  * \brief           GCM buffer encryption/decryption using a block cipher
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index cb3e05871..8e5702592 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -172,7 +172,7 @@ int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_inf
  *
  * \param md_info   message digest info
  *
- * \return          size of the message digest output.
+ * \return          size of the message digest output in bytes.
  */
 unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
 
@@ -269,7 +269,7 @@ int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
  *
  * \param ctx       HMAC context
  * \param key       HMAC secret key
- * \param keylen    length of the HMAC key
+ * \param keylen    length of the HMAC key in bytes
  *
  * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
@@ -323,7 +323,7 @@ int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
  *
  * \param md_info  message digest info
  * \param key      HMAC secret key
- * \param keylen   length of the HMAC key
+ * \param keylen   length of the HMAC key in bytes
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  * \param output   Generic HMAC-result
diff --git a/include/mbedtls/md_internal.h b/include/mbedtls/md_internal.h
index 8cc8c5bac..fe0feb305 100644
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@@ -52,10 +52,10 @@ struct mbedtls_md_info_t
     /** Name of the message digest */
     const char * name;
 
-    /** Output length of the digest function */
+    /** Output length of the digest function in bytes */
     int size;
 
-    /** Block length of the digest function */
+    /** Block length of the digest function in bytes */
     int block_size;
 
     /** Digest initialisation function */
diff --git a/library/aes.c b/library/aes.c
index 5dbe910d7..559213872 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -483,7 +483,7 @@ void mbedtls_aes_free( mbedtls_aes_context *ctx )
  */
 #if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
 int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keysize )
+                    unsigned int keybits )
 {
     unsigned int i;
     uint32_t *RK;
@@ -497,7 +497,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
     }
 #endif
 
-    switch( keysize )
+    switch( keybits )
     {
         case 128: ctx->nr = 10; break;
         case 192: ctx->nr = 12; break;
@@ -517,10 +517,10 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
 
 #if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
     if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
-        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keysize ) );
+        return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
 #endif
 
-    for( i = 0; i < ( keysize >> 5 ); i++ )
+    for( i = 0; i < ( keybits >> 5 ); i++ )
     {
         GET_UINT32_LE( RK[i], key, i << 2 );
     }
@@ -597,7 +597,7 @@ int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
  */
 #if !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
 int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keysize )
+                    unsigned int keybits )
 {
     int i, j, ret;
     mbedtls_aes_context cty;
@@ -616,8 +616,8 @@ int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
 #endif
     ctx->rk = RK = ctx->buf;
 
-    /* Also checks keysize */
-    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keysize ) ) != 0 )
+    /* Also checks keybits */
+    if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
         goto exit;
 
     ctx->nr = cty.nr;
diff --git a/library/blowfish.c b/library/blowfish.c
index 84cf0d8e1..baa339304 100644
--- a/library/blowfish.c
+++ b/library/blowfish.c
@@ -173,18 +173,18 @@ void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx )
  * Blowfish key schedule
  */
 int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
-                     unsigned int keysize )
+                     unsigned int keybits )
 {
     unsigned int i, j, k;
     uint32_t data, datal, datar;
 
-    if( keysize < MBEDTLS_BLOWFISH_MIN_KEY || keysize > MBEDTLS_BLOWFISH_MAX_KEY ||
-        ( keysize % 8 ) )
+    if( keybits < MBEDTLS_BLOWFISH_MIN_KEY || keybits > MBEDTLS_BLOWFISH_MAX_KEY ||
+        ( keybits % 8 ) )
     {
         return( MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH );
     }
 
-    keysize >>= 3;
+    keybits >>= 3;
 
     for( i = 0; i < 4; i++ )
     {
@@ -199,7 +199,7 @@ int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char
         for( k = 0; k < 4; ++k )
         {
             data = ( data << 8 ) | key[j++];
-            if( j >= keysize )
+            if( j >= keybits )
                 j = 0;
         }
         ctx->P[i] = P[i] ^ data;
diff --git a/library/camellia.c b/library/camellia.c
index c9df94a33..83e8e78bb 100644
--- a/library/camellia.c
+++ b/library/camellia.c
@@ -341,7 +341,7 @@ void mbedtls_camellia_free( mbedtls_camellia_context *ctx )
  * Camellia key schedule (encryption)
  */
 int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keysize )
+                         unsigned int keybits )
 {
     int idx;
     size_t i;
@@ -356,7 +356,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
     memset( t, 0, 64 );
     memset( RK, 0, sizeof(ctx->rk) );
 
-    switch( keysize )
+    switch( keybits )
     {
         case 128: ctx->nr = 3; idx = 0; break;
         case 192:
@@ -364,10 +364,10 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
         default : return( MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH );
     }
 
-    for( i = 0; i < keysize / 8; ++i )
+    for( i = 0; i < keybits / 8; ++i )
         t[i] = key[i];
 
