2025-08-05 08:21:11 +00:00
363 changed files with 3575 additions and 4447 deletions
--- a/.gitignore
+++ b/.gitignore
@ -40,5 +40,4 @@ massif-*
 /GSYMS
 /GTAGS
 /TAGS
-/cscope*.out
 /tags
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -8,7 +8,7 @@ endif()
 option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
 option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)

-option(ENABLE_PROGRAMS "Build mbed TLS programs." OFF)
+option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)

 option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)

@ -21,7 +21,7 @@ string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${CMAKE_C_COMPILER_ID}")
 if(CMAKE_COMPILER_IS_MSVC)
    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
 else()
-    option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+    option(ENABLE_TESTING "Build mbed TLS tests." ON)
 endif()

 # Warning string - created as a list for compatibility with CMake 2.8
@ -157,9 +157,6 @@ if(CMAKE_COMPILER_IS_IAR)
 endif(CMAKE_COMPILER_IS_IAR)

 if(CMAKE_COMPILER_IS_MSVC)
-    # Compile with UTF-8 encoding (REMOVE THIS COMMIT ONCE A FIX IS DEPLOYED UPSTREAM)
-    add_compile_options(/utf-8)
-
    # Strictest warnings, and treat as errors
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
    set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")
--- a/180
+++ b/180
@ -1,185 +1,5 @@
 mbed TLS ChangeLog (Sorted per branch, date)

-= mbed TLS 2.16.10 branch released 2021-03-12
-
-Default behavior changes
-   * In mbedtls_rsa_context objects, the ver field was formerly documented
-     as always 0. It is now reserved for internal purposes and may take
-     different values.
-
-Security
-   * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
-     |A| - |B| where |B| is larger than |A| and has more limbs (so the
-     function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
-     applications calling mbedtls_mpi_sub_abs() directly are affected:
-     all calls inside the library were safe since this function is
-     only called with |A| >= |B|. Reported by Guido Vranken in #4042.
-   * Fix an errorneous estimation for an internal buffer in
-     mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
-     value the function might fail to write a private RSA keys of the largest
-     supported size.
-     Found by Daniel Otte, reported in #4093 and fixed in #4094,
-     backported in #4100.
-   * Fix a stack buffer overflow with mbedtls_net_poll() and
-     mbedtls_net_recv_timeout() when given a file descriptor that is
-     beyond FD_SETSIZE. Reported by FigBug in #4169.
-   * Guard against strong local side channel attack against base64 tables by
-     making access aceess to them use constant flow code.
-
-Bugfix
-   * Fix an incorrect error code if an RSA private operation glitched.
-   * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
-     is enabled, on platforms where initializing a mutex allocates resources.
-     This was a regression introduced in the previous release. Reported in
-     #4017, #4045 and #4071.
-   * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
-     twice is safe. This happens for RSA when some Mbed TLS library functions
-     fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
-     enabled on platforms where freeing a mutex twice is not safe.
-   * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
-     when MBEDTLS_THREADING_C is enabled on platforms where initializing
-     a mutex allocates resources.
-   * This change makes 'mbedtls_x509write_crt_set_basic_constraints'
-     consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
-     include this extension in all CA certificates that contain public keys
-     used to validate digital signatures on certificates and MUST mark the
-     extension as critical in such certificates." Previous to this change,
-     the extension was always marked as non-critical. This was fixed by
-     #4044.
-
-= mbed TLS 2.16.9 branch released 2020-12-11
-
-Security
-   * Limit the size of calculations performed by mbedtls_mpi_exp_mod to
-     MBEDTLS_MPI_MAX_SIZE to prevent a potential denial of service when
-     generating Diffie-Hellman key pairs. Credit to OSS-Fuzz.
-   * A failure of the random generator was ignored in mbedtls_mpi_fill_random(),
-     which is how most uses of randomization in asymmetric cryptography
-     (including key generation, intermediate value randomization and blinding)
-     are implemented. This could cause failures or the silent use of non-random
-     values. A random generator can fail if it needs reseeding and cannot not
-     obtain entropy, or due to an internal failure (which, for Mbed TLS's own
-     CTR_DRBG or HMAC_DRBG, can only happen due to a misconfiguration).
-   * Fix a compliance issue whereby we were not checking the tag on the
-     algorithm parameters (only the size) when comparing the signature in the
-     description part of the cert to the real signature. This meant that a
-     NULL algorithm parameters entry would look identical to an array of REAL
-     (size zero) to the library and thus the certificate would be considered
-     valid. However, if the parameters do not match in *any* way then the
-     certificate should be considered invalid, and indeed OpenSSL marks these
-     certs as invalid when mbedtls did not.
-     Many thanks to guidovranken who found this issue via differential fuzzing
-     and reported it in #3629.
-   * Zeroising of local buffers and variables which are used for calculations
-     in mbedtls_pkcs5_pbkdf2_hmac(), mbedtls_internal_sha*_process(),
-     mbedtls_internal_md*_process() and mbedtls_internal_ripemd160_process()
-     functions to erase sensitive data from memory. Reported by
-     Johan Malmgren and Johan Uppman Bruce from Sectra.
-
-Bugfix
-   * Fix an invalid (but nonzero) return code from mbedtls_pk_parse_subpubkey()
-     when the input has trailing garbage. Fixes #2512.
-   * Fix rsa_prepare_blinding() to retry when the blinding value is not
-     invertible (mod N), instead of returning MBEDTLS_ERR_RSA_RNG_FAILED. This
-     addresses a regression but is rare in practice (approx. 1 in 2/sqrt(N)).
-     Found by Synopsys Coverity, fix contributed by Peter Kolbus (Garmin).
-     Fixes #3647.
-   * Fix the build when the macro _GNU_SOURCE is defined to a non-empty value.
-     Fix #3432.
-   * Correct the default IV size for mbedtls_cipher_info_t structures using
-     MBEDTLS_MODE_ECB to 0, since ECB mode ciphers don't use IVs.
-   * Make arc4random_buf available on NetBSD and OpenBSD when _POSIX_C_SOURCE is
-     defined. Fix contributed in #3571. Adopted for LTS branch 2.16 in #3602.
-   * Fix build failures on GCC 11. Fixes #3782.
-   * Fix a memory leak in mbedtls_mpi_sub_abs() when the result was negative
-     (an error condition) and the second operand was aliased to the result.
-   * Fix a case in elliptic curve arithmetic where an out-of-memory condition
-     could go undetected, resulting in an incorrect result.
-   * In CTR_DRBG and HMAC_DRBG, don't reset the reseed interval in seed().
-     Fixes #2927.
-   * In PEM writing functions, fill the trailing part of the buffer with null
-     bytes. This guarantees that the corresponding parsing function can read
-     the buffer back, which was the case for mbedtls_x509write_{crt,csr}_pem
-     until this property was inadvertently broken in Mbed TLS 2.19.0.
-     Fixes #3682.
-   * Fix a build failure that occurred with the MBEDTLS_AES_SETKEY_DEC_ALT
-     option on. In this configuration key management methods that are required
-     for MBEDTLS_CIPHER_MODE_XTS were excluded from the build and made it fail.
-     Fixes #3818. Reported by John Stroebel.
-
-Changes
-   * Reduce stack usage significantly during sliding window exponentiation.
-     Reported in #3591 and fix contributed in #3592 by Daniel Otte.
-   * Remove the zeroization of a pointer variable in AES rounds. It was valid
-     but spurious and misleading since it looked like a mistaken attempt to
-     zeroize the pointed-to buffer. Reported by Antonio de la Piedra, CEA
-     Leti, France.
-
-= mbed TLS 2.16.8 branch released 2020-09-01
-
-Features
-   * Support building on e2k (Elbrus) architecture: correctly enable
-     -Wformat-signedness, and fix the code that causes signed-one-bit-field
-     and sign-compare warnings. Contributed by makise-homura (Igor Molchanov)
-     <akemi_homura@kurisa.ch>.
-
-Security
-   * When checking X.509 CRLs, a certificate was only considered as revoked if
-     its revocationDate was in the past according to the local clock if
-     available. In particular, on builds without MBEDTLS_HAVE_TIME_DATE,
-     certificates were never considered as revoked. On builds with
-     MBEDTLS_HAVE_TIME_DATE, an attacker able to control the local clock (for
-     example, an untrusted OS attacking a secure enclave) could prevent
-     revocation of certificates via CRLs. Fixed by no longer checking the
-     revocationDate field, in accordance with RFC 5280. Reported by
-     yuemonangong in #3340. Reported independently and fixed by
-     Raoul Strackx and Jethro Beekman in #3433.
-   * In (D)TLS record decryption, when using a CBC ciphersuites without the
-     Encrypt-then-Mac extension, use constant code flow memory access patterns
-     to extract and check the MAC. This is an improvement to the existing
-     countermeasure against Lucky 13 attacks. The previous countermeasure was
-     effective against network-based attackers, but less so against local
-     attackers. The new countermeasure defends against local attackers, even
-     if they have access to fine-grained measurements. In particular, this
-     fixes a local Lucky 13 cache attack found and reported by Tuba Yavuz,
-     Farhaan Fowze, Ken (Yihan) Bai, Grant Hernandez, and Kevin Butler
-     (University of Florida) and Dave Tian (Purdue University).
-   * Fix side channel in RSA private key operations and static (finite-field)
-     Diffie-Hellman. An adversary with precise enough timing and memory access
-     information (typically an untrusted operating system attacking a secure
-     enclave) could bypass an existing counter-measure (base blinding) and
-     potentially fully recover the private key.
-   * Fix a 1-byte buffer overread in mbedtls_x509_crl_parse_der().
-     Credit to OSS-Fuzz for detecting the problem and to Philippe Antoine
-     for pinpointing the problematic code.
-   * Zeroising of plaintext buffers in mbedtls_ssl_read() to erase unused
-     application data from memory. Reported in #689 by
-     Johan Uppman Bruce of Sectra.
-
-Bugfix
-   * Avoid use of statically sized stack buffers for certificate writing.
-     This previously limited the maximum size of DER encoded certificates
-     in mbedtls_x509write_crt_der() to 2Kb. Reported by soccerGB in #2631.
-   * Reduce the stack consumption of mbedtls_x509write_csr_der() which
-     previously could lead to stack overflow on constrained devices.
-     Contributed by Doru Gucea and Simon Leet in #3464.
-   * Use arc4random_buf on NetBSD instead of rand implementation with cyclical
-     lower bits. Fix contributed in #3540.
-   * Fix building library/net_sockets.c and the ssl_mail_client program on
-     NetBSD. NetBSD conditionals were added for the backport to avoid the risk
-     of breaking a platform. Original fix contributed by Nia Alarie in #3422.
-     Adapted for long-term support branch 2.16 in #3558.
-   * Fix bug in redirection of unit test outputs on platforms where stdout is
-     defined as a macro. First reported in #2311 and fix contributed in #3528.
-     Adopted for LTS branch 2.16 in #3601.
-
-Changes
-   * Update copyright notices to use Linux Foundation guidance. As a result,
-     the copyright of contributors other than Arm is now acknowledged, and the
-     years of publishing are no longer tracked in the source files. This also
-     eliminates the need for the lines declaring the files to be part of
-     MbedTLS. Fixes #3457.
-
 = mbed TLS 2.16.7 branch released 2020-07-01

