The Great Renaming

A simple execution of tmp/invoke-rename.pl
diff --git a/configs/README.txt b/configs/README.txt
index 6be64a2..e9867bc 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -11,15 +11,15 @@
    (Depending on your compiler, you may need to ajust the line with
    #include "mbedtls/check_config.h" then.)
 
-2. Define POLARSSL_CONFIG_FILE and adjust the include path accordingly.
+2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
    For example, using make:
 
-    CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE='<foo.h>'" make
+    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make
 
    Or, using cmake:
 
     find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
-    CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE='<foo.h>'" cmake .
+    CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
     make
 
 Note that the second method also works if you want to keep your custom
diff --git a/configs/config-ccm-psk-tls1_2.h b/configs/config-ccm-psk-tls1_2.h
index 7a6e70d..3f9d9cd 100644
--- a/configs/config-ccm-psk-tls1_2.h
+++ b/configs/config-ccm-psk-tls1_2.h
@@ -8,59 +8,59 @@
  *
  * See README.txt for usage instructions.
  */
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
 
 /* System support */
-//#define POLARSSL_HAVE_IPV6 /* Optional */
-//#define POLARSSL_HAVE_TIME /* Optionally used in Hello messages */
-/* Other POLARSSL_HAVE_XXX flags irrelevant for this configuration */
+//#define MBEDTLS_HAVE_IPV6 /* Optional */
+//#define MBEDTLS_HAVE_TIME /* Optionally used in Hello messages */
+/* Other MBEDTLS_HAVE_XXX flags irrelevant for this configuration */
 
 /* mbed TLS feature support */
-#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
-#define POLARSSL_SSL_PROTO_TLS1_2
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
 
 /* mbed TLS modules */
-#define POLARSSL_AES_C
-#define POLARSSL_CCM_C
-#define POLARSSL_CIPHER_C
-#define POLARSSL_CTR_DRBG_C
-#define POLARSSL_ENTROPY_C
-#define POLARSSL_MD_C
-#define POLARSSL_NET_C
-#define POLARSSL_SHA256_C
-#define POLARSSL_SSL_CLI_C
-#define POLARSSL_SSL_SRV_C
-#define POLARSSL_SSL_TLS_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_CCM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
 
 /* Save RAM at the expense of ROM */
-#define POLARSSL_AES_ROM_TABLES
+#define MBEDTLS_AES_ROM_TABLES
 
 /* Save some RAM by adjusting to your exact needs */
-#define POLARSSL_PSK_MAX_LEN    16 /* 128-bits keys are generally enough */
+#define MBEDTLS_PSK_MAX_LEN    16 /* 128-bits keys are generally enough */
 
 /*
  * You should adjust this to the exact number of sources you're using: default
  * is the "platform_entropy_poll" source, but you may want to add other ones
  * Minimum is 2 for the entropy test suite.
  */
-#define ENTROPY_MAX_SOURCES 2
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
 
 /*
  * Use only CCM_8 ciphersuites, and
  * save ROM and a few bytes of RAM by specifying our own ciphersuite list
  */
-#define SSL_CIPHERSUITES                        \
-        TLS_PSK_WITH_AES_256_CCM_8,             \
-        TLS_PSK_WITH_AES_128_CCM_8
+#define MBEDTLS_SSL_CIPHERSUITES                        \
+        MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8,             \
+        MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8
 
 /*
  * Save RAM at the expense of interoperability: do this only if you control
  * both ends of the connection!  (See comments in "mbedtls/ssl.h".)
  * The optimal size here depends on the typical size of records.
  */
-#define SSL_MAX_CONTENT_LEN             512
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             512
 
 #include "check_config.h"
 
-#endif /* POLARSSL_CONFIG_H */
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index dc9ee0f..69200f7 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -1,56 +1,56 @@
 /*
  * Minimal configuration for TLS 1.1 (RFC 4346), implementing only the
- * required ciphersuite: TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ * required ciphersuite: MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
  *
  * See README.txt for usage instructions.
  */
 
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
 
 /* System support */
-#define POLARSSL_HAVE_ASM
-#define POLARSSL_HAVE_TIME
-#define POLARSSL_HAVE_IPV6
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_IPV6
 
 /* mbed TLS feature support */
-#define POLARSSL_CIPHER_MODE_CBC
-#define POLARSSL_PKCS1_V15
-#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
-#define POLARSSL_SSL_PROTO_TLS1_1
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_PKCS1_V15
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_1
 
 /* mbed TLS modules */
-#define POLARSSL_AES_C
-#define POLARSSL_ASN1_PARSE_C
-#define POLARSSL_ASN1_WRITE_C
-#define POLARSSL_BIGNUM_C
-#define POLARSSL_CIPHER_C
-#define POLARSSL_CTR_DRBG_C
-#define POLARSSL_DES_C
-#define POLARSSL_ENTROPY_C
-#define POLARSSL_MD_C
-#define POLARSSL_MD5_C
-#define POLARSSL_NET_C
-#define POLARSSL_OID_C
-#define POLARSSL_PK_C
-#define POLARSSL_PK_PARSE_C
-#define POLARSSL_RSA_C
-#define POLARSSL_SHA1_C
-#define POLARSSL_SHA256_C
-#define POLARSSL_SSL_CLI_C
-#define POLARSSL_SSL_SRV_C
-#define POLARSSL_SSL_TLS_C
-#define POLARSSL_X509_CRT_PARSE_C
-#define POLARSSL_X509_USE_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_DES_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_MD5_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_RSA_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
 
 /* For test certificates */
-#define POLARSSL_BASE64_C
-#define POLARSSL_CERTS_C
-#define POLARSSL_PEM_PARSE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
 
 /* For testing with compat.sh */
-#define POLARSSL_FS_IO
+#define MBEDTLS_FS_IO
 
 #include "mbedtls/check_config.h"
 