-    if( keysize == 192 ) {
+    if( keybits == 192 ) {
         for( i = 0; i < 8; i++ )
             t[24 + i] = ~t[16 + i];
     }
@@ -403,7 +403,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
     camellia_feistel( KC + 8, SIGMA[2], KC + 10 );
     camellia_feistel( KC + 10, SIGMA[3], KC + 8 );
 
-    if( keysize > 128 ) {
+    if( keybits > 128 ) {
         /* Generate KB */
         for( i = 0; i < 4; ++i )
             KC[12 + i] = KC[4 + i] ^ KC[8 + i];
@@ -420,7 +420,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
     SHIFT_AND_PLACE( idx, 0 );
 
     /* Manipulating KR */
-    if( keysize > 128 ) {
+    if( keybits > 128 ) {
         SHIFT_AND_PLACE( idx, 1 );
     }
 
@@ -428,7 +428,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
     SHIFT_AND_PLACE( idx, 2 );
 
     /* Manipulating KB */
-    if( keysize > 128 ) {
+    if( keybits > 128 ) {
         SHIFT_AND_PLACE( idx, 3 );
     }
 
@@ -446,7 +446,7 @@ int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned c
  * Camellia key schedule (decryption)
  */
 int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
-                         unsigned int keysize )
+                         unsigned int keybits )
 {
     int idx, ret;
     size_t i;
@@ -456,8 +456,8 @@ int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned c
 
     mbedtls_camellia_init( &cty );
 
-    /* Also checks keysize */
-    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keysize ) ) != 0 )
+    /* Also checks keybits */
+    if( ( ret = mbedtls_camellia_setkey_enc( &cty, key, keybits ) ) != 0 )
         goto exit;
 
     ctx->nr = cty.nr;
diff --git a/library/ccm.c b/library/ccm.c
index aa2d6754b..0727a178b 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -69,12 +69,12 @@ void mbedtls_ccm_init( mbedtls_ccm_context *ctx )
 int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
                         mbedtls_cipher_id_t cipher,
                         const unsigned char *key,
-                        unsigned int keysize )
+                        unsigned int keybits )
 {
     int ret;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keysize, MBEDTLS_MODE_ECB );
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
@@ -86,7 +86,7 @@ int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
     if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
         return( ret );
 
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keysize,
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
                                MBEDTLS_ENCRYPT ) ) != 0 )
     {
         return( ret );
diff --git a/library/cipher.c b/library/cipher.c
index 43fec906b..0d869cf11 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -104,14 +104,14 @@ const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher
 }
 
 const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_length,
+                                              int key_bitlen,
                                               const mbedtls_cipher_mode_t mode )
 {
     const mbedtls_cipher_definition_t *def;
 
     for( def = mbedtls_cipher_definitions; def->info != NULL; def++ )
         if( def->info->base->cipher == cipher_id &&
-            def->info->key_length == (unsigned) key_length &&
+            def->info->key_length == (unsigned) key_bitlen &&
             def->info->mode == mode )
             return( def->info );
 
@@ -161,18 +161,18 @@ int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_in
 }
 
 int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
-        int key_length, const mbedtls_operation_t operation )
+        int key_bitlen, const mbedtls_operation_t operation )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
 
     if( ( ctx->cipher_info->flags & MBEDTLS_CIPHER_VARIABLE_KEY_LEN ) == 0 &&
-        (int) ctx->cipher_info->key_length != key_length )
+        (int) ctx->cipher_info->key_length != key_bitlen )
     {
         return( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
     }
 
-    ctx->key_length = key_length;
+    ctx->key_length = key_bitlen;
     ctx->operation = operation;
 
     /*
diff --git a/library/gcm.c b/library/gcm.c
index f84511ad0..c16578806 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -162,12 +162,12 @@ static int gcm_gen_table( mbedtls_gcm_context *ctx )
 int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
                         mbedtls_cipher_id_t cipher,
                         const unsigned char *key,
-                        unsigned int keysize )
+                        unsigned int keybits )
 {
     int ret;
     const mbedtls_cipher_info_t *cipher_info;
 
-    cipher_info = mbedtls_cipher_info_from_values( cipher, keysize, MBEDTLS_MODE_ECB );
+    cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
     if( cipher_info == NULL )
         return( MBEDTLS_ERR_GCM_BAD_INPUT );
 
@@ -179,7 +179,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
     if( ( ret = mbedtls_cipher_setup( &ctx->cipher_ctx, cipher_info ) ) != 0 )
         return( ret );
 
-    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keysize,
+    if( ( ret = mbedtls_cipher_setkey( &ctx->cipher_ctx, key, keybits,
                                MBEDTLS_ENCRYPT ) ) != 0 )
     {
         return( ret );