 Security
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@ -3,29 +3,6 @@
 This directory contains changelog entries that have not yet been merged
 to the changelog file ([`../ChangeLog`](../ChangeLog)).

-## What requires a changelog entry?
-
-Write a changelog entry if there is a user-visible change. This includes:
-
-* Bug fixes in the library or in sample programs: fixing a security hole,
-  fixing broken behavior, fixing the build in some configuration or on some
-  platform, etc.
-* New features in the library, new sample programs, or new platform support.
-* Changes in existing behavior. These should be rare. Changes in features
-  that are documented as experimental may or may not be announced, depending
-  on the extent of the change and how widely we expect the feature to be used.
-
-We generally don't include changelog entries for:
-
-* Documentation improvements.
-* Performance improvements, unless they are particularly significant.
-* Changes to parts of the code base that users don't interact with directly,
-  such as test code and test data.
-
-Until Mbed TLS 2.16.8, we required changelog entries in more cases.
-Looking at older changelog entries is good practice for how to write a
-changelog entry, but not for deciding whether to write one.
-
 ## Changelog entry file format

 A changelog entry file must have the extension `*.txt` and must have the
@ -56,7 +33,8 @@ The permitted changelog entry categories are as follows:
    Bugfix
    Changes

-Use “Changes” for anything that doesn't fit in the other categories.
+Use “Changes” for anything that doesn't fit in the other categories, such as
+performance, documentation and test improvements.

 ## How to write a changelog entry

@ -71,7 +49,8 @@ Include GitHub issue numbers where relevant. Use the format “#1234” for an
 Mbed TLS issue. Add other external references such as CVE numbers where
 applicable.