-#endif /* POLARSSL_CONFIG_H */
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-picocoin.h b/configs/config-picocoin.h
index 57b8005..90879b8 100644
--- a/configs/config-picocoin.h
+++ b/configs/config-picocoin.h
@@ -9,45 +9,45 @@
  * - ECDSA/PK and some other chosen crypto bits.
  */
 
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
 
 /* System support */
-#define POLARSSL_HAVE_LONGLONG
-#define POLARSSL_HAVE_ASM
-#define POLARSSL_HAVE_TIME
-#define POLARSSL_HAVE_IPV6
+#define MBEDTLS_HAVE_LONGLONG
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_IPV6
 
 /* mbed TLS feature support */
-#define POLARSSL_CIPHER_MODE_CBC
-#define POLARSSL_CIPHER_PADDING_PKCS7
-#define POLARSSL_ECP_DP_SECP256K1_ENABLED
-#define POLARSSL_ECDSA_DETERMINISTIC
-#define POLARSSL_PK_PARSE_EC_EXTENDED
-#define POLARSSL_ERROR_STRERROR_DUMMY
-#define POLARSSL_FS_IO
+#define MBEDTLS_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECDSA_DETERMINISTIC
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
+#define MBEDTLS_ERROR_STRERROR_DUMMY
+#define MBEDTLS_FS_IO
 
 /* mbed TLS modules */
-#define POLARSSL_AESNI_C
-#define POLARSSL_AES_C
-#define POLARSSL_ASN1_PARSE_C
-#define POLARSSL_ASN1_WRITE_C
-#define POLARSSL_BASE64_C
-#define POLARSSL_BIGNUM_C
-#define POLARSSL_ECDSA_C
-#define POLARSSL_ECP_C
-#define POLARSSL_ENTROPY_C
-#define POLARSSL_HMAC_DRBG_C
-#define POLARSSL_MD_C
-#define POLARSSL_OID_C
-#define POLARSSL_PADLOCK_C
-#define POLARSSL_PK_C
-#define POLARSSL_PK_PARSE_C
-#define POLARSSL_PK_WRITE_C
-#define POLARSSL_RIPEMD160_C
-#define POLARSSL_SHA1_C
-#define POLARSSL_SHA256_C
+#define MBEDTLS_AESNI_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_HMAC_DRBG_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PADLOCK_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_PK_WRITE_C
+#define MBEDTLS_RIPEMD160_C
+#define MBEDTLS_SHA1_C
+#define MBEDTLS_SHA256_C
 
 #include "check_config.h"
 
-#endif /* POLARSSL_CONFIG_H */
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index b565653..0be7155 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -12,75 +12,75 @@
  * See README.txt for usage instructions.
  */
 
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
 
 /* System support */
-#define POLARSSL_HAVE_ASM
-#define POLARSSL_HAVE_TIME
-#define POLARSSL_HAVE_IPV6
+#define MBEDTLS_HAVE_ASM
+#define MBEDTLS_HAVE_TIME
+#define MBEDTLS_HAVE_IPV6
 
 /* mbed TLS feature support */
-#define POLARSSL_ECP_DP_SECP256R1_ENABLED
-#define POLARSSL_ECP_DP_SECP384R1_ENABLED
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
-#define POLARSSL_SSL_PROTO_TLS1_2
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_SSL_PROTO_TLS1_2
 
 /* mbed TLS modules */
-#define POLARSSL_AES_C
-#define POLARSSL_ASN1_PARSE_C
-#define POLARSSL_ASN1_WRITE_C
-#define POLARSSL_BIGNUM_C
-#define POLARSSL_CIPHER_C
-#define POLARSSL_CTR_DRBG_C
-#define POLARSSL_ECDH_C
-#define POLARSSL_ECDSA_C
-#define POLARSSL_ECP_C
-#define POLARSSL_ENTROPY_C
-#define POLARSSL_GCM_C
-#define POLARSSL_MD_C
-#define POLARSSL_NET_C
-#define POLARSSL_OID_C
-#define POLARSSL_PK_C
-#define POLARSSL_PK_PARSE_C
-#define POLARSSL_SHA256_C
-#define POLARSSL_SHA512_C
-#define POLARSSL_SSL_CLI_C
-#define POLARSSL_SSL_SRV_C
-#define POLARSSL_SSL_TLS_C
-#define POLARSSL_X509_CRT_PARSE_C
-#define POLARSSL_X509_USE_C
+#define MBEDTLS_AES_C
+#define MBEDTLS_ASN1_PARSE_C
+#define MBEDTLS_ASN1_WRITE_C
+#define MBEDTLS_BIGNUM_C
+#define MBEDTLS_CIPHER_C
+#define MBEDTLS_CTR_DRBG_C
+#define MBEDTLS_ECDH_C
+#define MBEDTLS_ECDSA_C
+#define MBEDTLS_ECP_C
+#define MBEDTLS_ENTROPY_C
+#define MBEDTLS_GCM_C
+#define MBEDTLS_MD_C
+#define MBEDTLS_NET_C
+#define MBEDTLS_OID_C
+#define MBEDTLS_PK_C
+#define MBEDTLS_PK_PARSE_C
+#define MBEDTLS_SHA256_C
+#define MBEDTLS_SHA512_C
+#define MBEDTLS_SSL_CLI_C
+#define MBEDTLS_SSL_SRV_C
+#define MBEDTLS_SSL_TLS_C
+#define MBEDTLS_X509_CRT_PARSE_C
+#define MBEDTLS_X509_USE_C
 
 /* For test certificates */
-#define POLARSSL_BASE64_C
-#define POLARSSL_CERTS_C
-#define POLARSSL_PEM_PARSE_C
+#define MBEDTLS_BASE64_C
+#define MBEDTLS_CERTS_C
+#define MBEDTLS_PEM_PARSE_C
 
