2025-08-05 21:11:11 +00:00
433 changed files with 5526 additions and 17536 deletions
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@ -1,5 +1,8 @@
 Notes:
-* Pull requests cannot be accepted until the PR follows the [contributing guidelines](../CONTRIBUTING.md). In particular, each commit must have at least one `Signed-off-by:` line from the committer to certify that the contribution is made under the terms of the [Developer Certificate of Origin](../dco.txt).
+* Pull requests cannot be accepted until:
 -  The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) 
   or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/)
 - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards)
 * This is just a template, so feel free to use/remove the unnecessary things
 ## Description
 A few sentences describing the overall goals of the pull request's commits.
--- a/.gitignore
+++ b/.gitignore
@ -40,5 +40,4 @@ massif-*
 /GSYMS
 /GTAGS
 /TAGS
 /cscope*.out
 /tags
--- a/.pylintrc
+++ b/.pylintrc
@ -40,27 +40,7 @@ max-attributes=15
 max-module-lines=2000
 [MESSAGES CONTROL]
-# * locally-disabled, locally-enabled: If we disable or enable a message
+disable=
 #   locally, it's by design. There's no need to clutter the Pylint output
 #   with this information.
 # * logging-format-interpolation: Pylint warns about things like
 #   ``log.info('...'.format(...))``. It insists on ``log.info('...', ...)``.
 #   This is of minor utility (mainly a performance gain when there are
 #   many messages that use formatting and are below the log level).
 #   Some versions of Pylint (including 1.8, which is the version on
 #   Ubuntu 18.04) only recognize old-style format strings using '%',
 #   and complain about something like ``log.info('{}', foo)`` with
 #   logging-too-many-args (Pylint supports new-style formatting if
 #   declared globally with logging_format_style under [LOGGING] but
 #   this requires Pylint >=2.2).
 # * no-else-return: Allow the perfectly reasonable idiom
 #    if condition1:
 #        return value1
 #    else:
 #        return value2
 # * unnecessary-pass: If we take the trouble of adding a line with "pass",
 #   it's because we think the code is clearer that way.
 disable=locally-disabled,locally-enabled,logging-format-interpolation,no-else-return,unnecessary-pass
 [REPORTS]
 # Don't diplay statistics. Just the facts.
--- a/.travis.yml
+++ b/.travis.yml
@ -1,64 +1,48 @@
 language: c
-compiler: gcc
+compiler:
 - clang
 - gcc
 sudo: false
 cache: ccache
-jobs:
+# blocklist
-  include:
+branches:
-    - name: basic checks and reference configurations
+  except:
-      addons:
+  - development-psa
-        apt:
+  - coverity_scan
          packages:
          - gnutls-bin
          - doxygen
          - graphviz
          - gcc-arm-none-eabi
          - libnewlib-arm-none-eabi
      language: python # Needed to get pip for Python 3
      python: 3.5 # version from Ubuntu 16.04
      install:
        - pip install pylint==2.4.4
      script:
        - tests/scripts/all.sh -k 'check_*'
        - tests/scripts/all.sh -k test_default_out_of_box
        - tests/scripts/test-ref-configs.pl
        - tests/scripts/all.sh -k build_arm_none_eabi_gcc_arm5vte build_arm_none_eabi_gcc_m0plus
    - name: full configuration
      script:
        - tests/scripts/all.sh -k test_full_cmake_gcc_asan
    - name: check compilation guards
      script:
        - tests/scripts/all.sh -k 'test_depends_*' 'build_key_exchanges'
    - name: macOS
      os: osx
      compiler: clang
      script:
        - tests/scripts/all.sh -k test_default_out_of_box
    - name: Windows
      os: windows
      script:
        - scripts/windows_msbuild.bat v141 # Visual Studio 2017
 script:
 - tests/scripts/recursion.pl library/*.c
 - tests/scripts/check-generated-files.sh
 - tests/scripts/check-doxy-blocks.pl
 - tests/scripts/check-names.sh
 - tests/scripts/check-files.py
 - tests/scripts/doxygen.sh
 - cmake -D CMAKE_BUILD_TYPE:String="Check" .
 - make
 - make test
 - programs/test/selftest
 - OSSL_NO_DTLS=1 tests/compat.sh
 - tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
 - tests/scripts/test-ref-configs.pl
 - tests/scripts/curves.pl
 - tests/scripts/key-exchanges.pl
 after_failure:
 - tests/scripts/travis-log-failure.sh
 env:
  global:
    - SEED=1
-    - secure: "FrI5d2s+ckckC17T66c8jm2jV6i2DkBPU5nyWzwbedjmEBeocREfQLd/x8yKpPzLDz7ghOvr+/GQvsPPn0dVkGlNzm3Q+hGHc/ujnASuUtGrcuMM+0ALnJ3k4rFr9xEvjJeWb4SmhJO5UCAZYvTItW4k7+bj9L+R6lt3TzQbXzg="
+    - secure: "barHldniAfXyoWOD/vcO+E6/Xm4fmcaUoC9BeKW+LwsHqlDMLvugaJnmLXkSpkbYhVL61Hzf3bo0KPJn88AFc5Rkf8oYHPjH4adMnVXkf3B9ghHCgznqHsAH3choo6tnPxaFgOwOYmLGb382nQxfE5lUdvnM/W/psQjWt66A1+k="
 addons:
  apt:
    packages:
-    - gnutls-bin
+    - doxygen
    - graphviz
  coverity_scan:
    project:
      name: "ARMmbed/mbedtls"
-    notification_email: support-mbedtls@arm.com
+    notification_email: simon.butcher@arm.com
    build_command_prepend:
    build_command: make
    branch_pattern: coverity_scan
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -8,7 +8,7 @@ endif()
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
-option(ENABLE_PROGRAMS "Build mbed TLS programs." OFF)
+option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
@ -21,7 +21,7 @@ string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
 if(CMAKE_COMPILER_IS_MSVC)
    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
 else()
-    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+    option(ENABLE_TESTING "Build mbed TLS tests." ON)
 endif()
 # Warning string - created as a list for compatibility with CMake 2.8
@ -157,9 +157,6 @@ if(CMAKE_COMPILER_IS_IAR)
 endif(CMAKE_COMPILER_IS_IAR)
 if(CMAKE_COMPILER_IS_MSVC)
    # Compile with UTF-8 encoding (REMOVE THIS COMMIT ONCE A FIX IS DEPLOYED UPSTREAM)
    add_compile_options(/utf-8)
    # Strictest warnings, and treat as errors
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -5,6 +5,11 @@ We gratefully accept bug reports and contributions from the community. There are
 - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
 - The contribution should not break API or ABI, unless there is a real justification for that. If there is an API change, the contribution, if accepted, will be merged only when there will be a major release.
 Contributor License Agreement (CLA)
 -----------------------------------
 - All contributions, whether large or small, require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
 - To accept the Contributor’s License Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
 Coding Standards
 ----------------
 - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions are fully tested before submission, as mentioned in the [Tests](#tests) and [Continuous Integration](#continuous-integration-tests) sections.
@ -14,13 +19,12 @@ Coding Standards
 Making a Contribution
 ---------------------
-1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls) around a feature idea or a bug.
+1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
 1. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the ["development" branch](https://github.com/ARMmbed/mbedtls/tree/development) as a basis.
 1. Write a test which shows that the bug was fixed or that the feature works as expected.
 1. Send a pull request (PR) and work with us until it gets merged and published. Contributions may need some modifications, so a few rounds of review and fixing may be necessary. We will include your name in the ChangeLog :)
 1. For quick merging, the contribution should be short, and concentrated on a single feature or topic. The larger the contribution is, the longer it would take to review it and merge it.
-1. All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
+1. Mbed TLS is released under the Apache license, and as such, all the added files should include the Apache license header.
 1. Ensure that each commit has at least one `Signed-off-by:` line from the committer. If anyone else contributes to the commit, they should also add their own `Signed-off-by:` line. By adding this line, contributor(s) certify that the contribution is made under the terms of the [Developer Certificate of Origin](dco.txt). The contribution licensing is described in the [License section of the README](README.md#License).
 API/ABI Compatibility
 ---------------------
@ -42,14 +46,18 @@ Mbed TLS maintains several LTS (Long Term Support) branches, which are maintaine
 When backporting to these branches please observe the following rules:
-1. Any change to the library which changes the API or ABI cannot be backported.
+ 1. Any change to the library which changes the API or ABI cannot be backported.