-Credit bug reporters where applicable.
+Credit the author of the contribution if the contribution is not a member of
+the Mbed TLS development team. Also credit bug reporters where applicable.

 **Explain why, not how**. Remember that the audience is the users of the
 library, not its developers. In particular, for a bug fix, explain the
--- a/ChangeLog.d/add-missing-parenthesis.txt
+++ b/ChangeLog.d/add-missing-parenthesis.txt
@ -1,3 +0,0 @@
-Bugfix
-   * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
-     defined. Fixes #4217.
--- a/ChangeLog.d/aescrypt2.txt
+++ b/ChangeLog.d/aescrypt2.txt
@ -1,3 +0,0 @@
-Changes
-   * Remove the AES sample application programs/aes/aescrypt2 which shows
-     bad cryptographic practice. Fix #1906.
--- a/ChangeLog.d/bugfix_PR3616.txt
+++ b/ChangeLog.d/bugfix_PR3616.txt
@ -1,5 +0,0 @@
-Bugfix
-   * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
-     lead to the seed file corruption in case if the path to the seed file is
-     equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
-     Krasnoshchok in #3616.
--- a/ChangeLog.d/dhm_min_bitlen.txt
+++ b/ChangeLog.d/dhm_min_bitlen.txt
@ -1,4 +0,0 @@
-Bugfix
-   * In a TLS client, enforce the Diffie-Hellman minimum parameter size
-     set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
-     minimum size was rounded down to the nearest multiple of 8.
--- a/ChangeLog.d/dtls_sample_use_read_timeout.txt
+++ b/ChangeLog.d/dtls_sample_use_read_timeout.txt
@ -1,2 +0,0 @@
-Changes
-   * Fix the setting of the read timeout in the DTLS sample programs.
--- a/ChangeLog.d/fix-pk-parse-key-error-code.txt
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@ -1,2 +0,0 @@
-Bugfix
-   * Fix an incorrect error code when parsing a PKCS#8 private key.
--- a/ChangeLog.d/mpi_read_negative_zero.txt
+++ b/ChangeLog.d/mpi_read_negative_zero.txt
@ -1,3 +0,0 @@
-Bugfix
-   * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
-     as equal to 0 in all cases. Fix it to produce the same object as "0".
--- a/9
+++ b/9
@ -124,15 +124,10 @@ endif
 ## Editor navigation files
 C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
 # Exuberant-ctags invocation. Other ctags implementations may require different options.
-CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o
+CTAGS = ctags --langmap=c:+.h.function -o
 tags: $(C_SOURCE_FILES)
 	$(CTAGS) $@ $(C_SOURCE_FILES)
 TAGS: $(C_SOURCE_FILES)
-	etags --no-line-directive -o $@ $(C_SOURCE_FILES)
-global: GPATH GRTAGS GSYMS GTAGS
+	etags -o $@ $(C_SOURCE_FILES)
 GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
 	ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
-cscope: cscope.in.out cscope.po.out cscope.out
-cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
-	cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
-.PHONY: cscope global
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@ -4,7 +4,7 @@
 * \brief Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 * Minimal configuration for TLS 1.2 with PSK and AES-CCM ciphersuites
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@ -4,7 +4,7 @@
 * \brief Minimal configuration for TLS 1.1 (RFC 4346)
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@ -4,7 +4,7 @@
 * \brief Minimal configuration of features that do not require an entropy source
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 * Minimal configuration of features that do not require an entropy source
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@ -4,7 +4,7 @@
 * \brief Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 * Minimal configuration for TLS NSA Suite B Profile (RFC 6460)
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@ -4,7 +4,7 @@
 * \brief Minimal configuration for using TLS as part of Thread
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /*
--- a/doxygen/input/doc_encdec.h
+++ b/doxygen/input/doc_encdec.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/input/doc_hashing.h
+++ b/doxygen/input/doc_hashing.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,10 +46,12 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
- * @mainpage mbed TLS v2.16.10 source code documentation
+ * @mainpage mbed TLS v2.16.7 source code documentation
 *
 * This documentation describes the internal structure of mbed TLS.  It was
 * automatically generated from specially formatted comment blocks in
--- a/doxygen/input/doc_rng.h
+++ b/doxygen/input/doc_rng.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/input/doc_ssltls.h
+++ b/doxygen/input/doc_ssltls.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/input/doc_tcpip.h
+++ b/doxygen/input/doc_tcpip.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/input/doc_x509.h
+++ b/doxygen/input/doc_x509.h
@ -5,7 +5,7 @@
 */
 /*
 *
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /**
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@ -28,7 +28,7 @@ DOXYFILE_ENCODING      = UTF-8
 # identify the project. Note that if you do not use Doxywizard you need
 # to put quotes around the project name if it contains spaces.

-PROJECT_NAME           = "mbed TLS v2.16.10"
+PROJECT_NAME           = "mbed TLS v2.16.7"

 # The PROJECT_NUMBER tag can be used to enter a project or revision number.
 # This could be handy for archiving the generated documentation or
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@ -21,7 +21,7 @@
 */

 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -62,6 +62,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_AES_H
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@ -7,7 +7,7 @@
 *          functions; you must not call them directly.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -48,6 +48,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_AESNI_H
 #define MBEDTLS_AESNI_H
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@ -7,7 +7,7 @@
 *            security risk. We recommend considering stronger ciphers instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *
 *  **********
 *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
 */
 #ifndef MBEDTLS_ARC4_H
 #define MBEDTLS_ARC4_H
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@ -10,7 +10,7 @@
 *        and also described by the IETF in <em>RFC 5794</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -51,6 +51,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_ARIA_H
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@ -4,7 +4,7 @@
 * \brief Generic ASN.1 parsing
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ASN1_H
 #define MBEDTLS_ASN1_H
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@ -4,7 +4,7 @@
 * \brief ASN.1 buffer writing functionality
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ASN1_WRITE_H
 #define MBEDTLS_ASN1_WRITE_H
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@ -4,7 +4,7 @@
 * \brief RFC 1521 base64 encoding/decoding
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_BASE64_H
 #define MBEDTLS_BASE64_H
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@ -4,7 +4,7 @@
 * \brief Multi-precision integer library
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_BIGNUM_H
 #define MBEDTLS_BIGNUM_H
@ -88,12 +90,12 @@
 * Maximum window size used for modular exponentiation. Default: 6
 * Minimum value: 1. Maximum value: 6.
 *
- * Result is an array of ( 2 ** MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
 * for the sliding window calculation. (So 64 by default)
 *
 * Reduction in size, reduces speed.
 */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum window size used. */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */

 #if !defined(MBEDTLS_MPI_MAX_SIZE)
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@ -4,7 +4,7 @@
 * \brief Blowfish block cipher
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_BLOWFISH_H
 #define MBEDTLS_BLOWFISH_H
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@ -4,7 +4,7 @@
 * \brief Multi-precision integer library
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 *      Multiply source vector [s] with b, add result
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@ -4,7 +4,7 @@
 * \brief Camellia block cipher
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_CAMELLIA_H
 #define MBEDTLS_CAMELLIA_H
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@ -28,7 +28,7 @@
 * consistent with RFC 3610.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -69,6 +69,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CCM_H
@ -175,7 +177,7 @@ void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
 *                  than zero, \p output must be a writable buffer of at least
 *                  that length.
 * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
+ *                  readable buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the authentication field to generate in Bytes:
 *                  4, 6, 8, 10, 12, 14 or 16.
 *
@ -220,7 +222,7 @@ int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
 *                  than zero, \p output must be a writable buffer of at least
 *                  that length.
 * \param tag       The buffer holding the authentication field. This must be a
- *                  writable buffer of at least \p tag_len Bytes.
+ *                  readable buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the authentication field to generate in Bytes:
 *                  0, 4, 6, 8, 10, 12, 14 or 16.
 *
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@ -4,7 +4,7 @@
 * \brief Sample certificates and DHM parameters for testing
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_CERTS_H
 #define MBEDTLS_CERTS_H
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@ -13,7 +13,7 @@
 */

 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -54,6 +54,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CHACHA20_H
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@ -13,7 +13,7 @@
 */

 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -54,6 +54,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CHACHAPOLY_H
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@ -4,7 +4,7 @@
 * \brief Consistency checks for configuration options
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /*
@ -197,16 +199,6 @@
 #error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
 #endif

-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
-#endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) &&  !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
-#endif
-#undef MBEDTLS_HAS_MEMSAN
-
 #if defined(MBEDTLS_TEST_NULL_ENTROPY) && \
    ( !defined(MBEDTLS_ENTROPY_C) || !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) )
 #error "MBEDTLS_TEST_NULL_ENTROPY defined, but not all prerequisites"
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@ -8,7 +8,7 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CIPHER_H
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@ -6,7 +6,7 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_CIPHER_WRAP_H
 #define MBEDTLS_CIPHER_WRAP_H
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@ -7,7 +7,7 @@
 * Authentication is defined in <em>RFC-4493: The AES-CMAC Algorithm</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2015-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -48,6 +48,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CMAC_H
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@ -7,7 +7,7 @@
 * \deprecated Use the new names directly instead
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -48,6 +48,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 #if !defined(MBEDTLS_CONFIG_FILE)
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -8,7 +8,7 @@
 *  memory footprint.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CONFIG_H
@ -549,42 +551,6 @@
 //#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
 //#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT

-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * clang's MemorySanitizer. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires compiling with clang -fsanitize=memory. The test
- * suites can then be run normally.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
-
-/**
- * \def MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
- *
- * Enable testing of the constant-flow nature of some sensitive functions with
- * valgrind's memcheck tool. This causes some existing tests to also test
- * this non-functional property of the code under test.
- *
- * This setting requires valgrind headers for building, and is only useful for
- * testing if the tests suites are run with valgrind's memcheck. This can be
- * done for an individual test suite with 'valgrind ./test_suite_xxx', or when
- * using CMake, this can be done for all test suites with 'make memcheck'.
- *
- * \warning This macro is only used for extended testing; it is not considered
- * part of the library's API, so it may change or disappear at any time.
- *
- * Uncomment to enable testing of the constant-flow nature of selected code.
- */
-//#define MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND
-
 /**
 * \def MBEDTLS_TEST_NULL_ENTROPY
 *
@ -1746,23 +1712,6 @@
 */
 //#define MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT

-/**
- * \def MBEDTLS_TEST_HOOKS
- *
- * Enable features for invasive testing such as introspection functions and
- * hooks for fault injection. This enables additional unit tests.
- *
- * Merely enabling this feature should not change the behavior of the product.
- * It only adds new code, and new branching points where the default behavior
- * is the same as when this feature is disabled.
- * However, this feature increases the attack surface: there is an added
- * risk of vulnerabilities, and more gadgets that can make exploits easier.
- * Therefore this feature must never be enabled in production.
- *
- * Uncomment to enable invasive tests.
- */
-//#define MBEDTLS_TEST_HOOKS
-
 /**
 * \def MBEDTLS_THREADING_ALT
 *
@ -2249,7 +2198,7 @@
 * Requires: MBEDTLS_AES_C or MBEDTLS_DES_C
 *
 */
-#define MBEDTLS_CMAC_C
+//#define MBEDTLS_CMAC_C

 /**
 * \def MBEDTLS_CTR_DRBG_C
@ -3143,7 +3092,7 @@
 */

 /* MPI / BIGNUM options */
-//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum window size used. */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
 //#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */

 /* CTR_DRBG options */
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@ -38,7 +38,7 @@
 * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -79,6 +79,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_CTR_DRBG_H
@ -214,13 +216,6 @@ typedef struct mbedtls_ctr_drbg_context
    void *p_entropy;            /*!< The context for the entropy function. */

 #if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
-     * This means that the mutex is initialized during the initial seeding
-     * in mbedtls_ctr_drbg_seed() and freed in mbedtls_ctr_drbg_free().
-     *
-     * Note that this invariant may change without notice. Do not rely on it
-     * and do not access the mutex directly in application code.
-     */
    mbedtls_threading_mutex_t mutex;
 #endif
 }
@ -231,11 +226,6 @@ mbedtls_ctr_drbg_context;
 *                      and prepares it for mbedtls_ctr_drbg_seed()
 *                      or mbedtls_ctr_drbg_free().
 *
- * \note                The reseed interval is
- *                      #MBEDTLS_CTR_DRBG_RESEED_INTERVAL by default.
- *                      You can override it by calling
- *                      mbedtls_ctr_drbg_set_reseed_interval().
- *
 * \param ctx           The CTR_DRBG context to initialize.
 */
 void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
@ -284,15 +274,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      device.
 */
 #endif
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
 /**
 * \param ctx           The CTR_DRBG context to seed.
 *                      It must have been initialized with
@ -302,8 +283,6 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 *                      the same context unless you call
 *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
 *                      again first.
- *                      After a failed call to mbedtls_ctr_drbg_seed(),
- *                      you must call mbedtls_ctr_drbg_free().
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
 *                      length of the buffer.
@ -328,8 +307,7 @@ int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
                   size_t len );