 /* Save RAM at the expense of ROM */
-#define POLARSSL_AES_ROM_TABLES
+#define MBEDTLS_AES_ROM_TABLES
 
 /* Save RAM by adjusting to our exact needs */
-#define POLARSSL_ECP_MAX_BITS   384
-#define POLARSSL_MPI_MAX_SIZE    48 // 384 bits is 48 bytes
+#define MBEDTLS_ECP_MAX_BITS   384
+#define MBEDTLS_MPI_MAX_SIZE    48 // 384 bits is 48 bytes
 
 /* Save RAM at the expense of speed, see ecp.h */
-#define POLARSSL_ECP_WINDOW_SIZE        2
-#define POLARSSL_ECP_FIXED_POINT_OPTIM  0
+#define MBEDTLS_ECP_WINDOW_SIZE        2
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  0
 
 /* Significant speed benefit at the expense of some ROM */
-#define POLARSSL_ECP_NIST_OPTIM
+#define MBEDTLS_ECP_NIST_OPTIM
 
 /*
  * You should adjust this to the exact number of sources you're using: default
  * is the "platform_entropy_poll" source, but you may want to add other ones.
  * Minimum is 2 for the entropy test suite.
  */
-#define ENTROPY_MAX_SOURCES 2
+#define MBEDTLS_ENTROPY_MAX_SOURCES 2
 
 /* Save ROM and a few bytes of RAM by specifying our own ciphersuite list */
-#define SSL_CIPHERSUITES                        \
-    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,    \
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+#define MBEDTLS_SSL_CIPHERSUITES                        \
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,    \
+    MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 
 /*
  * Save RAM at the expense of interoperability: do this only if you control
@@ -88,8 +88,8 @@
  * The minimum size here depends on the certificate chain used as well as the
  * typical size of records.
  */
-#define SSL_MAX_CONTENT_LEN             1024
+#define MBEDTLS_SSL_MAX_CONTENT_LEN             1024
 
 #include "mbedtls/check_config.h"
 
-#endif /* POLARSSL_CONFIG_H */
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 8bcc039..a773c75 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_AES_H
-#define POLARSSL_AES_H
+#ifndef MBEDTLS_AES_H
+#define MBEDTLS_AES_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -40,13 +40,13 @@
 #endif
 
 /* padlock.c and aesni.c rely on these values! */
-#define AES_ENCRYPT     1
-#define AES_DECRYPT     0
+#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_DECRYPT     0
 
-#define POLARSSL_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
-#define POLARSSL_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020  /**< Invalid key length. */
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022  /**< Invalid data input length. */
 
-#if !defined(POLARSSL_AES_ALT)
+#if !defined(MBEDTLS_AES_ALT)
 // Regular implementation
 //
 
@@ -68,21 +68,21 @@
     uint32_t *rk;               /*!<  AES round keys    */
     uint32_t buf[68];           /*!<  unaligned data    */
 }
-aes_context;
+mbedtls_aes_context;
 
 /**
  * \brief          Initialize AES context
  *
  * \param ctx      AES context to be initialized
  */
-void aes_init( aes_context *ctx );
+void mbedtls_aes_init( mbedtls_aes_context *ctx );
 
 /**
  * \brief          Clear AES context
  *
  * \param ctx      AES context to be cleared
  */
-void aes_free( aes_context *ctx );
+void mbedtls_aes_free( mbedtls_aes_context *ctx );
 
 /**
  * \brief          AES key schedule (encryption)
@@ -91,9 +91,9 @@
  * \param key      encryption key
  * \param keysize  must be 128, 192 or 256
  *
- * \return         0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
-int aes_setkey_enc( aes_context *ctx, const unsigned char *key,
+int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keysize );
 
 /**
@@ -103,27 +103,27 @@
  * \param key      decryption key
  * \param keysize  must be 128, 192 or 256
  *
- * \return         0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
-int aes_setkey_dec( aes_context *ctx, const unsigned char *key,
+int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
                     unsigned int keysize );
 
 /**
  * \brief          AES-ECB block encryption/decryption
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param input    16-byte input block
  * \param output   16-byte output block
  *
  * \return         0 if successful
  */
-int aes_crypt_ecb( aes_context *ctx,
+int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
                     int mode,
                     const unsigned char input[16],
                     unsigned char output[16] );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
  * \brief          AES-CBC buffer encryption/decryption
  *                 Length should be a multiple of the block
@@ -138,29 +138,29 @@
  *                 module instead.
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
  * \param output   buffer holding the output data
  *
- * \return         0 if successful, or POLARSSL_ERR_AES_INVALID_INPUT_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
  */
-int aes_crypt_cbc( aes_context *ctx,
+int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-#if defined(POLARSSL_CIPHER_MODE_CFB)
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
  * \brief          AES-CFB128 buffer encryption/decryption.
  *
  * Note: Due to the nature of CFB you should use the same key schedule for
  * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -171,7 +171,7 @@
  *                 module instead.
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param length   length of the input data
  * \param iv_off   offset in IV (updated after use)
  * \param iv       initialization vector (updated after use)
@@ -180,7 +180,7 @@
  *
  * \return         0 if successful
  */
-int aes_crypt_cfb128( aes_context *ctx,
+int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
                        int mode,
                        size_t length,
                        size_t *iv_off,
@@ -193,7 +193,7 @@
  *
  * Note: Due to the nature of CFB you should use the same key schedule for
  * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -204,7 +204,7 @@
  *                 module instead.
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
@@ -212,15 +212,15 @@
  *
  * \return         0 if successful
  */
-int aes_crypt_cfb8( aes_context *ctx,
+int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
                     int mode,
                     size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output );
-#endif /*POLARSSL_CIPHER_MODE_CFB */
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
 