-1. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
+
-1. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
+ 2. All bug fixes that correct a defect that is also present in an LTS branch must be backported to that LTS branch. If a bug fix introduces a change to the API such as a new function, the fix should be reworked to avoid the API change. API changes without very strong justification are unlikely to be accepted.
 3. If a contribution is a new feature or enhancement, no backporting is required. Exceptions to this may be additional test cases or quality improvements such as changes to build or test scripts.
 It would be highly appreciated if contributions are backported to LTS branches in addition to the [development branch](https://github.com/ARMmbed/mbedtls/tree/development) by contributors.
 Currently maintained LTS branches are:
 1. [mbedtls-2.7](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.7)
 1. [mbedtls-2.16](https://github.com/ARMmbed/mbedtls/tree/mbedtls-2.16)
@ -76,7 +84,12 @@ Documentation
 Mbed TLS is well documented, but if you think documentation is needed, speak out!
 1. All interfaces should be documented through Doxygen. New APIs should introduce Doxygen documentation.
-1. Complex parts in the code should include comments.
+
-1. If needed, a Readme file is advised.
+2. Complex parts in the code should include comments.
-1. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
+
-1. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog.d/00README.md) entry should be added for this contribution.
+3. If needed, a Readme file is advised.
 4. If a [Knowledge Base (KB)](https://tls.mbed.org/kb) article should be added, write this as a comment in the PR description.
 5. A [ChangeLog](https://github.com/ARMmbed/mbedtls/blob/development/ChangeLog) entry should be added for this contribution.
--- a/272
+++ b/272
@ -1,277 +1,5 @@
 mbed TLS ChangeLog (Sorted per branch, date)
 = mbed TLS 2.16.10 branch released 2021-03-12
 Default behavior changes
   * In mbedtls_rsa_context objects, the ver field was formerly documented
     as always 0. It is now reserved for internal purposes and may take
     different values.
 Security
   * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
     |A| - |B| where |B| is larger than |A| and has more limbs (so the
     function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
     applications calling mbedtls_mpi_sub_abs() directly are affected:
     all calls inside the library were safe since this function is
     only called with |A| >= |B|. Reported by Guido Vranken in #4042.
   * Fix an errorneous estimation for an internal buffer in
     mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
     value the function might fail to write a private RSA keys of the largest
     supported size.
     Found by Daniel Otte, reported in #4093 and fixed in #4094,
     backported in #4100.
   * Fix a stack buffer overflow with mbedtls_net_poll() and
     mbedtls_net_recv_timeout() when given a file descriptor that is
     beyond FD_SETSIZE. Reported by FigBug in #4169.
   * Guard against strong local side channel attack against base64 tables by
     making access aceess to them use constant flow code.
 Bugfix
   * Fix an incorrect error code if an RSA private operation glitched.
   * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
     is enabled, on platforms where initializing a mutex allocates resources.
     This was a regression introduced in the previous release. Reported in
     #4017, #4045 and #4071.
   * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
     twice is safe. This happens for RSA when some Mbed TLS library functions
     fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
     enabled on platforms where freeing a mutex twice is not safe.
   * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
     when MBEDTLS_THREADING_C is enabled on platforms where initializing
     a mutex allocates resources.
   * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
     consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
     include this extension in all CA certificates that contain public keys
     used to validate digital signatures on certificates and MUST mark the
     extension as critical in such certificates." Previous to this change,
     the extension was always marked as non-critical. This was fixed by
     #4044.
 = mbed TLS 2.16.9 branch released 2020-12-11
 Security
   * Limit the size of calculations performed by mbedtls_mpi_exp_mod to
     MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
     generating Diffie-Hellman key pairs. Credit to OSS-Fuzz.
   * A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
     which is how most uses of randomization in asymmetric cryptography
     (including key generation, intermediate value randomization and blinding)
     are implemented. This could cause failures or the silent use of non-random
     values. A random generator can fail if it needs reseeding and cannot not
     obtain entropy, or due to an internal failure (which, for Mbed TLS's own
     CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
   * Fix a compliance issue whereby we were not checking the tag on the
     algorithm parameters (only the size) when comparing the signature in the
     description part of the cert to the real signature. This meant that a
     NULL algorithm parameters entry would look identical to an array of REAL
     (size zero) to the library and thus the certificate would be considered
     valid. However, if the parameters do not match in *any* way then the
     certificate should be considered invalid, and indeed OpenSSL marks these
     certs as invalid when mbedtls did not.
     Many thanks to guidovranken who found this issue via differential fuzzing
     and reported it in #3629.
   * Zeroising of local buffers and variables which are used for calculations
     in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
     mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
     functions to erase sensitive data from memory. Reported by
     Johan Malmgren and Johan Uppman Bruce from Sectra.
 Bugfix
   * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
     when the input has trailing garbage. Fixes #2512.
   * Fix rsa_prepare_blinding() to retry when the blinding value is not
     invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
     addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
     Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
     Fixes #3647.
   * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
     Fix #3432.
   * Correct the default IV size for mbedtls_cipher_info_t structures using
     MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
   * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
     defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.
   * Fix build failures on GCC 11. Fixes #3782.
   * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
     (an error condition) and the second operand was aliased to the result.
   * Fix a case in elliptic curve arithmetic where an out-of-memory condition
     could go undetected, resulting in an incorrect result.
   * In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
     Fixes #2927.
   * In PEM writing functions, fill the trailing part of the buffer with null
     bytes. This guarantees that the corresponding parsing function can read
     the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
     until this property was inadvertently broken in Mbed TLS 2.19.0.
     Fixes #3682.
   * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
     option on. In this configuration key management methods that are required
     for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
     Fixes #3818. Reported by John Stroebel.
 Changes
   * Reduce stack usage significantly during sliding window exponentiation.
     Reported in #3591 and fix contributed in #3592 by Daniel Otte.
   * Remove the zeroization of a pointer variable in AES rounds. It was valid
     but spurious and misleading since it looked like a mistaken attempt to
     zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
     Leti, France.
 = mbed TLS 2.16.8 branch released 2020-09-01
 Features
   * Support building on e2k (Elbrus) architecture: correctly enable
     -Wformat-signedness, and fix the code that causes signed-one-bit-field
     and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
     <akemi_homura@kurisa.ch>.
 Security
   * When checking X.509 CRLs, a certificate was only considered as revoked if
     its revocationDate was in the past according to the local clock if
     available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
     certificates were never considered as revoked. On builds with
     MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
     example, an untrusted OS attacking a secure enclave) could prevent
     revocation of certificates via CRLs. Fixed by no longer checking the
     revocationDate field, in accordance with RFC 5280. Reported by
     yuemonangong in #3340. Reported independently and fixed by
     Raoul Strackx and Jethro Beekman in #3433.
   * In (D)TLS record decryption, when using a CBC ciphersuites without the
     Encrypt-then-Mac extension, use constant code flow memory access patterns
     to extract and check the MAC. This is an improvement to the existing
     countermeasure against Lucky 13 attacks. The previous countermeasure was
     effective against network-based attackers, but less so against local
     attackers. The new countermeasure defends against local attackers, even
     if they have access to fine-grained measurements. In particular, this
     fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
     Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
     (University of Florida) and Dave Tian (Purdue University).
   * Fix side channel in RSA private key operations and static (finite-field)
     Diffie-Hellman. An adversary with precise enough timing and memory access
     information (typically an untrusted operating system attacking a secure
     enclave) could bypass an existing counter-measure (base blinding) and
     potentially fully recover the private key.
   * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
     Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
     for pinpointing the problematic code.
   * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
     application data from memory. Reported in #689 by
     Johan Uppman Bruce of Sectra.
 Bugfix
   * Avoid use of statically sized stack buffers for certificate writing.
     This previously limited the maximum size of DER encoded certificates
     in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
   * Reduce the stack consumption of mbedtls_x509write_csr_der() which
     previously could lead to stack overflow on constrained devices.
     Contributed by Doru Gucea and Simon Leet in #3464.
   * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
     lower bits. Fix contributed in #3540.
   * Fix building library/net_sockets.c and the ssl_mail_client program on
     NetBSD. NetBSD conditionals were added for the backport to avoid the risk
     of breaking a platform. Original fix contributed by Nia Alarie in #3422.
     Adapted for long-term support branch 2.16 in #3558.
   * Fix bug in redirection of unit test outputs on platforms where stdout is
     defined as a macro. First reported in #2311 and fix contributed in #3528.
     Adopted for LTS branch 2.16 in #3601.