 /**
- * \brief               This function resets CTR_DRBG context to the state immediately
- *                      after initial call of mbedtls_ctr_drbg_init().
+ * \brief               This function clears CTR_CRBG context data.
 *
 * \param ctx           The CTR_DRBG context to clear.
 */
@ -395,11 +373,6 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
 * \brief               This function reseeds the CTR_DRBG context, that is
 *                      extracts data from the entropy source.
 *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
 * \param ctx           The CTR_DRBG context.
 * \param additional    Additional data to add to the state. Can be \c NULL.
 * \param len           The length of the additional data.
@ -417,11 +390,6 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief              This function updates the state of the CTR_DRBG context.
 *
- * \note               This function is not thread-safe. It is not safe
- *                     to call this function if another thread might be
- *                     concurrently obtaining random numbers from the same
- *                     context or updating or reseeding the same context.
- *
 * \param ctx          The CTR_DRBG context.
 * \param additional   The data to update the state with. This must not be
 *                     \c NULL unless \p add_len is \c 0.
@ -445,11 +413,6 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
@ -478,16 +441,8 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
+ *
+ *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@ -4,7 +4,7 @@
 * \brief Functions for controlling and providing debug output from the library.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_DEBUG_H
 #define MBEDTLS_DEBUG_H
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@ -8,7 +8,7 @@
 *            instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -50,6 +50,8 @@
 *
 *  **********
 *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
 */
 #ifndef MBEDTLS_DES_H
 #define MBEDTLS_DES_H
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@ -44,7 +44,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -85,6 +85,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_DHM_H
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@ -13,7 +13,7 @@
 * Cryptography</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -54,6 +54,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_ECDH_H
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@ -11,7 +11,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -52,6 +52,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_ECDSA_H
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@ -4,7 +4,7 @@
 * \brief Elliptic curve J-PAKE
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ECJPAKE_H
 #define MBEDTLS_ECJPAKE_H
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@ -15,7 +15,7 @@
 */

 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -56,6 +56,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_ECP_H
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@ -5,7 +5,7 @@
 * point arithmetic.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 /*
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -4,7 +4,7 @@
 * \brief Entropy accumulator implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ENTROPY_H
 #define MBEDTLS_ENTROPY_H
@ -147,15 +149,13 @@ mbedtls_entropy_source_state;
 */
 typedef struct mbedtls_entropy_context
 {
-    int accumulator_started; /* 0 after init.
-                              * 1 after the first update.
-                              * -1 after free. */
+    int accumulator_started;
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
    mbedtls_sha512_context  accumulator;
 #else
    mbedtls_sha256_context  accumulator;
 #endif
-    int             source_count; /* Number of entries used in source. */
+    int             source_count;
    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
 #if defined(MBEDTLS_HAVEGE_C)
    mbedtls_havege_state    havege_data;
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@ -4,7 +4,7 @@
 * \brief Platform-specific and custom entropy polling functions
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ENTROPY_POLL_H
 #define MBEDTLS_ENTROPY_POLL_H
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@ -4,7 +4,7 @@
 * \brief Error to string translation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_ERROR_H
 #define MBEDTLS_ERROR_H
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@ -12,7 +12,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -53,6 +53,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_GCM_H
@ -182,7 +184,7 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
 *                  than zero, this must be a writable buffer of at least that
 *                  size in Bytes.
 * \param tag_len   The length of the tag to generate.
- * \param tag       The buffer for holding the tag. This must be a writable
+ * \param tag       The buffer for holding the tag. This must be a readable
 *                  buffer of at least \p tag_len Bytes.
 *
 * \return          \c 0 if the encryption or decryption was performed
@ -310,7 +312,7 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
 *                  tag. The tag can have a maximum length of 16 Bytes.
 *
 * \param ctx       The GCM context. This must be initialized.
- * \param tag       The buffer for holding the tag. This must be a writable
+ * \param tag       The buffer for holding the tag. This must be a readable
 *                  buffer of at least \p tag_len Bytes.
 * \param tag_len   The length of the tag to generate. This must be at least
 *                  four.
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@ -4,7 +4,7 @@
 * \brief HAVEGE: HArdware Volatile Entropy Gathering and Expansion
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_HAVEGE_H
 #define MBEDTLS_HAVEGE_H
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@ -7,7 +7,7 @@
 *          specified by RFC 5869.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2016-2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -48,6 +48,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_HKDF_H
 #define MBEDTLS_HKDF_H
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@ -8,7 +8,7 @@
 * Deterministic Random Bit Generators</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_HMAC_DRBG_H
 #define MBEDTLS_HMAC_DRBG_H
@ -128,14 +130,6 @@ typedef struct mbedtls_hmac_drbg_context
    void *p_entropy;            /*!< context for the entropy function        */

 #if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized if and only if
-     * md_ctx->md_info != NULL. This means that the mutex is initialized
-     * during the initial seeding in mbedtls_hmac_drbg_seed() or
-     * mbedtls_hmac_drbg_seed_buf() and freed in mbedtls_ctr_drbg_free().
-     *
-     * Note that this invariant may change without notice. Do not rely on it
-     * and do not access the mutex directly in application code.
-     */
    mbedtls_threading_mutex_t mutex;
 #endif
 } mbedtls_hmac_drbg_context;
@ -146,10 +140,6 @@ typedef struct mbedtls_hmac_drbg_context
 * This function makes the context ready for mbedtls_hmac_drbg_seed(),
 * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
 *
- * \note                The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
- *                      by default. Override this value by calling
- *                      mbedtls_hmac_drbg_set_reseed_interval().
- *
 * \param ctx           HMAC_DRBG context to be initialized.
 */
 void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
@ -185,17 +175,7 @@ void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
 * \note                During the initial seeding, this function calls
 *                      the entropy source to obtain a nonce
 *                      whose length is half the entropy length.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_hmac_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
+ *
 * \param ctx           HMAC_DRBG context to be seeded.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param f_entropy     The entropy callback, taking as arguments the
@ -234,17 +214,7 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
 *
 * This function is meant for use in algorithms that need a pseudorandom
 * input such as deterministic ECDSA.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      after this function returns successfully,
- *                      it is safe to call mbedtls_hmac_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
+ *
 * \param ctx           HMAC_DRBG context to be initialised.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param data          Concatenation of the initial entropy string and
@ -307,11 +277,6 @@ void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
 /**
 * \brief               This function updates the state of the HMAC_DRBG context.
 *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    The data to update the state with.
 *                      If this is \c NULL, there is no additional data.
@ -328,11 +293,6 @@ int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
 * \brief               This function reseeds the HMAC_DRBG context, that is
 *                      extracts data from the entropy source.
 *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
 * \param ctx           The HMAC_DRBG context.
 * \param additional    Additional data to add to the state.
 *                      If this is \c NULL, there is no additional data
@ -358,11 +318,6 @@ int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \note                This function is not thread-safe. It is not safe
- *                      to call this function if another thread might be
- *                      concurrently obtaining random numbers from the same
- *                      context or updating or reseeding the same context.
- *
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
@ -392,16 +347,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
 *
 * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
- */
-#if defined(MBEDTLS_THREADING_C)
-/**
- * \note                When Mbed TLS is built with threading support,
- *                      it is safe to call mbedtls_ctr_drbg_random()
- *                      from multiple threads. Other operations, including
- *                      reseeding, are not thread-safe.
- */
-#endif /* MBEDTLS_THREADING_C */
-/**
+ *
 * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
 *                      #mbedtls_hmac_drbg_context structure.
 * \param output        The buffer to fill.
@ -417,8 +363,7 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
 int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );

 /**
- * \brief               This function resets HMAC_DRBG context to the state immediately
- *                      after initial call of mbedtls_hmac_drbg_init().
+ * \brief               Free an HMAC_DRBG context
 *
 * \param ctx           The HMAC_DRBG context to free.
 */
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -6,7 +6,7 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_MD_H
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@ -8,7 +8,7 @@
 *          instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -50,6 +50,8 @@
 *
 *  **********
 *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
 */
 #ifndef MBEDTLS_MD2_H
 #define MBEDTLS_MD2_H
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@ -8,7 +8,7 @@
 *          instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -50,6 +50,8 @@
 *
 *  **********
 *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
 */
 #ifndef MBEDTLS_MD4_H
 #define MBEDTLS_MD4_H
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@ -8,7 +8,7 @@
 *            digests instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_MD5_H
 #define MBEDTLS_MD5_H
--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@ -8,7 +8,7 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_MD_WRAP_H
 #define MBEDTLS_MD_WRAP_H
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@ -4,7 +4,7 @@
 * \brief Buffer-based memory allocator
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
 #define MBEDTLS_MEMORY_BUFFER_ALLOC_H
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@ -6,7 +6,7 @@
 * \deprecated Superseded by mbedtls/net_sockets.h
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@ -20,7 +20,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -61,6 +61,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_NET_SOCKETS_H
 #define MBEDTLS_NET_SOCKETS_H
@ -151,7 +153,6 @@ int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char
 *
 * \return         0 if successful, or one of:
 *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
 *                      MBEDTLS_ERR_NET_BIND_FAILED,
 *                      MBEDTLS_ERR_NET_LISTEN_FAILED
 *
@ -171,8 +172,6 @@ int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char
 *                  can be NULL if client_ip is null
 *
 * \return          0 if successful, or
- *                  MBEDTLS_ERR_NET_SOCKET_FAILED,
- *                  MBEDTLS_ERR_NET_BIND_FAILED,
 *                  MBEDTLS_ERR_NET_ACCEPT_FAILED, or
 *                  MBEDTLS_ERR_NET_BUFFER_TOO_SMALL if buf_size is too small,
 *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
@ -185,10 +184,6 @@ int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
 /**
 * \brief          Check and wait for the context to be ready for read/write
 *
- * \note           The current implementation of this function uses
- *                 select() and returns an error if the file descriptor
- *                 is \c FD_SETSIZE or greater.
- *
 * \param ctx      Socket to check
 * \param rw       Bitflag composed of MBEDTLS_NET_POLL_READ and
 *                 MBEDTLS_NET_POLL_WRITE specifying the events
@ -270,21 +265,16 @@ int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
 *                 'timeout' seconds. If no error occurs, the actual amount
 *                 read is returned.
 *
- * \note           The current implementation of this function uses
- *                 select() and returns an error if the file descriptor
- *                 is \c FD_SETSIZE or greater.
- *
 * \param ctx      Socket
 * \param buf      The buffer to write to
 * \param len      Maximum length of the buffer
 * \param timeout  Maximum number of milliseconds to wait for data
 *                 0 means no timeout (wait forever)
 *
- * \return         The number of bytes received if successful.
- *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out.
+ * \return         the number of bytes received,
+ *                 or a non-zero error code:
+ *                 MBEDTLS_ERR_SSL_TIMEOUT if the operation timed out,
 *                 MBEDTLS_ERR_SSL_WANT_READ if interrupted by a signal.
- *                 Another negative error code (MBEDTLS_ERR_NET_xxx)
- *                 for other failures.
 *
 * \note           This function will block (until data becomes available or
 *                 timeout is reached) even if the socket is set to
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@ -16,7 +16,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -57,6 +57,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_NIST_KW_H
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@ -4,7 +4,7 @@
 * \brief Object Identifier (OID) database
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_OID_H
 #define MBEDTLS_OID_H
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@ -8,7 +8,7 @@
 *          functions; you must not call them directly.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -49,6 +49,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PADLOCK_H
 #define MBEDTLS_PADLOCK_H
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@ -4,7 +4,7 @@
 * \brief Privacy Enhanced Mail (PEM) decoding
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PEM_H
 #define MBEDTLS_PEM_H
@ -137,27 +139,17 @@ void mbedtls_pem_free( mbedtls_pem_context *ctx );
 * \brief           Write a buffer of PEM information from a DER encoded
 *                  buffer.
 *
- * \param header    The header string to write.
- * \param footer    The footer string to write.
- * \param der_data  The DER data to encode.
- * \param der_len   The length of the DER data \p der_data in Bytes.
- * \param buf       The buffer to write to.
- * \param buf_len   The length of the output buffer \p buf in Bytes.
- * \param olen      The address at which to store the total length written
- *                  or required (if \p buf_len is not enough).
+ * \param header    header string to write
+ * \param footer    footer string to write
+ * \param der_data  DER data to write
+ * \param der_len   length of the DER data
+ * \param buf       buffer to write to
+ * \param buf_len   length of output buffer
+ * \param olen      total length written / required (if buf_len is not enough)
 *
- * \note            You may pass \c NULL for \p buf and \c 0 for \p buf_len
- *                  to request the length of the resulting PEM buffer in
- *                  `*olen`.
- *
- * \note            This function may be called with overlapping \p der_data
- *                  and \p buf buffers.
- *
- * \return          \c 0 on success.
- * \return          #MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL if \p buf isn't large
- *                  enough to hold the PEM buffer. In  this case, `*olen` holds
- *                  the required minimum size of \p buf.
- * \return          Another PEM or BASE64 error code on other kinds of failure.
+ * \return          0 on success, or a specific PEM or BASE64 error code. On
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  size.
 */
 int mbedtls_pem_write_buffer( const char *header, const char *footer,
                      const unsigned char *der_data, size_t der_len,
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -4,7 +4,7 @@
 * \brief Public Key abstraction layer
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_PK_H
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@ -4,7 +4,7 @@
 * \brief Public Key abstraction layer: wrapper functions
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_PK_WRAP_H
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@ -6,7 +6,7 @@
 * \author Adriaan de Jong <dejong@fox-it.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PKCS11_H
 #define MBEDTLS_PKCS11_H
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@ -4,7 +4,7 @@
 * \brief PKCS#12 Personal Information Exchange Syntax
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PKCS12_H
 #define MBEDTLS_PKCS12_H
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@ -6,7 +6,7 @@
 * \author Mathias Olsson <mathias@kompetensum.com>
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PKCS5_H
 #define MBEDTLS_PKCS5_H
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@ -13,7 +13,7 @@
 *        dynamically configured at runtime.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -54,6 +54,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PLATFORM_H
 #define MBEDTLS_PLATFORM_H
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@ -4,7 +4,7 @@
 * \brief mbed TLS Platform time abstraction
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2016, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PLATFORM_TIME_H
 #define MBEDTLS_PLATFORM_TIME_H
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@ -5,7 +5,7 @@
 *        library.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2018, Arm Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -46,6 +46,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_PLATFORM_UTIL_H
 #define MBEDTLS_PLATFORM_UTIL_H
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@ -13,7 +13,7 @@
 */