-#if defined(POLARSSL_CIPHER_MODE_CTR)
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
 /**
  * \brief               AES-CTR buffer encryption/decryption
  *
@@ -228,7 +228,7 @@
  *
  * Note: Due to the nature of CTR you should use the same key schedule for
  * both encryption and decryption. So a context initialized with
- * aes_setkey_enc() for both AES_ENCRYPT and AES_DECRYPT.
+ * mbedtls_aes_setkey_enc() for both MBEDTLS_AES_ENCRYPT and MBEDTLS_AES_DECRYPT.
  *
  * \param ctx           AES context
  * \param length        The length of the data
@@ -243,22 +243,22 @@
  *
  * \return         0 if successful
  */
-int aes_crypt_ctr( aes_context *ctx,
+int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
                        size_t length,
                        size_t *nc_off,
                        unsigned char nonce_counter[16],
                        unsigned char stream_block[16],
                        const unsigned char *input,
                        unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_AES_ALT */
+#else  /* MBEDTLS_AES_ALT */
 #include "aes_alt.h"
-#endif /* POLARSSL_AES_ALT */
+#endif /* MBEDTLS_AES_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -269,7 +269,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int aes_self_test( int verbose );
+int mbedtls_aes_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index 02419ed..cd85286 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -21,21 +21,21 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_AESNI_H
-#define POLARSSL_AESNI_H
+#ifndef MBEDTLS_AESNI_H
+#define MBEDTLS_AESNI_H
 
 #include "aes.h"
 
-#define POLARSSL_AESNI_AES      0x02000000u
-#define POLARSSL_AESNI_CLMUL    0x00000002u
+#define MBEDTLS_AESNI_AES      0x02000000u
+#define MBEDTLS_AESNI_CLMUL    0x00000002u
 
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) &&  \
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) &&  \
     ( defined(__amd64__) || defined(__x86_64__) )   &&  \
-    ! defined(POLARSSL_HAVE_X86_64)
-#define POLARSSL_HAVE_X86_64
+    ! defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_HAVE_X86_64
 #endif
 
-#if defined(POLARSSL_HAVE_X86_64)
+#if defined(MBEDTLS_HAVE_X86_64)
 
 #ifdef __cplusplus
 extern "C" {
@@ -45,23 +45,23 @@
  * \brief          AES-NI features detection routine
  *
  * \param what     The feature to detect
- *                 (POLARSSL_AESNI_AES or POLARSSL_AESNI_CLMUL)
+ *                 (MBEDTLS_AESNI_AES or MBEDTLS_AESNI_CLMUL)
  *
  * \return         1 if CPU has support for the feature, 0 otherwise
  */
-int aesni_supports( unsigned int what );
+int mbedtls_aesni_supports( unsigned int what );
 
 /**
  * \brief          AES-NI AES-ECB block en(de)cryption
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param input    16-byte input block
  * \param output   16-byte output block
  *
  * \return         0 on success (cannot fail)
  */
-int aesni_crypt_ecb( aes_context *ctx,
+int mbedtls_aesni_crypt_ecb( mbedtls_aes_context *ctx,
                      int mode,
                      const unsigned char input[16],
                      unsigned char output[16] );
@@ -76,7 +76,7 @@
  * \note           Both operands and result are bit strings interpreted as
  *                 elements of GF(2^128) as per the GCM spec.
  */
-void aesni_gcm_mult( unsigned char c[16],
+void mbedtls_aesni_gcm_mult( unsigned char c[16],
                      const unsigned char a[16],
                      const unsigned char b[16] );
 
@@ -87,7 +87,7 @@
  * \param fwdkey    Original round keys (for encryption)
  * \param nr        Number of rounds (that is, number of round keys minus one)
  */
-void aesni_inverse_key( unsigned char *invkey,
+void mbedtls_aesni_inverse_key( unsigned char *invkey,
                         const unsigned char *fwdkey, int nr );
 
 /**
@@ -97,9 +97,9 @@
  * \param key       Encryption key
  * \param bits      Key size in bits (must be 128, 192 or 256)
  *
- * \return          0 if successful, or POLARSSL_ERR_AES_INVALID_KEY_LENGTH
+ * \return          0 if successful, or MBEDTLS_ERR_AES_INVALID_KEY_LENGTH
  */
-int aesni_setkey_enc( unsigned char *rk,
+int mbedtls_aesni_setkey_enc( unsigned char *rk,
                       const unsigned char *key,
                       size_t bits );
 
@@ -107,6 +107,6 @@
 }
 #endif
 
-#endif /* POLARSSL_HAVE_X86_64 */
+#endif /* MBEDTLS_HAVE_X86_64 */
 
-#endif /* POLARSSL_AESNI_H */
+#endif /* MBEDTLS_AESNI_H */
diff --git a/include/mbedtls/arc4.h b/include/mbedtls/arc4.h
index 9de0577..da7d97b 100644
--- a/include/mbedtls/arc4.h
+++ b/include/mbedtls/arc4.h
@@ -21,18 +21,18 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ARC4_H
-#define POLARSSL_ARC4_H
+#ifndef MBEDTLS_ARC4_H
+#define MBEDTLS_ARC4_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if !defined(POLARSSL_ARC4_ALT)
+#if !defined(MBEDTLS_ARC4_ALT)
 // Regular implementation
 //
 
@@ -49,21 +49,21 @@
     int y;                      /*!< permutation index */
     unsigned char m[256];       /*!< permutation table */
 }
-arc4_context;
+mbedtls_arc4_context;
 
 /**
  * \brief          Initialize ARC4 context
  *
  * \param ctx      ARC4 context to be initialized
  */
-void arc4_init( arc4_context *ctx );
+void mbedtls_arc4_init( mbedtls_arc4_context *ctx );
 