 Changes
   * Update copyright notices to use Linux Foundation guidance. As a result,
     the copyright of contributors other than Arm is now acknowledged, and the
     years of publishing are no longer tracked in the source files. This also
     eliminates the need for the lines declaring the files to be part of
     MbedTLS. Fixes #3457.
 = mbed TLS 2.16.7 branch released 2020-07-01
 Security
   * Fix a side channel vulnerability in modular exponentiation that could
     reveal an RSA private key used in a secure enclave. Noticed by Sangho Lee,
     Ming-Wei Shih, Prasun Gera, Taesoo Kim and Hyesoon Kim (Georgia Institute
     of Technology); and Marcus Peinado (Microsoft Research). Reported by Raoul
     Strackx (Fortanix) in #3394.
   * Fix side channel in mbedtls_ecp_check_pub_priv() and
     mbedtls_pk_parse_key() / mbedtls_pk_parse_keyfile() (when loading a
     private key that didn't include the uncompressed public key), as well as
     mbedtls_ecp_mul() / mbedtls_ecp_mul_restartable() when called with a NULL
     f_rng argument. An attacker with access to precise enough timing and
     memory access information (typically an untrusted operating system
     attacking a secure enclave) could fully recover the ECC private key.
     Found and reported by Alejandro Cabrera Aldaya and Billy Brumley.
   * Fix issue in Lucky 13 counter-measure that could make it ineffective when
     hardware accelerators were used (using one of the MBEDTLS_SHAxxx_ALT
     macros). This would cause the original Lucky 13 attack to be possible in
     those configurations, allowing an active network attacker to recover
     plaintext after repeated timing measurements under some conditions.
     Reported and fix suggested by Luc Perneel in #3246.
 Bugfix
   * Fix the Visual Studio Release x64 build configuration for mbedtls itself.
     Completes a previous fix in Mbed TLS 2.16.3 that only fixed the build for
     the example programs. Reported in #1430 and fix contributed by irwir.
   * Fix undefined behavior in X.509 certificate parsing if the
     pathLenConstraint basic constraint value is equal to INT_MAX.
     The actual effect with almost every compiler is the intended
     behavior, so this is unlikely to be exploitable anywhere. #3197
   * Include asn1.h in error.c. Fixes #3328 reported by David Hu.
   * Fix potential memory leaks in ecp_randomize_jac() and ecp_randomize_mxz()
     when PRNG function fails. Contributed by Jonas Lejeune in #3318.
   * Add additional bounds checks in ssl_write_client_hello() preventing
     output buffer overflow if the configuration declared a buffer that was
     too small.
 Changes
   * Unify the example programs termination to call mbedtls_exit() instead of
     using a return command. This has been done to enable customization of the
     behavior in bare metal environments.
   * Abort the ClientHello writing function as soon as some extension doesn't
     fit into the record buffer. Previously, such extensions were silently
     dropped. As a consequence, the TLS handshake now fails when the output
     buffer is not large enough to hold the ClientHello.
   * The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
     `MBEDTLS_CTR_DRBG_C`, `MBEDTLS_HMAC_DRBG_C`, `MBEDTLS_SHA512_C` or
     `MBEDTLS_SHA256_C` for some side-channel coutermeasures. If side channels
     are not a concern, this dependency can be avoided by enabling the new
     option `MBEDTLS_ECP_NO_INTERNAL_RNG`.
 = mbed TLS 2.16.6 branch released 2020-04-14
 Security
   * Fix side channel in ECC code that allowed an adversary with access to
     precise enough timing and memory access information (typically an
     untrusted operating system attacking a secure enclave) to fully recover
     an ECDSA private key. Found and reported by Alejandro Cabrera Aldaya,
     Billy Brumley and Cesar Pereida Garcia. CVE-2020-10932
   * Fix a potentially remotely exploitable buffer overread in a
     DTLS client when parsing the Hello Verify Request message.
 Bugfix
   * Fix compilation failure when both MBEDTLS_SSL_PROTO_DTLS and
     MBEDTLS_SSL_HW_RECORD_ACCEL are enabled.
   * Fix a function name in a debug message. Contributed by Ercan Ozturk in
     #3013.
 = mbed TLS 2.16.5 branch released 2020-02-20
 Security
   * Fix potential memory overread when performing an ECDSA signature
     operation. The overread only happens with cryptographically low
     probability (of the order of 2^-n where n is the bitsize of the curve)
     unless the RNG is broken, and could result in information disclosure or
     denial of service (application crash or extra resource consumption).
     Found by Auke Zeilstra and Peter Schwabe, using static analysis.
   * To avoid a side channel vulnerability when parsing an RSA private key,
     read all the CRT parameters from the DER structure rather than
     reconstructing them. Found by Alejandro Cabrera Aldaya and Billy Bob
     Brumley. Reported and fix contributed by Jack Lloyd.
     ARMmbed/mbed-crypto#352
 Bugfix
   * Fix an unchecked call to mbedtls_md() in the x509write module.
   * Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
     RSA keys that would later be rejected by functions expecting private
     keys. Found by Catena cyber using oss-fuzz (issue 20467).
   * Fix a bug in mbedtls_pk_parse_key() that would cause it to accept some
     RSA keys with invalid values by silently fixing those values.
 = mbed TLS 2.16.4 branch released 2020-01-15
 Security
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@ -1,88 +0,0 @@
 # Pending changelog entry directory
 This directory contains changelog entries that have not yet been merged
 to the changelog file ([`../ChangeLog`](../ChangeLog)).
 ## What requires a changelog entry?
 Write a changelog entry if there is a user-visible change. This includes:
 * Bug fixes in the library or in sample programs: fixing a security hole,
  fixing broken behavior, fixing the build in some configuration or on some
  platform, etc.
 * New features in the library, new sample programs, or new platform support.
 * Changes in existing behavior. These should be rare. Changes in features
  that are documented as experimental may or may not be announced, depending
  on the extent of the change and how widely we expect the feature to be used.
 We generally don't include changelog entries for:
 * Documentation improvements.
 * Performance improvements, unless they are particularly significant.
 * Changes to parts of the code base that users don't interact with directly,
  such as test code and test data.
 Until Mbed TLS 2.16.8, we required changelog entries in more cases.
 Looking at older changelog entries is good practice for how to write a
 changelog entry, but not for deciding whether to write one.
 ## Changelog entry file format
 A changelog entry file must have the extension `*.txt` and must have the
 following format:
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Security
   * Change description.
   * Another change description.
 Features
   * Yet another change description. This is a long change description that
     spans multiple lines.
   * Yet again another change description.
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The permitted changelog entry categories are as follows:
 <!-- Keep this synchronized with STANDARD_CATEGORIES in assemble_changelog.py! -->
    API changes
    Default behavior changes
    Requirement changes
    New deprecations
    Removals
    Features
    Security
    Bugfix
    Changes
 Use “Changes” for anything that doesn't fit in the other categories.
 ## How to write a changelog entry
 Each entry starts with three spaces, an asterisk and a space. Continuation
 lines start with 5 spaces. Lines wrap at 79 characters.
 Write full English sentences with proper capitalization and punctuation. Use
 the present tense. Use the imperative where applicable. For example: “Fix a
 bug in mbedtls_xxx() ….”
 Include GitHub issue numbers where relevant. Use the format “#1234” for an
 Mbed TLS issue. Add other external references such as CVE numbers where
 applicable.
 Credit bug reporters where applicable.
 **Explain why, not how**. Remember that the audience is the users of the
 library, not its developers. In particular, for a bug fix, explain the
 consequences of the bug, not how the bug was fixed. For a new feature, explain
 why one might be interested in the feature. For an API change or a deprecation,
 explain how to update existing applications.
 See [existing entries](../ChangeLog) for examples.
 ## How `ChangeLog` is updated
 Run [`../scripts/assemble_changelog.py`](../scripts/assemble_changelog.py)
 from a Git working copy
 to move the entries from files in `ChangeLog.d` to the main `ChangeLog` file.
--- a/ChangeLog.d/add-missing-parenthesis.txt
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@ -1,3 +0,0 @@
 Bugfix
   * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
     defined. Fixes #4217.
--- a/ChangeLog.d/aescrypt2.txt
+++ b/ChangeLog.d/aescrypt2.txt
@ -1,3 +0,0 @@
 Changes
   * Remove the AES sample application programs/aes/aescrypt2 which shows
     bad cryptographic practice. Fix #1906.