 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved.
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -54,6 +54,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */

 #ifndef MBEDTLS_POLY1305_H
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@ -4,7 +4,7 @@
 * \brief RIPE MD-160 message digest
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_RIPEMD160_H
 #define MBEDTLS_RIPEMD160_H
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@ -10,7 +10,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -51,6 +51,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_RSA_H
 #define MBEDTLS_RSA_H
@ -124,10 +126,7 @@ extern "C" {
 */
 typedef struct mbedtls_rsa_context
 {
-    int ver;                    /*!<  Reserved for internal purposes.
-                                 *    Do not set this field in application
-                                 *    code. Its meaning might change without
-                                 *    notice. */
+    int ver;                    /*!<  Always 0.*/
    size_t len;                 /*!<  The size of \p N in Bytes. */

    mbedtls_mpi N;              /*!<  The public modulus. */
@ -157,7 +156,6 @@ typedef struct mbedtls_rsa_context
                                     mask generating function used in the
                                     EME-OAEP and EMSA-PSS encodings. */
 #if defined(MBEDTLS_THREADING_C)
-    /* Invariant: the mutex is initialized iff ver != 0. */
    mbedtls_threading_mutex_t mutex;    /*!<  Thread-safety mutex. */
 #endif
 }
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@ -35,7 +35,7 @@
 *
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2017, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -77,6 +77,8 @@
 *
 *  **********
 *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
+ *
 */

 #ifndef MBEDTLS_RSA_INTERNAL_H
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@ -11,7 +11,7 @@
 *            digests instead.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -52,6 +52,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SHA1_H
 #define MBEDTLS_SHA1_H
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@ -7,7 +7,7 @@
 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -48,6 +48,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SHA256_H
 #define MBEDTLS_SHA256_H
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@ -6,7 +6,7 @@
 * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -47,6 +47,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of Mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SHA512_H
 #define MBEDTLS_SHA512_H
@ -152,7 +154,8 @@ int mbedtls_sha512_update_ret( mbedtls_sha512_context *ctx,

 /**
 * \brief          This function finishes the SHA-512 operation, and writes
- *                 the result to the output buffer.
+ *                 the result to the output buffer. This function is for
+ *                 internal use only.
 *
 * \param ctx      The SHA-512 context. This must be initialized
 *                 and have a hash operation started.
@ -168,7 +171,6 @@ int mbedtls_sha512_finish_ret( mbedtls_sha512_context *ctx,
 /**
 * \brief          This function processes a single data block within
 *                 the ongoing SHA-512 computation.
- *                 This function is for internal use only.
 *
 * \param ctx      The SHA-512 context. This must be initialized.
 * \param data     The buffer holding one block of data. This
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -4,7 +4,7 @@
 * \brief SSL/TLS functions.
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_H
 #define MBEDTLS_SSL_H
@ -1409,7 +1411,7 @@ void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
 * \note           For DTLS, you need to provide either a non-NULL
 *                 f_recv_timeout callback, or a f_recv that doesn't block.
 *
- * \note           See the documentations of \c mbedtls_ssl_send_t,
+ * \note           See the documentations of \c mbedtls_ssl_sent_t,
 *                 \c mbedtls_ssl_recv_t and \c mbedtls_ssl_recv_timeout_t for
 *                 the conventions those callbacks must follow.
 *
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@ -4,7 +4,7 @@
 * \brief SSL session cache implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_CACHE_H
 #define MBEDTLS_SSL_CACHE_H
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@ -4,7 +4,7 @@
 * \brief SSL Ciphersuites for mbed TLS
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_CIPHERSUITES_H
 #define MBEDTLS_SSL_CIPHERSUITES_H
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@ -4,7 +4,7 @@
 * \brief DTLS cookie callbacks implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_COOKIE_H
 #define MBEDTLS_SSL_COOKIE_H
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -4,7 +4,7 @@
 * \brief Internal functions shared by the SSL modules
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_INTERNAL_H
 #define MBEDTLS_SSL_INTERNAL_H
@ -150,24 +152,6 @@
 #define MBEDTLS_SSL_RETRANS_WAITING         2
 #define MBEDTLS_SSL_RETRANS_FINISHED        3