 /**
  * \brief          Clear ARC4 context
  *
  * \param ctx      ARC4 context to be cleared
  */
-void arc4_free( arc4_context *ctx );
+void mbedtls_arc4_free( mbedtls_arc4_context *ctx );
 
 /**
  * \brief          ARC4 key schedule
@@ -72,7 +72,7 @@
  * \param key      the secret key
  * \param keylen   length of the key, in bytes
  */
-void arc4_setup( arc4_context *ctx, const unsigned char *key,
+void mbedtls_arc4_setup( mbedtls_arc4_context *ctx, const unsigned char *key,
                  unsigned int keylen );
 
 /**
@@ -85,16 +85,16 @@
  *
  * \return         0 if successful
  */
-int arc4_crypt( arc4_context *ctx, size_t length, const unsigned char *input,
+int mbedtls_arc4_crypt( mbedtls_arc4_context *ctx, size_t length, const unsigned char *input,
                 unsigned char *output );
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_ARC4_ALT */
+#else  /* MBEDTLS_ARC4_ALT */
 #include "arc4_alt.h"
-#endif /* POLARSSL_ARC4_ALT */
+#endif /* MBEDTLS_ARC4_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -105,7 +105,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int arc4_self_test( int verbose );
+int mbedtls_arc4_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 01081ad..25be760 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -21,18 +21,18 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ASN1_H
-#define POLARSSL_ASN1_H
+#ifndef MBEDTLS_ASN1_H
+#define MBEDTLS_ASN1_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if defined(POLARSSL_BIGNUM_C)
+#if defined(MBEDTLS_BIGNUM_C)
 #include "bignum.h"
 #endif
 
@@ -48,13 +48,13 @@
  * ASN1 is a standard to specify data structures.
  * \{
  */
-#define POLARSSL_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
-#define POLARSSL_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
-#define POLARSSL_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
-#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
-#define POLARSSL_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
-#define POLARSSL_ERR_ASN1_MALLOC_FAILED                    -0x006A  /**< Memory allocation failed */
-#define POLARSSL_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060  /**< Out of data when parsing an ASN1 data structure. */
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062  /**< ASN1 tag was of an unexpected value. */
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064  /**< Error when trying to determine the length or invalid length. */
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066  /**< Actual length differs from expected length. */
+#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068  /**< Data is invalid. (not used) */
+#define MBEDTLS_ERR_ASN1_MALLOC_FAILED                    -0x006A  /**< Memory allocation failed */
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C  /**< Buffer too small when writing ASN.1 data structure. */
 
 /* \} name */
 
@@ -66,42 +66,42 @@
  * - 0x02 -- tag indicating INTEGER
  * - 0x01 -- length in octets
  * - 0x05 -- value
- * Such sequences are typically read into \c ::x509_buf.
+ * Such sequences are typically read into \c ::mbedtls_x509_buf.
  * \{
  */
-#define ASN1_BOOLEAN                 0x01
-#define ASN1_INTEGER                 0x02
-#define ASN1_BIT_STRING              0x03
-#define ASN1_OCTET_STRING            0x04
-#define ASN1_NULL                    0x05
-#define ASN1_OID                     0x06
-#define ASN1_UTF8_STRING             0x0C
-#define ASN1_SEQUENCE                0x10
-#define ASN1_SET                     0x11
-#define ASN1_PRINTABLE_STRING        0x13
-#define ASN1_T61_STRING              0x14
-#define ASN1_IA5_STRING              0x16
-#define ASN1_UTC_TIME                0x17
-#define ASN1_GENERALIZED_TIME        0x18
-#define ASN1_UNIVERSAL_STRING        0x1C
-#define ASN1_BMP_STRING              0x1E
-#define ASN1_PRIMITIVE               0x00
-#define ASN1_CONSTRUCTED             0x20
-#define ASN1_CONTEXT_SPECIFIC        0x80
+#define MBEDTLS_ASN1_BOOLEAN                 0x01
+#define MBEDTLS_ASN1_INTEGER                 0x02
+#define MBEDTLS_ASN1_BIT_STRING              0x03
+#define MBEDTLS_ASN1_OCTET_STRING            0x04
+#define MBEDTLS_ASN1_NULL                    0x05
+#define MBEDTLS_ASN1_OID                     0x06
+#define MBEDTLS_ASN1_UTF8_STRING             0x0C
+#define MBEDTLS_ASN1_SEQUENCE                0x10
+#define MBEDTLS_ASN1_SET                     0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
+#define MBEDTLS_ASN1_T61_STRING              0x14
+#define MBEDTLS_ASN1_IA5_STRING              0x16
+#define MBEDTLS_ASN1_UTC_TIME                0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
+#define MBEDTLS_ASN1_BMP_STRING              0x1E
+#define MBEDTLS_ASN1_PRIMITIVE               0x00
+#define MBEDTLS_ASN1_CONSTRUCTED             0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
 /* \} name */
 /* \} addtogroup asn1_module */
 
 /** Returns the size of the binary string, without the trailing \\0 */
-#define OID_SIZE(x) (sizeof(x) - 1)
+#define MBEDTLS_OID_SIZE(x) (sizeof(x) - 1)
 
 /**
- * Compares an asn1_buf structure to a reference OID.
+ * Compares an mbedtls_asn1_buf structure to a reference OID.
  *
- * Only works for 'defined' oid_str values (OID_HMAC_SHA1), you cannot use a
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
  * 'unsigned char *oid' here!
  */
-#define OID_CMP(oid_str, oid_buf)                                   \
-        ( ( OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
+        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
           memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
 