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ b/ChangeLog.d/bugfix_PR3616.txt
@ -1,5 +0,0 @@
 Bugfix
   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
     lead to the seed file corruption in case if the path to the seed file is
     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
     Krasnoshchok in #3616.
--- a/ChangeLog.d/dhm_min_bitlen.txt
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@ -1,4 +0,0 @@
 Bugfix
   * In a TLS client, enforce the Diffie-Hellman minimum parameter size
     set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
     minimum size was rounded down to the nearest multiple of 8.
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ b/ChangeLog.d/dtls_sample_use_read_timeout.txt
@ -1,2 +0,0 @@
 Changes
   * Fix the setting of the read timeout in the DTLS sample programs.
--- a/ChangeLog.d/fix-pk-parse-key-error-code.txt
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@ -1,2 +0,0 @@
 Bugfix
   * Fix an incorrect error code when parsing a PKCS#8 private key.
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ b/ChangeLog.d/mpi_read_negative_zero.txt
@ -1,3 +0,0 @@
 Bugfix
   * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
     as equal to 0 in all cases. Fix it to produce the same object as "0".
--- a/7
+++ b/7
@ -1,5 +1,2 @@
-Unless specifically indicated otherwise in a file, Mbed TLS files are provided
+Unless specifically indicated otherwise in a file, files are licensed
-under the Apache License 2.0, or the GNU General Public License v2.0 or later
+under the Apache 2.0 license, as can be found in: apache-2.0.txt
 (SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later).
 A copy of these licenses can be found in apache-2.0.txt and gpl-2.0.txt
--- a/19
+++ b/19
@ -106,11 +106,11 @@ covtest:
 lcov:
 	rm -rf Coverage
 	lcov --capture --initial --directory library -o files.info
-	lcov --rc lcov_branch_coverage=1 --capture --directory library -o tests.info
+	lcov --capture --directory library -o tests.info
-	lcov --rc lcov_branch_coverage=1 --add-tracefile files.info --add-tracefile tests.info -o all.info
+	lcov --add-tracefile files.info --add-tracefile tests.info -o all.info
-	lcov --rc lcov_branch_coverage=1 --remove all.info -o final.info '*.h'
+	lcov --remove all.info -o final.info '*.h'
 	gendesc tests/Descriptions.txt -o descriptions
-	genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --branch-coverage -o Coverage final.info
+	genhtml --title "mbed TLS" --description-file descriptions --keep-descriptions --legend --no-branch-coverage -o Coverage final.info
 	rm -f files.info tests.info all.info final.info descriptions
 apidoc:
@ -123,16 +123,9 @@ endif
 ## Editor navigation files
 C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
 # Exuberant-ctags invocation. Other ctags implementations may require different options.
 CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o
 tags: $(C_SOURCE_FILES)
-	$(CTAGS) $@ $(C_SOURCE_FILES)
+	ctags -o $@ $(C_SOURCE_FILES)
 TAGS: $(C_SOURCE_FILES)
-	etags --no-line-directive -o $@ $(C_SOURCE_FILES)
+	etags -o $@ $(C_SOURCE_FILES)
 global: GPATH GRTAGS GSYMS GTAGS
 GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
 	ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
 cscope: cscope.in.out cscope.po.out cscope.out
 cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
 	cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
 .PHONY: cscope global
--- a/README.md
+++ b/README.md
@ -1,8 +1,6 @@
 README for Mbed TLS
 ===================
 Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. Its small code footprint makes it suitable for embedded systems.
 Configuration
 -------------
@ -169,12 +167,21 @@ Mbed TLS can be ported to many different architectures, OS's and platforms. Befo
 -   [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
 -   [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
 License
 -------
 Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) OR [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. A copy of these licenses can be found in [apache-2.0.txt](./apache-2.0.txt) and [gpl-2.0.txt](./gpl-2.0.txt). Contributors must accept that their contributions are made under both the Apache-2.0 AND GPL-2.0-or-later licenses.
 Contributing
 ------------
-We gratefully accept bug reports and contributions from the community. Please see the [contributing guidelines](CONTRIBUTING.md) for details on how to do this.
+We gratefully accept bug reports and contributions from the community. There are some requirements we need to fulfill in order to be able to integrate contributions:
 -   All contributions, whether large or small require a Contributor's License Agreement (CLA) to be accepted. This is because source code can possibly fall under copyright law and we need your consent to share in the ownership of the copyright.
 -   We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
 -   As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
 To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
 ### Making a Contribution
 1.  [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://forums.mbed.com/c/mbed-tls) around a feature idea or a bug.
 2.  Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
 3.  Write a test which shows that the bug was fixed or that the feature works as expected.
 4.  Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@ -4,14 +4,8 @@
 * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
 * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@ -4,14 +4,8 @@
 * \brief Minimal configuration for TLS 1.1 (RFC 4346)
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
 * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@ -4,14 +4,8 @@
 * \brief Minimal configuration of features that do not require an entropy source
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
 * Minimal configuration of features that do not require an entropy source
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@ -4,14 +4,8 @@
 * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@ -4,14 +4,8 @@
 * \brief Minimal configuration for using TLS as part of Thread
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
--- a/dco.txt
+++ b/dco.txt
@ -1,37 +0,0 @@
 Developer Certificate of Origin
 Version 1.1
 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
 1 Letterman Drive
 Suite D4700
 San Francisco, CA, 94129
 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
 Developer's Certificate of Origin 1.1
 By making a contribution to this project, I certify that:
 (a) The contribution was created in whole or in part by me and I
    have the right to submit it under the open source license
    indicated in the file; or
 (b) The contribution is based upon previous work that, to the best
    of my knowledge, is covered under an appropriate open source
    license and I have the right under that license to submit that
    work with modifications, whether created in whole or in part
    by me, under the same open source license (unless I am
    permitted to submit under a different license), as indicated
    in the file; or
 (c) The contribution was provided directly to me by some other
    person who certified (a), (b) or (c) and I have not modified
    it.
 (d) I understand and agree that this project and the contribution
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
    this project or the open source license(s) involved.
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/input/doc_hashing.h
+++ b/doxygen/input/doc_hashing.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,30 +20,11 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
- * @mainpage mbed TLS v2.16.10 source code documentation
+ * @mainpage mbed TLS v2.16.3 source code documentation
 *
 * This documentation describes the internal structure of mbed TLS.  It was
 * automatically generated from specially formatted comment blocks in
--- a/doxygen/input/doc_rng.h
+++ b/doxygen/input/doc_rng.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/input/doc_ssltls.h
+++ b/doxygen/input/doc_ssltls.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/input/doc_tcpip.h
+++ b/doxygen/input/doc_tcpip.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/input/doc_x509.h
+++ b/doxygen/input/doc_x509.h
@ -5,14 +5,8 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /**
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.
-PROJECT_NAME           = "mbed TLS v2.16.10"
+PROJECT_NAME           = "mbed TLS v2.16.3"
 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
--- a/gpl-2.0.txt
+++ b/gpl-2.0.txt
@ -1,339 +0,0 @@
                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
                            Preamble
  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
 License is intended to guarantee your freedom to share and change free
 software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
 the GNU Lesser General Public License instead.)  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
 have the freedom to distribute copies of free software (and charge for
 this service if you wish), that you receive source code or can get it
 if you want it, that you can change the software or use pieces of it
 in new free programs; and that you know you can do these things.
  To protect your rights, we need to make restrictions that forbid
 anyone to deny you these rights or to ask you to surrender the rights.
 These restrictions translate to certain responsibilities for you if you
 distribute copies of the software, or if you modify it.
  For example, if you distribute copies of such a program, whether
 gratis or for a fee, you must give the recipients all the rights that
 you have.  You must make sure that they, too, receive or can get the
 source code.  And you must show them these terms so they know their
 rights.
  We protect your rights with two steps: (1) copyright the software, and
 (2) offer you this license which gives you legal permission to copy,
 distribute and/or modify the software.
  Also, for each author's protection and ours, we want to make certain
 that everyone understands that there is no warranty for this free
 software.  If the software is modified by someone else and passed on, we
 want its recipients to know that what they have is not the original, so
 that any problems introduced by others will not reflect on the original
 authors' reputations.
  Finally, any free program is threatened constantly by software
 patents.  We wish to avoid the danger that redistributors of a free
 program will individually obtain patent licenses, in effect making the
 program proprietary.  To prevent this, we have made it clear that any
 patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
                    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
 a notice placed by the copyright holder saying it may be distributed
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
 running the Program is not restricted, and the output from the Program
 is covered only if its contents constitute a work based on the
 Program (independent of having been made by running the Program).
 Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
 source code as you receive it, in any medium, provided that you
 conspicuously and appropriately publish on each copy an appropriate
 copyright notice and disclaimer of warranty; keep intact all the
 notices that refer to this License and to the absence of any warranty;
 and give any other recipients of the Program a copy of this License
 along with the Program.
 You may charge a fee for the physical act of transferring a copy, and
 you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
 of it, thus forming a work based on the Program, and copy and
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
 themselves, then this License, and its terms, do not apply to those
 sections when you distribute them as separate works.  But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest
 your rights to work written entirely by you; rather, the intent is to
 exercise the right to control the distribution of derivative or
 collective works based on the Program.
 In addition, mere aggregation of another work not based on the Program
 with the Program (or with a work based on the Program) on a volume of
 a storage or distribution medium does not bring the other work under
 the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
 under Section 2) in object code or executable form under the terms of
 Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
 The source code for a work means the preferred form of the work for
 making modifications to it.  For an executable work, complete source
 code means all the source code for all modules it contains, plus any
 associated interface definition files, plus the scripts used to
 control compilation and installation of the executable.  However, as a
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
 If distribution of executable or object code is made by offering
 access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
 void, and will automatically terminate your rights under this License.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
  5. You are not required to accept this License, since you have not
 signed it.  However, nothing else grants you permission to modify or
 distribute the Program or its derivative works.  These actions are
 prohibited by law if you do not accept this License.  Therefore, by
 modifying or distributing the Program (or any work based on the
 Program), you indicate your acceptance of this License to do so, and
 all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
  6. Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the
 original licensor to copy, distribute or modify the Program subject to
 these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties to
 this License.
  7. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot
 distribute so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you
 may not distribute the Program at all.  For example, if a patent
 license would not permit royalty-free redistribution of the Program by
 all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under
 any particular circumstance, the balance of the section is intended to
 apply and the section as a whole is intended to apply in other
 circumstances.
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
 such claims; this section has the sole purpose of protecting the
 integrity of the free software distribution system, which is
 implemented by public license practices.  Many people have made
 generous contributions to the wide range of software distributed
 through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing
 to distribute software through any other system and a licensee cannot
 impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
 may add an explicit geographical distribution limitation excluding
 those countries, so that distribution is permitted only in or among
 countries not thus excluded.  In such case, this License incorporates
 the limitation as if written in the body of this License.
  9. The Free Software Foundation may publish revised and/or new versions
 of the General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 Each version is given a distinguishing version number.  If the Program
 specifies a version number of this License which applies to it and "any
 later version", you have the option of following the terms and conditions
 either of that version or of any later version published by the Free
 Software Foundation.  If the Program does not specify a version number of
 this License, you may choose any version ever published by the Free Software
 Foundation.
  10. If you wish to incorporate parts of the Program into other free
 programs whose distribution conditions are different, write to the author
 to ask for permission.  For software which is copyrighted by the Free
 Software Foundation, write to the Free Software Foundation; we sometimes
 make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
                            NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
                     END OF TERMS AND CONDITIONS
            How to Apply These Terms to Your New Programs
  If you develop a new program, and you want it to be of the greatest
 possible use to the public, the best way to achieve this is to make it
 free software which everyone can redistribute and change under these terms.
  To do so, attach the following notices to the program.  It is safest
 to attach them to the start of each source file to most effectively
 convey the exclusion of warranty; and each file should have at least
 the "copyright" line and a pointer to where the full notice is found.
    <one line to give the program's name and a brief idea of what it does.>
    Copyright (C) <year>  <name of author>
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License along
    with this program; if not, write to the Free Software Foundation, Inc.,
    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 Also add information on how to contact you by electronic and paper mail.
 If the program is interactive, make it output a short notice like this
 when it starts in an interactive mode:
    Gnomovision version 69, Copyright (C) year name of author
    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
    This is free software, and you are welcome to redistribute it
    under certain conditions; type `show c' for details.
 The hypothetical commands `show w' and `show c' should show the appropriate
 parts of the General Public License.  Of course, the commands you use may
 be called something other than `show w' and `show c'; they could even be
 mouse-clicks or menu items--whatever suits your program.
 You should also get your employer (if you work as a programmer) or your
 school, if any, to sign a "copyright disclaimer" for the program, if
 necessary.  Here is a sample; alter the names:
  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
  `Gnomovision' (which makes passes at compilers) written by James Hacker.
  <signature of Ty Coon>, 1 April 1989
  Ty Coon, President of Vice
 This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
 Public License instead of this License.
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@ -20,15 +20,8 @@
 *          <https://ieeexplore.ieee.org/servlet/opac?punumber=4375278>.
 */
-/*
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -42,26 +35,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_AES_H
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@ -7,14 +7,8 @@
 *          functions; you must not call them directly.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_AESNI_H
 #define MBEDTLS_AESNI_H
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@ -7,14 +7,8 @@
 *            security risk. We recommend considering stronger ciphers instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 *
 */
 #ifndef MBEDTLS_ARC4_H
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@ -9,15 +9,8 @@
 *        Korean, but see http://210.104.33.10/ARIA/index-e.html in English)
 *        and also described by the IETF in <em>RFC 5794</em>.
 */
-/*
+/*  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -31,26 +24,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ARIA_H
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@ -4,14 +4,8 @@
 * \brief Generic ASN.1 parsing
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ASN1_H
 #define MBEDTLS_ASN1_H
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@ -4,14 +4,8 @@
 * \brief ASN.1 buffer writing functionality
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ASN1_WRITE_H
 #define MBEDTLS_ASN1_WRITE_H
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@ -4,14 +4,8 @@
 * \brief RFC 1521 base64 encoding/decoding
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_BASE64_H
 #define MBEDTLS_BASE64_H
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@ -4,14 +4,8 @@
 * \brief Multi-precision integer library
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_BIGNUM_H
 #define MBEDTLS_BIGNUM_H
@ -88,12 +63,12 @@
 * Maximum window size used for modular exponentiation. Default: 6
 * Minimum value: 1. Maximum value: 6.
 *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
 * for the sliding window calculation. (So 64 by default)
 *
 * Reduction in size, reduces speed.
 */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum window size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */
 #if !defined(MBEDTLS_MPI_MAX_SIZE)
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@ -4,14 +4,8 @@
 * \brief Blowfish block cipher
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_BLOWFISH_H
 #define MBEDTLS_BLOWFISH_H
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@ -4,14 +4,8 @@
 * \brief Multi-precision integer library
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
 *      Multiply source vector [s] with b, add result
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@ -4,14 +4,8 @@
 * \brief Camellia block cipher
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CAMELLIA_H
 #define MBEDTLS_CAMELLIA_H
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@ -28,14 +28,8 @@
 * consistent with RFC 3610.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -49,26 +43,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CCM_H
@ -175,7 +150,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
 *                  than zero, \p output must be a writable buffer of at least
 *                  that length.
 * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
+ *                  readable buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the authentication field to generate in Bytes:
 *                  4, 6, 8, 10, 12, 14 or 16.
 *
@ -220,7 +195,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
 *                  than zero, \p output must be a writable buffer of at least
 *                  that length.
 * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
+ *                  readable buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the authentication field to generate in Bytes:
 *                  0, 4, 6, 8, 10, 12, 14 or 16.