-/* This macro determines whether CBC is supported. */
-#if defined(MBEDTLS_CIPHER_MODE_CBC) &&                               \
-    ( defined(MBEDTLS_AES_C)      ||                                  \
-      defined(MBEDTLS_CAMELLIA_C) ||                                  \
-      defined(MBEDTLS_ARIA_C)     ||                                  \
-      defined(MBEDTLS_DES_C) )
-#define MBEDTLS_SSL_SOME_SUITES_USE_CBC
-#endif
-
-/* This macro determines whether the CBC construct used in TLS 1.0-1.2 (as
- * opposed to the very different CBC construct used in SSLv3) is supported. */
-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_CBC) && \
-    ( defined(MBEDTLS_SSL_PROTO_TLS1) ||        \
-      defined(MBEDTLS_SSL_PROTO_TLS1_1) ||      \
-      defined(MBEDTLS_SSL_PROTO_TLS1_2) )
-#define MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC
-#endif
-
 /*
 * Allow extra bytes for record, authentication and encryption overhead:
 * counter (8) + header (5) + IV(16) + MAC (16-48) + padding (0-256)
@ -859,73 +843,6 @@ int mbedtls_ssl_get_key_exchange_md_tls1_2( mbedtls_ssl_context *ssl,
 #endif /* MBEDTLS_SSL_PROTO_TLS1 || MBEDTLS_SSL_PROTO_TLS1_1 || \
          MBEDTLS_SSL_PROTO_TLS1_2 */

-#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-/** \brief Compute the HMAC of variable-length data with constant flow.
- *
- * This function computes the HMAC of the concatenation of \p add_data and \p
- * data, and does with a code flow and memory access pattern that does not
- * depend on \p data_len_secret, but only on \p min_data_len and \p
- * max_data_len. In particular, this function always reads exactly \p
- * max_data_len bytes from \p data.
- *
- * \param ctx               The HMAC context. It must have keys configured
- *                          with mbedtls_md_hmac_starts() and use one of the
- *                          following hashes: SHA-384, SHA-256, SHA-1 or MD-5.
- *                          It is reset using mbedtls_md_hmac_reset() after
- *                          the computation is complete to prepare for the
- *                          next computation.
- * \param add_data          The additional data prepended to \p data. This
- *                          must point to a readable buffer of \p add_data_len
- *                          bytes.
- * \param add_data_len      The length of \p add_data in bytes.
- * \param data              The data appended to \p add_data. This must point
- *                          to a readable buffer of \p max_data_len bytes.
- * \param data_len_secret   The length of the data to process in \p data.
- *                          This must be no less than \p min_data_len and no
- *                          greater than \p max_data_len.
- * \param min_data_len      The minimal length of \p data in bytes.
- * \param max_data_len      The maximal length of \p data in bytes.
- * \param output            The HMAC will be written here. This must point to
- *                          a writable buffer of sufficient size to hold the
- *                          HMAC value.
- *
- * \retval 0
- *         Success.
- * \retval MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED
- *         The hardware accelerator failed.
- */
-int mbedtls_ssl_cf_hmac(
-        mbedtls_md_context_t *ctx,
-        const unsigned char *add_data, size_t add_data_len,
-        const unsigned char *data, size_t data_len_secret,
-        size_t min_data_len, size_t max_data_len,
-        unsigned char *output );
-
-/** \brief Copy data from a secret position with constant flow.
- *
- * This function copies \p len bytes from \p src_base + \p offset_secret to \p
- * dst, with a code flow and memory access pattern that does not depend on \p
- * offset_secret, but only on \p offset_min, \p offset_max and \p len.
- *
- * \param dst           The destination buffer. This must point to a writable
- *                      buffer of at least \p len bytes.
- * \param src_base      The base of the source buffer. This must point to a
- *                      readable buffer of at least \p offset_max + \p len
- *                      bytes.
- * \param offset_secret The offset in the source buffer from which to copy.
- *                      This must be no less than \p offset_min and no greater
- *                      than \p offset_max.
- * \param offset_min    The minimal value of \p offset_secret.
- * \param offset_max    The maximal value of \p offset_secret.
- * \param len           The number of bytes to copy.
- */
-void mbedtls_ssl_cf_memcpy_offset( unsigned char *dst,
-                                   const unsigned char *src_base,
-                                   size_t offset_secret,
-                                   size_t offset_min, size_t offset_max,
-                                   size_t len );
-#endif /* MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC */
-
 #ifdef __cplusplus
 }
 #endif
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@ -4,7 +4,7 @@
 * \brief TLS server ticket callbacks implementation
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_SSL_TICKET_H
 #define MBEDTLS_SSL_TICKET_H
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@ -4,7 +4,7 @@
 * \brief Threading abstraction layer
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_THREADING_H
 #define MBEDTLS_THREADING_H
@ -73,9 +75,6 @@ extern "C" {
 typedef struct mbedtls_threading_mutex_t
 {
    pthread_mutex_t mutex;
-    /* is_valid is 0 after a failed init or a free, and nonzero after a
-     * successful init. This field is not considered part of the public
-     * API of Mbed TLS and may change without notice. */
    char is_valid;
 } mbedtls_threading_mutex_t;
 #endif
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@ -4,7 +4,7 @@
 * \brief Portable interface to timeouts and to the CPU cycle counter
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_TIMING_H
 #define MBEDTLS_TIMING_H
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@ -4,7 +4,7 @@
 * \brief Run-time version information
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 /*
 * This set of compile-time defines and run-time variables can be used to
@ -65,16 +67,16 @@
 */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  16
-#define MBEDTLS_VERSION_PATCH  10
+#define MBEDTLS_VERSION_PATCH  7

 /**
 * The single version number has the following structure:
 *    MMNNPP00
 *    Major version | Minor version | Patch version
 */
-#define MBEDTLS_VERSION_NUMBER         0x02100A00
-#define MBEDTLS_VERSION_STRING         "2.16.10"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.10"
+#define MBEDTLS_VERSION_NUMBER         0x02100700
+#define MBEDTLS_VERSION_STRING         "2.16.7"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.7"

 #if defined(MBEDTLS_VERSION_C)

--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@ -4,7 +4,7 @@
 * \brief X.509 generic defines and structures
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_X509_H
 #define MBEDTLS_X509_H
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@ -4,7 +4,7 @@
 * \brief X.509 certificate revocation list parsing
 */
 /*
- *  Copyright The Mbed TLS Contributors
+ *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
 *
 *  This file is provided under the Apache License 2.0, or the
@ -45,6 +45,8 @@
 *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 *  **********
+ *
+ *  This file is part of mbed TLS (https://tls.mbed.org)
 */
 #ifndef MBEDTLS_X509_CRL_H
 #define MBEDTLS_X509_CRL_H
--- a/Show more
+++ b/Show more