 #ifdef __cplusplus
@@ -116,46 +116,46 @@
 /**
  * Type-length-value structure that allows for ASN1 using DER.
  */
-typedef struct _asn1_buf
+typedef struct mbedtls_asn1_buf
 {
-    int tag;                /**< ASN1 type, e.g. ASN1_UTF8_STRING. */
+    int tag;                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
     size_t len;             /**< ASN1 length, e.g. in octets. */
     unsigned char *p;       /**< ASN1 data, e.g. in ASCII. */
 }
-asn1_buf;
+mbedtls_asn1_buf;
 
 /**
  * Container for ASN1 bit strings.
  */
-typedef struct _asn1_bitstring
+typedef struct mbedtls_asn1_bitstring
 {
     size_t len;                 /**< ASN1 length, e.g. in octets. */
     unsigned char unused_bits;  /**< Number of unused bits at the end of the string */
     unsigned char *p;           /**< Raw ASN1 data for the bit string */
 }
-asn1_bitstring;
+mbedtls_asn1_bitstring;
 
 /**
  * Container for a sequence of ASN.1 items
  */
-typedef struct _asn1_sequence
+typedef struct mbedtls_asn1_sequence
 {
-    asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
-    struct _asn1_sequence *next;    /**< The next entry in the sequence. */
+    mbedtls_asn1_buf buf;                   /**< Buffer containing the given ASN.1 item. */
+    struct mbedtls_asn1_sequence *next;    /**< The next entry in the sequence. */
 }
-asn1_sequence;
+mbedtls_asn1_sequence;
 
 /**
  * Container for a sequence or list of 'named' ASN.1 data items
  */
-typedef struct _asn1_named_data
+typedef struct mbedtls_asn1_named_data
 {
-    asn1_buf oid;                   /**< The object identifier. */
-    asn1_buf val;                   /**< The named value. */
-    struct _asn1_named_data *next;  /**< The next entry in the sequence. */
+    mbedtls_asn1_buf oid;                   /**< The object identifier. */
+    mbedtls_asn1_buf val;                   /**< The named value. */
+    struct mbedtls_asn1_named_data *next;  /**< The next entry in the sequence. */
     unsigned char next_merged;      /**< Merge next item into the current one? */
 }
-asn1_named_data;
+mbedtls_asn1_named_data;
 
 /**
  * \brief       Get the length of an ASN.1 element.
@@ -165,11 +165,11 @@
  * \param end   End of data
  * \param len   The variable that will receive the value
  *
- * \return      0 if successful, POLARSSL_ERR_ASN1_OUT_OF_DATA on reaching
- *              end of data, POLARSSL_ERR_ASN1_INVALID_LENGTH if length is
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_OUT_OF_DATA on reaching
+ *              end of data, MBEDTLS_ERR_ASN1_INVALID_LENGTH if length is
  *              unparseable.
  */
-int asn1_get_len( unsigned char **p,
+int mbedtls_asn1_get_len( unsigned char **p,
                   const unsigned char *end,
                   size_t *len );
 
@@ -182,10 +182,10 @@
  * \param len   The variable that will receive the length
  * \param tag   The expected tag
  *
- * \return      0 if successful, POLARSSL_ERR_ASN1_UNEXPECTED_TAG if tag did
+ * \return      0 if successful, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG if tag did
  *              not match requested tag, or another specific ASN.1 error code.
  */
-int asn1_get_tag( unsigned char **p,
+int mbedtls_asn1_get_tag( unsigned char **p,
                   const unsigned char *end,
                   size_t *len, int tag );
 
@@ -199,7 +199,7 @@
  *
  * \return      0 if successful or a specific ASN.1 error code.
  */
-int asn1_get_bool( unsigned char **p,
+int mbedtls_asn1_get_bool( unsigned char **p,
                    const unsigned char *end,
                    int *val );
 
@@ -213,7 +213,7 @@
  *
  * \return      0 if successful or a specific ASN.1 error code.
  */
-int asn1_get_int( unsigned char **p,
+int mbedtls_asn1_get_int( unsigned char **p,
                   const unsigned char *end,
                   int *val );
 
@@ -227,8 +227,8 @@
  *
  * \return      0 if successful or a specific ASN.1 error code.
  */
-int asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                        asn1_bitstring *bs);
+int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
+                        mbedtls_asn1_bitstring *bs);
 
 /**
  * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
@@ -241,7 +241,7 @@
  *
  * \return      0 if successful or a specific ASN.1 error code.
  */
-int asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
+int mbedtls_asn1_get_bitstring_null( unsigned char **p, const unsigned char *end,
                              size_t *len );
 
 /**
@@ -255,12 +255,12 @@
  *
  * \return      0 if successful or a specific ASN.1 error code.
  */
-int asn1_get_sequence_of( unsigned char **p,
+int mbedtls_asn1_get_sequence_of( unsigned char **p,
                           const unsigned char *end,
-                          asn1_sequence *cur,
+                          mbedtls_asn1_sequence *cur,
                           int tag);
 
-#if defined(POLARSSL_BIGNUM_C)
+#if defined(MBEDTLS_BIGNUM_C)
 /**
  * \brief       Retrieve a MPI value from an integer ASN.1 tag.
  *              Updates the pointer to immediately behind the full tag.
@@ -271,10 +271,10 @@
  *
  * \return      0 if successful or a specific ASN.1 or MPI error code.
  */
-int asn1_get_mpi( unsigned char **p,
+int mbedtls_asn1_get_mpi( unsigned char **p,
                   const unsigned char *end,
-                  mpi *X );
-#endif /* POLARSSL_BIGNUM_C */
+                  mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
 
 /**
  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence.
@@ -288,9 +288,9 @@
  *
  * \return      0 if successful or a specific ASN.1 or MPI error code.
  */
-int asn1_get_alg( unsigned char **p,
+int mbedtls_asn1_get_alg( unsigned char **p,
                   const unsigned char *end,
-                  asn1_buf *alg, asn1_buf *params );
+                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
 