 *
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@ -4,14 +4,8 @@
 * \brief Sample certificates and DHM parameters for testing
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CERTS_H
 #define MBEDTLS_CERTS_H
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@ -12,15 +12,8 @@
 * \author Daniel King <damaki.gh@gmail.com>
 */
-/*
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -34,26 +27,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CHACHA20_H
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@ -12,15 +12,8 @@
 * \author Daniel King <damaki.gh@gmail.com>
 */
-/*
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -34,26 +27,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CHACHAPOLY_H
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -4,14 +4,8 @@
 * \brief Consistency checks for configuration options
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
@ -165,16 +140,6 @@
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_ECP_C) && !(            \
    defined(MBEDTLS_ECP_ALT) ||             \
    defined(MBEDTLS_CTR_DRBG_C) ||          \
    defined(MBEDTLS_HMAC_DRBG_C) ||         \
    defined(MBEDTLS_SHA512_C) ||            \
    defined(MBEDTLS_SHA256_C) ||            \
    defined(MBEDTLS_ECP_NO_INTERNAL_RNG))
 #error "MBEDTLS_ECP_C requires a DRBG or SHA-2 module unless MBEDTLS_ECP_NO_INTERNAL_RNG is defined or an alternative implementation is used"
 #endif
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
 #error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
 #endif
@ -197,16 +162,6 @@
 #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
 #endif
 #if defined(__has_feature)
 #if __has_feature(memory_sanitizer)
 #define MBEDTLS_HAS_MEMSAN
 #endif
 #endif
 #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) &&  !defined(MBEDTLS_HAS_MEMSAN)
 #error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
 #endif
 #undef MBEDTLS_HAS_MEMSAN
 #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
@ -591,23 +546,6 @@
 #error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
 #endif
 #if (defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) ||  \
     defined(MBEDTLS_SSL_PROTO_TLS1_1) || defined(MBEDTLS_SSL_PROTO_TLS1_2)) && \
    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \
      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \
      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                          \
      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                      \
      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                      \
      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                    \
      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
 #error "One or more versions of the TLS protocol are enabled " \
        "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
 #endif
 #if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
    !defined(MBEDTLS_SSL_PROTO_TLS1_1)  && \
    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
@ -731,10 +669,6 @@
 #error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_CERTS_C) && !defined(MBEDTLS_X509_USE_C)
 #error "MBEDTLS_CERTS_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
 #error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
 #endif
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@ -8,14 +8,8 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CIPHER_H
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@ -6,14 +6,8 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CIPHER_WRAP_H
 #define MBEDTLS_CIPHER_WRAP_H
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -7,14 +7,8 @@
 * Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CMAC_H
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@ -7,14 +7,8 @@
 * \deprecated Use the new names directly instead
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #if !defined(MBEDTLS_CONFIG_FILE)
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -8,14 +8,8 @@
 *  memory footprint.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CONFIG_H
@ -549,42 +524,6 @@
 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
 /**
 * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
 *
 * Enable testing of the constant-flow nature of some sensitive functions with
 * clang's MemorySanitizer. This causes some existing tests to also test
 * this non-functional property of the code under test.
 *
 * This setting requires compiling with clang -fsanitize=memory. The test
 * suites can then be run normally.
 *
 * \warning This macro is only used for extended testing; it is not considered
 * part of the library's API, so it may change or disappear at any time.
 *
 * Uncomment to enable testing of the constant-flow nature of selected code.
 */
 //#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
 /**
 * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
 *
 * Enable testing of the constant-flow nature of some sensitive functions with
 * valgrind's memcheck tool. This causes some existing tests to also test
 * this non-functional property of the code under test.
 *
 * This setting requires valgrind headers for building, and is only useful for
 * testing if the tests suites are run with valgrind's memcheck. This can be
 * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
 * using CMake, this can be done for all test suites with 'make memcheck'.
 *
 * \warning This macro is only used for extended testing; it is not considered
 * part of the library's API, so it may change or disappear at any time.
 *
 * Uncomment to enable testing of the constant-flow nature of selected code.
 */
 //#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
 /**
 * \def MBEDTLS_TEST_NULL_ENTROPY
 *
@ -841,28 +780,6 @@
 */
 #define MBEDTLS_ECP_NIST_OPTIM
 /**
 * \def MBEDTLS_ECP_NO_INTERNAL_RNG
 *
 * When this option is disabled, mbedtls_ecp_mul() will make use of an
 * internal RNG when called with a NULL \c f_rng argument, in order to protect
 * against some side-channel attacks.
 *
 * This protection introduces a dependency of the ECP module on one of the
 * DRBG or SHA modules (HMAC-DRBG, CTR-DRBG, SHA-512 or SHA-256.) For very
 * constrained applications that don't require this protection (for example,
 * because you're only doing signature verification, so not manipulating any
 * secret, or because local/physical side-channel attacks are outside your
 * threat model), it might be desirable to get rid of that dependency.
 *
 * \warning Enabling this option makes some uses of ECP vulnerable to some
 * side-channel attacks. Only enable it if you know that's not a problem for
 * your use case.
 *
 * Uncomment this macro to disable some counter-measures in ECP.
 */
 //#define MBEDTLS_ECP_NO_INTERNAL_RNG
 /**
 * \def MBEDTLS_ECP_RESTARTABLE
 *
@ -1746,23 +1663,6 @@
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT
 /**
 * \def MBEDTLS_TEST_HOOKS
 *
 * Enable features for invasive testing such as introspection functions and
 * hooks for fault injection. This enables additional unit tests.
 *
 * Merely enabling this feature should not change the behavior of the product.
 * It only adds new code, and new branching points where the default behavior
 * is the same as when this feature is disabled.
 * However, this feature increases the attack surface: there is an added
 * risk of vulnerabilities, and more gadgets that can make exploits easier.
 * Therefore this feature must never be enabled in production.
 *
 * Uncomment to enable invasive tests.
 */
 //#define MBEDTLS_TEST_HOOKS
 /**
 * \def MBEDTLS_THREADING_ALT
 *
@ -2249,7 +2149,7 @@
 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
 *
 */
-#define MBEDTLS_CMAC_C
+//#define MBEDTLS_CMAC_C
 /**
 * \def MBEDTLS_CTR_DRBG_C
@ -3143,7 +3043,7 @@
 */
 /* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
 //#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
 /* CTR_DRBG options */
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -38,14 +38,8 @@
 * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -59,26 +53,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_CTR_DRBG_H
@ -214,13 +189,6 @@ typedef struct mbedtls_ctr_drbg_context
    void *p_entropy;            /*!< The context for the entropy function. */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
     * This means that the mutex is initialized during the initial seeding
     * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
     *
     * Note that this invariant may change without notice. Do not rely on it
     * and do not access the mutex directly in application code.
     */
    mbedtls_threading_mutex_t mutex;
 #endif
 }
@ -231,11 +199,6 @@ mbedtls_ctr_drbg_context;
 *                      and prepares it for mbedtls_ctr_drbg_seed()
 *                      or mbedtls_ctr_drbg_free().
 *
 * \note                The reseed interval is
 *                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
 *                      You can override it by calling
 *                      mbedtls_ctr_drbg_set_reseed_interval().
 *
 * \param ctx           The CTR_DRBG context to initialize.
 */
 void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
@ -284,15 +247,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      device.
 */
 #endif
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           The CTR_DRBG context to seed.
 *                      It must have been initialized with
@ -302,8 +256,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      the same context unless you call
 *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
 *                      again first.
 *                      After a failed call to mbedtls_ctr_drbg_seed(),
 *                      you must call mbedtls_ctr_drbg_free().
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
 *                      length of the buffer.
@ -328,8 +280,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                   size_t len );
 /**
- * \brief               This function resets CTR_DRBG context to the state immediately
+ * \brief               This function clears CTR_CRBG context data.
 *                      after initial call of mbedtls_ctr_drbg_init().
 *
 * \param ctx           The CTR_DRBG context to clear.
 */
@ -395,11 +346,6 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
 * \brief               This function reseeds the CTR_DRBG context, that is
 *                      extracts data from the entropy source.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The CTR_DRBG context.
 * \param additional    Additional data to add to the state. Can be \c NULL.
 * \param len           The length of the additional data.
@ -417,11 +363,6 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief              This function updates the state of the CTR_DRBG context.
 *
 * \note               This function is not thread-safe. It is not safe
 *                     to call this function if another thread might be
 *                     concurrently obtaining random numbers from the same
 *                     context or updating or reseeding the same context.
 *
 * \param ctx          The CTR_DRBG context.
 * \param additional   The data to update the state with. This must not be
 *                     \c NULL unless \p add_len is \c 0.
@ -445,11 +386,6 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
@ -478,16 +414,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
+ *
-#if defined(MBEDTLS_THREADING_C)
+ *
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@ -4,14 +4,8 @@
 * \brief Functions for controlling and providing debug output from the library.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_DEBUG_H
 #define MBEDTLS_DEBUG_H
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@ -8,14 +8,8 @@
 *            instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 *
 */
 #ifndef MBEDTLS_DES_H
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@ -44,14 +44,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -65,26 +59,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_DHM_H
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@ -13,14 +13,8 @@
 * Cryptography</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -34,26 +28,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ECDH_H
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@ -11,14 +11,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -32,26 +26,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ECDSA_H
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@ -4,14 +4,8 @@
 * \brief Elliptic curve J-PAKE
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ECJPAKE_H
 #define MBEDTLS_ECJPAKE_H
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -15,14 +15,8 @@
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -36,26 +30,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ECP_H
@ -838,9 +813,6 @@ int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
 *                  intermediate results to prevent potential timing attacks
 *                  targeting these results. We recommend always providing
 *                  a non-NULL \p f_rng. The overhead is negligible.