 /**
  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
@@ -304,9 +304,9 @@
  *
  * \return      0 if successful or a specific ASN.1 or MPI error code.
  */
-int asn1_get_alg_null( unsigned char **p,
+int mbedtls_asn1_get_alg_null( unsigned char **p,
                        const unsigned char *end,
-                       asn1_buf *alg );
+                       mbedtls_asn1_buf *alg );
 
 /**
  * \brief       Find a specific named_data entry in a sequence or list based on
@@ -318,23 +318,23 @@
  *
  * \return      NULL if not found, or a pointer to the existing entry.
  */
-asn1_named_data *asn1_find_named_data( asn1_named_data *list,
+mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( mbedtls_asn1_named_data *list,
                                        const char *oid, size_t len );
 
 /**
- * \brief       Free a asn1_named_data entry
+ * \brief       Free a mbedtls_asn1_named_data entry
  *
  * \param entry The named data entry to free
  */
-void asn1_free_named_data( asn1_named_data *entry );
+void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
 
 /**
- * \brief       Free all entries in a asn1_named_data list
+ * \brief       Free all entries in a mbedtls_asn1_named_data list
  *              Head will be set to NULL
  *
  * \param head  Pointer to the head of the list of named data entries to free
  */
-void asn1_free_named_data_list( asn1_named_data **head );
+void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index dc30206..8bae136 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -21,12 +21,12 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ASN1_WRITE_H
-#define POLARSSL_ASN1_WRITE_H
+#ifndef MBEDTLS_ASN1_WRITE_H
+#define MBEDTLS_ASN1_WRITE_H
 
 #include "asn1.h"
 
-#define ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
+#define MBEDTLS_ASN1_CHK_ADD(g, f) do { if( ( ret = f ) < 0 ) return( ret ); else   \
                                 g += ret; } while( 0 )
 
 #ifdef __cplusplus
@@ -43,7 +43,7 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
+int mbedtls_asn1_write_len( unsigned char **p, unsigned char *start, size_t len );
 
 /**
  * \brief           Write a ASN.1 tag in ASN.1 format
@@ -55,7 +55,7 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_tag( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_tag( unsigned char **p, unsigned char *start,
                     unsigned char tag );
 
 /**
@@ -69,12 +69,12 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_raw_buffer( unsigned char **p, unsigned char *start,
                            const unsigned char *buf, size_t size );
 
-#if defined(POLARSSL_BIGNUM_C)
+#if defined(MBEDTLS_BIGNUM_C)
 /**
- * \brief           Write a big number (ASN1_INTEGER) in ASN.1 format
+ * \brief           Write a big number (MBEDTLS_ASN1_INTEGER) in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
  * \param p         reference to current position pointer
@@ -83,11 +83,11 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_mpi( unsigned char **p, unsigned char *start, const mpi *X );
-#endif /* POLARSSL_BIGNUM_C */
+int mbedtls_asn1_write_mpi( unsigned char **p, unsigned char *start, const mbedtls_mpi *X );
+#endif /* MBEDTLS_BIGNUM_C */
 
 /**
- * \brief           Write a NULL tag (ASN1_NULL) with zero data in ASN.1 format
+ * \brief           Write a NULL tag (MBEDTLS_ASN1_NULL) with zero data in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
  * \param p         reference to current position pointer
@@ -95,10 +95,10 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_null( unsigned char **p, unsigned char *start );
+int mbedtls_asn1_write_null( unsigned char **p, unsigned char *start );
 
 /**
- * \brief           Write an OID tag (ASN1_OID) and data in ASN.1 format
+ * \brief           Write an OID tag (MBEDTLS_ASN1_OID) and data in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
  * \param p         reference to current position pointer
@@ -108,7 +108,7 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_oid( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_oid( unsigned char **p, unsigned char *start,
                     const char *oid, size_t oid_len );
 
 /**
@@ -124,12 +124,12 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_algorithm_identifier( unsigned char **p, unsigned char *start,
                                      const char *oid, size_t oid_len,
                                      size_t par_len );
 
 /**
- * \brief           Write a boolean tag (ASN1_BOOLEAN) and value in ASN.1 format
+ * \brief           Write a boolean tag (MBEDTLS_ASN1_BOOLEAN) and value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
  * \param p         reference to current position pointer
@@ -138,10 +138,10 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
+int mbedtls_asn1_write_bool( unsigned char **p, unsigned char *start, int boolean );
 
 /**
- * \brief           Write an int tag (ASN1_INTEGER) and value in ASN.1 format
+ * \brief           Write an int tag (MBEDTLS_ASN1_INTEGER) and value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
  * \param p         reference to current position pointer
@@ -150,10 +150,10 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_int( unsigned char **p, unsigned char *start, int val );
+int mbedtls_asn1_write_int( unsigned char **p, unsigned char *start, int val );
 
 /**
- * \brief           Write a printable string tag (ASN1_PRINTABLE_STRING) and
+ * \brief           Write a printable string tag (MBEDTLS_ASN1_PRINTABLE_STRING) and
  *                  value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
@@ -164,11 +164,11 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_printable_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_printable_string( unsigned char **p, unsigned char *start,
                                  const char *text, size_t text_len );
 
 /**
- * \brief           Write an IA5 string tag (ASN1_IA5_STRING) and
+ * \brief           Write an IA5 string tag (MBEDTLS_ASN1_IA5_STRING) and
  *                  value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
@@ -179,11 +179,11 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_ia5_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
                            const char *text, size_t text_len );
 
 /**
- * \brief           Write a bitstring tag (ASN1_BIT_STRING) and
+ * \brief           Write a bitstring tag (MBEDTLS_ASN1_BIT_STRING) and
  *                  value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
@@ -194,11 +194,11 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_bitstring( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
                           const unsigned char *buf, size_t bits );
 