 *                  Note: unless #MBEDTLS_ECP_NO_INTERNAL_RNG is defined, when
 *                  \p f_rng is NULL, an internal RNG (seeded from the value
 *                  of \p m) will be used instead.
 *
 * \param grp       The ECP group to use.
 *                  This must be initialized and have group parameters
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@ -5,14 +5,8 @@
 * point arithmetic.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 /*
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -4,14 +4,8 @@
 * \brief Entropy accumulator implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ENTROPY_H
 #define MBEDTLS_ENTROPY_H
@ -147,15 +122,13 @@ mbedtls_entropy_source_state;
 */
 typedef struct mbedtls_entropy_context
 {
-    int accumulator_started; /* 0 after init.
+    int accumulator_started;
                              * 1 after the first update.
                              * -1 after free. */
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
    mbedtls_sha512_context  accumulator;
 #else
    mbedtls_sha256_context  accumulator;
 #endif
-    int             source_count; /* Number of entries used in source. */
+    int             source_count;
    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_state    havege_data;
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@ -4,14 +4,8 @@
 * \brief Platform-specific and custom entropy polling functions
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ENTROPY_POLL_H
 #define MBEDTLS_ENTROPY_POLL_H
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -4,14 +4,8 @@
 * \brief Error to string translation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_ERROR_H
 #define MBEDTLS_ERROR_H
@ -125,7 +100,6 @@
 * ECP       4   10 (Started from top)
 * MD        5   5
 * HKDF      5   1 (Started from top)
 * SSL       5   1 (Started from 0x5E80)
 * CIPHER    6   8
 * SSL       6   23 (Started from top)
 * SSL       7   32
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@ -12,14 +12,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -33,26 +27,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_GCM_H
@ -182,7 +157,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
 *                  than zero, this must be a writable buffer of at least that
 *                  size in Bytes.
 * \param tag_len   The length of the tag to generate.
- * \param tag       The buffer for holding the tag. This must be a writable
+ * \param tag       The buffer for holding the tag. This must be a readable
 *                  buffer of at least \p tag_len Bytes.
 *
 * \return          \c 0 if the encryption or decryption was performed
@ -310,7 +285,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
 *                  tag. The tag can have a maximum length of 16 Bytes.
 *
 * \param ctx       The GCM context. This must be initialized.
- * \param tag       The buffer for holding the tag. This must be a writable
+ * \param tag       The buffer for holding the tag. This must be a readable
 *                  buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the tag to generate. This must be at least
 *                  four.
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@ -4,14 +4,8 @@
 * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_HAVEGE_H
 #define MBEDTLS_HAVEGE_H
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@ -7,14 +7,8 @@
 *          specified by RFC 5869.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016-2019, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_HKDF_H
 #define MBEDTLS_HKDF_H
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@ -8,14 +8,8 @@
 * Deterministic Random Bit Generators</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_HMAC_DRBG_H
 #define MBEDTLS_HMAC_DRBG_H
@ -128,14 +103,6 @@ typedef struct mbedtls_hmac_drbg_context
    void *p_entropy;            /*!< context for the entropy function        */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized if and only if
     * md_ctx->md_info != NULL. This means that the mutex is initialized
     * during the initial seeding in mbedtls_hmac_drbg_seed() or
     * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
     *
     * Note that this invariant may change without notice. Do not rely on it
     * and do not access the mutex directly in application code.
     */
    mbedtls_threading_mutex_t mutex;
 #endif
 } mbedtls_hmac_drbg_context;
@ -146,10 +113,6 @@ typedef struct mbedtls_hmac_drbg_context
 * This function makes the context ready for mbedtls_hmac_drbg_seed(),
 * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
 *
 * \note                The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
 *                      by default. Override this value by calling
 *                      mbedtls_hmac_drbg_set_reseed_interval().
 *
 * \param ctx           HMAC_DRBG context to be initialized.
 */
 void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
@ -185,17 +148,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
 * \note                During the initial seeding, this function calls
 *                      the entropy source to obtain a nonce
 *                      whose length is half the entropy length.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_hmac_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           HMAC_DRBG context to be seeded.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param f_entropy     The entropy callback, taking as arguments the
@ -234,17 +187,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
 *
 * This function is meant for use in algorithms that need a pseudorandom
 * input such as deterministic ECDSA.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      after this function returns successfully,
 *                      it is safe to call mbedtls_hmac_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           HMAC_DRBG context to be initialised.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param data          Concatenation of the initial entropy string and
@ -307,11 +250,6 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
 /**
 * \brief               This function updates the state of the HMAC_DRBG context.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    The data to update the state with.
 *                      If this is \c NULL, there is no additional data.
@ -328,11 +266,6 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
 * \brief               This function reseeds the HMAC_DRBG context, that is
 *                      extracts data from the entropy source.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    Additional data to add to the state.
 *                      If this is \c NULL, there is no additional data
@ -358,11 +291,6 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \note                This function is not thread-safe. It is not safe
 *                      to call this function if another thread might be
 *                      concurrently obtaining random numbers from the same
 *                      context or updating or reseeding the same context.
 *
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
@ -392,16 +320,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
+ *
 #if defined(MBEDTLS_THREADING_C)
 /**
 * \note                When Mbed TLS is built with threading support,
 *                      it is safe to call mbedtls_ctr_drbg_random()
 *                      from multiple threads. Other operations, including
 *                      reseeding, are not thread-safe.
 */
 #endif /* MBEDTLS_THREADING_C */
 /**
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
@ -417,8 +336,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
 int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
 /**
- * \brief               This function resets HMAC_DRBG context to the state immediately
+ * \brief               Free an HMAC_DRBG context
 *                      after initial call of mbedtls_hmac_drbg_init().
 *
 * \param ctx           The HMAC_DRBG context to free.
 */
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -6,14 +6,8 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_MD_H
@ -123,8 +98,6 @@ typedef struct mbedtls_md_context_t
 * \brief           This function returns the list of digests supported by the
 *                  generic digest module.
 *
 * \note            The list starts with the strongest available hashes.
 *
 * \return          A statically allocated array of digests. Each element
 *                  in the returned list is an integer belonging to the
 *                  message-digest enumeration #mbedtls_md_type_t.
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@ -8,14 +8,8 @@
 *          instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 *
 */
 #ifndef MBEDTLS_MD2_H
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@ -8,14 +8,8 @@
 *          instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 *
 */
 #ifndef MBEDTLS_MD4_H
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@ -8,14 +8,8 @@
 *            digests instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_MD5_H
 #define MBEDTLS_MD5_H
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@ -8,14 +8,8 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_MD_WRAP_H
 #define MBEDTLS_MD_WRAP_H
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@ -4,14 +4,8 @@
 * \brief Buffer-based memory allocator
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
 #define MBEDTLS_MEMORY_BUFFER_ALLOC_H
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@ -6,14 +6,8 @@
 * \deprecated Superseded by mbedtls/net_sockets.h
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@ -20,14 +20,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -41,26 +35,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_NET_SOCKETS_H
 #define MBEDTLS_NET_SOCKETS_H
@ -151,7 +126,6 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
 *
 * \return         0 if successful, or one of:
 *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
 *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
 *                      MBEDTLS_ERR_NET_BIND_FAILED,
 *                      MBEDTLS_ERR_NET_LISTEN_FAILED
 *
@ -171,8 +145,6 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
 *                  can be NULL if client_ip is null
 *
 * \return          0 if successful, or
 *                  MBEDTLS_ERR_NET_SOCKET_FAILED,
 *                  MBEDTLS_ERR_NET_BIND_FAILED,
 *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
 *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
 *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
@ -185,10 +157,6 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
 /**
 * \brief          Check and wait for the context to be ready for read/write
 *
 * \note           The current implementation of this function uses
 *                 select() and returns an error if the file descriptor
 *                 is \c FD_SETSIZE or greater.
 *
 * \param ctx      Socket to check
 * \param rw       Bitflag composed of MBEDTLS_NET_POLL_READ and
 *                 MBEDTLS_NET_POLL_WRITE specifying the events
@ -270,21 +238,16 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
 *                 'timeout' seconds. If no error occurs, the actual amount
 *                 read is returned.
 *
 * \note           The current implementation of this function uses
 *                 select() and returns an error if the file descriptor
 *                 is \c FD_SETSIZE or greater.
 *
 * \param ctx      Socket
 * \param buf      The buffer to write to
 * \param len      Maximum length of the buffer
 * \param timeout  Maximum number of milliseconds to wait for data
 *                 0 means no timeout (wait forever)
 *
- * \return         The number of bytes received if successful.
+ * \return         the number of bytes received,
- *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
+ *                 or a non-zero error code:
 *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
 *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
 *                 Another negative error code (MBEDTLS_ERR_NET_xxx)
 *                 for other failures.
 *
 * \note           This function will block (until data becomes available or
 *                 timeout is reached) even if the socket is set to
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@ -16,14 +16,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -37,26 +31,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_NIST_KW_H
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@ -4,14 +4,8 @@
 * \brief Object Identifier (OID) database
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_OID_H
 #define MBEDTLS_OID_H
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@ -8,14 +8,8 @@
 *          functions; you must not call them directly.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -29,26 +23,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PADLOCK_H
 #define MBEDTLS_PADLOCK_H
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@ -4,14 +4,8 @@
 * \brief Privacy Enhanced Mail (PEM) decoding
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PEM_H
 #define MBEDTLS_PEM_H
@ -137,27 +112,17 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx );
 * \brief           Write a buffer of PEM information from a DER encoded
 *                  buffer.
 *
- * \param header    The header string to write.
+ * \param header    header string to write
- * \param footer    The footer string to write.
+ * \param footer    footer string to write
- * \param der_data  The DER data to encode.
+ * \param der_data  DER data to write
- * \param der_len   The length of the DER data \p der_data in Bytes.
+ * \param der_len   length of the DER data
- * \param buf       The buffer to write to.
+ * \param buf       buffer to write to
- * \param buf_len   The length of the output buffer \p buf in Bytes.
+ * \param buf_len   length of output buffer
- * \param olen      The address at which to store the total length written
+ * \param olen      total length written / required (if buf_len is not enough)
 *                  or required (if \p buf_len is not enough).
 *
- * \note            You may pass \c NULL for \p buf and \c 0 for \p buf_len
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
- *                  to request the length of the resulting PEM buffer in
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
- *                  `*olen`.
+ *                  size.
 *
 * \note            This function may be called with overlapping \p der_data
 *                  and \p buf buffers.
 *
 * \return          \c 0 on success.
 * \return          #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
 *                  enough to hold the PEM buffer. In  this case, `*olen` holds
 *                  the required minimum size of \p buf.
 * \return          Another PEM or BASE64 error code on other kinds of failure.
 */
 int mbedtls_pem_write_buffer( const char *header, const char *footer,
                      const unsigned char *der_data, size_t der_len,
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -4,14 +4,8 @@
 * \brief Public Key abstraction layer
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PK_H
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@ -4,14 +4,8 @@
 * \brief Public Key abstraction layer: wrapper functions
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PK_WRAP_H
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@ -6,14 +6,8 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PKCS11_H
 #define MBEDTLS_PKCS11_H
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@ -4,14 +4,8 @@
 * \brief PKCS#12 Personal Information Exchange Syntax
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PKCS12_H
 #define MBEDTLS_PKCS12_H
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@ -6,14 +6,8 @@
 * \author Mathias Olsson <mathias@kompetensum.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PKCS5_H
 #define MBEDTLS_PKCS5_H
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@ -13,14 +13,8 @@
 *        dynamically configured at runtime.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -34,26 +28,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PLATFORM_H
 #define MBEDTLS_PLATFORM_H
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@ -4,14 +4,8 @@
 * \brief mbed TLS Platform time abstraction
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PLATFORM_TIME_H
 #define MBEDTLS_PLATFORM_TIME_H
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@ -5,14 +5,8 @@
 *        library.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -26,26 +20,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_PLATFORM_UTIL_H
 #define MBEDTLS_PLATFORM_UTIL_H
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@ -12,15 +12,8 @@
 * \author Daniel King <damaki.gh@gmail.com>
 */
-/*
+/*  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
- *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -34,26 +27,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_POLY1305_H
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@ -4,14 +4,8 @@
 * \brief RIPE MD-160 message digest
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_RIPEMD160_H
 #define MBEDTLS_RIPEMD160_H
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -10,14 +10,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -31,26 +25,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_RSA_H
 #define MBEDTLS_RSA_H
@ -124,10 +99,7 @@ extern "C" {
 */
 typedef struct mbedtls_rsa_context
 {
-    int ver;                    /*!<  Reserved for internal purposes.
+    int ver;                    /*!<  Always 0.*/
                                 *    Do not set this field in application
                                 *    code. Its meaning might change without
                                 *    notice. */
    size_t len;                 /*!<  The size of \p N in Bytes. */
    mbedtls_mpi N;              /*!<  The public modulus. */
@ -157,7 +129,6 @@ typedef struct mbedtls_rsa_context
                                     mask generating function used in the
                                     EME-OAEP and EMSA-PSS encodings. */
 #if defined(MBEDTLS_THREADING_C)
    /* Invariant: the mutex is initialized iff ver != 0. */
    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex. */
 #endif
 }
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@ -35,14 +35,8 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -56,26 +50,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 *
 */
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@ -11,14 +11,8 @@
 *            digests instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -32,26 +26,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SHA1_H
 #define MBEDTLS_SHA1_H
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@ -7,14 +7,8 @@
 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -28,26 +22,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SHA256_H
 #define MBEDTLS_SHA256_H
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@ -6,14 +6,8 @@
 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -27,26 +21,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SHA512_H
 #define MBEDTLS_SHA512_H
@ -152,7 +127,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,
 /**
 * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer.
+ *                 the result to the output buffer. This function is for
 *                 internal use only.
 *
 * \param ctx      The SHA-512 context. This must be initialized
 *                 and have a hash operation started.
@ -168,7 +144,6 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
 /**
 * \brief          This function processes a single data block within
 *                 the ongoing SHA-512 computation.
 *                 This function is for internal use only.
 *
 * \param ctx      The SHA-512 context. This must be initialized.
 * \param data     The buffer holding one block of data. This
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -4,14 +4,8 @@
 * \brief SSL/TLS functions.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SSL_H
 #define MBEDTLS_SSL_H
@ -148,7 +123,6 @@
 #define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS                 -0x6500  /**< The asynchronous operation is not completed yet. */
 #define MBEDTLS_ERR_SSL_EARLY_MESSAGE                     -0x6480  /**< Internal-only message signaling that a message arrived early. */
 #define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS                -0x7000  /**< A cryptographic operation is in progress. Try again later. */
 #define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80  /**< Invalid value in SSL config */
 /*
 * Various constants
@ -163,9 +137,6 @@
 #define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
 #define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
 #define MBEDTLS_SSL_MAX_ALPN_NAME_LEN           255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
 #define MBEDTLS_SSL_MAX_ALPN_LIST_LEN           65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301          */
 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
 * NONE must be zero so that memset()ing structure to zero works */
@ -1409,7 +1380,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
 * \note           For DTLS, you need to provide either a non-NULL
 *                 f_recv_timeout callback, or a f_recv that doesn't block.
 *
- * \note           See the documentations of \c mbedtls_ssl_send_t,
+ * \note           See the documentations of \c mbedtls_ssl_sent_t,
 *                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
 *                 the conventions those callbacks must follow.
 *
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@ -4,14 +4,8 @@
 * \brief SSL session cache implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SSL_CACHE_H
 #define MBEDTLS_SSL_CACHE_H
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@ -4,14 +4,8 @@
 * \brief SSL Ciphersuites for mbed TLS
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
- *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ *  SPDX-License-Identifier: Apache-2.0
 *
 *  This file is provided under the Apache License 2.0, or the
 *  GNU General Public License v2.0 or later.
 *
 *  **********
 *  Apache License 2.0:
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
 *  not use this file except in compliance with the License.
@ -25,26 +19,7 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 *
- *  **********
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 *
 *  **********
 *  GNU General Public License v2.0 or later:
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License along
 *  with this program; if not, write to the Free Software Foundation, Inc.,
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
 */
 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
 #define MBEDTLS_SSL_CIPHERSUITES_H
--- a/Show more
+++ b/Show more
		`@ -1,2 +0,0 @@`
			`Changes`
			`* Fix the setting of the read timeout in the DTLS sample programs.`
		`@ -1,2 +0,0 @@`
			`Bugfix`
			`* Fix an incorrect error code when parsing a PKCS#8 private key.`