 /**
- * \brief           Write an octet string tag (ASN1_OCTET_STRING) and
+ * \brief           Write an octet string tag (MBEDTLS_ASN1_OCTET_STRING) and
  *                  value in ASN.1 format
  *                  Note: function works backwards in data buffer
  *
@@ -209,7 +209,7 @@
  *
  * \return          the length written or a negative error code
  */
-int asn1_write_octet_string( unsigned char **p, unsigned char *start,
+int mbedtls_asn1_write_octet_string( unsigned char **p, unsigned char *start,
                              const unsigned char *buf, size_t size );
 
 /**
@@ -228,7 +228,7 @@
  * \return      NULL if if there was a memory allocation error, or a pointer
  *              to the new / existing entry.
  */
-asn1_named_data *asn1_store_named_data( asn1_named_data **list,
+mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
                                         const char *oid, size_t oid_len,
                                         const unsigned char *val,
                                         size_t val_len );
@@ -237,4 +237,4 @@
 }
 #endif
 
-#endif /* POLARSSL_ASN1_WRITE_H */
+#endif /* MBEDTLS_ASN1_WRITE_H */
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 0f1e854..86fce79 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_BASE64_H
-#define POLARSSL_BASE64_H
+#ifndef MBEDTLS_BASE64_H
+#define MBEDTLS_BASE64_H
 
 #include <stddef.h>
 
-#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
-#define POLARSSL_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A  /**< Output buffer too small. */
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C  /**< Invalid character in input. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -41,14 +41,14 @@
  * \param src      source buffer
  * \param slen     amount of data to be encoded
  *
- * \return         0 if successful, or POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL.
+ * \return         0 if successful, or MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL.
  *                 *dlen is always updated to reflect the amount
  *                 of data that has (or would have) been written.
  *
  * \note           Call this function with *dlen = 0 to obtain the
  *                 required buffer size in *dlen
  */
-int base64_encode( unsigned char *dst, size_t *dlen,
+int mbedtls_base64_encode( unsigned char *dst, size_t *dlen,
                    const unsigned char *src, size_t slen );
 
 /**
@@ -59,15 +59,15 @@
  * \param src      source buffer
  * \param slen     amount of data to be decoded
  *
- * \return         0 if successful, POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL, or
- *                 POLARSSL_ERR_BASE64_INVALID_CHARACTER if the input data is
+ * \return         0 if successful, MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL, or
+ *                 MBEDTLS_ERR_BASE64_INVALID_CHARACTER if the input data is
  *                 not correct. *dlen is always updated to reflect the amount
  *                 of data that has (or would have) been written.
  *
  * \note           Call this function with *dst = NULL or *dlen = 0 to obtain
  *                 the required buffer size in *dlen
  */
-int base64_decode( unsigned char *dst, size_t *dlen,
+int mbedtls_base64_decode( unsigned char *dst, size_t *dlen,
                    const unsigned char *src, size_t slen );
 
 /**
@@ -75,7 +75,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int base64_self_test( int verbose );
+int mbedtls_base64_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 171d42a..de3b959 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -21,18 +21,18 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_BIGNUM_H
-#define POLARSSL_BIGNUM_H
+#ifndef MBEDTLS_BIGNUM_H
+#define MBEDTLS_BIGNUM_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 #include <stdio.h>
 #endif
 
@@ -53,124 +53,124 @@
 #include <inttypes.h>
 #endif /* _MSC_VER && !EFIX64 && !EFI32 */
 
-#define POLARSSL_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
-#define POLARSSL_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
-#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
-#define POLARSSL_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
-#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
-#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
-#define POLARSSL_ERR_MPI_MALLOC_FAILED                     -0x0010  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002  /**< An error occurred while reading from or writing to a file. */
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006  /**< There is an invalid character in the digit string. */
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A  /**< The input arguments are negative or result in illegal output. */
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C  /**< The input argument for division is zero, which is not allowed. */
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E  /**< The input arguments are not acceptable. */
+#define MBEDTLS_ERR_MPI_MALLOC_FAILED                     -0x0010  /**< Memory allocation failed. */
 
-#define MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
+#define MBEDTLS_MPI_CHK(f) do { if( ( ret = f ) != 0 ) goto cleanup; } while( 0 )
 
 /*
  * Maximum size MPIs are allowed to grow to in number of limbs.
  */
-#define POLARSSL_MPI_MAX_LIMBS                             10000
+#define MBEDTLS_MPI_MAX_LIMBS                             10000
 
-#if !defined(POLARSSL_MPI_WINDOW_SIZE)
+#if !defined(MBEDTLS_MPI_WINDOW_SIZE)
 /*
  * Maximum window size used for modular exponentiation. Default: 6
  * Minimum value: 1. Maximum value: 6.
  *
- * Result is an array of ( 2 << POLARSSL_MPI_WINDOW_SIZE ) MPIs used
+ * Result is an array of ( 2 << MBEDTLS_MPI_WINDOW_SIZE ) MPIs used
  * for the sliding window calculation. (So 64 by default)
  *
  * Reduction in size, reduces speed.
  */
-#define POLARSSL_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
-#endif /* !POLARSSL_MPI_WINDOW_SIZE */
+#define MBEDTLS_MPI_WINDOW_SIZE                           6        /**< Maximum windows size used. */
+#endif /* !MBEDTLS_MPI_WINDOW_SIZE */
 
-#if !defined(POLARSSL_MPI_MAX_SIZE)
+#if !defined(MBEDTLS_MPI_MAX_SIZE)
 /*
  * Maximum size of MPIs allowed in bits and bytes for user-MPIs.
  * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )
  *
  * Note: Calculations can results temporarily in larger MPIs. So the number
- * of limbs required (POLARSSL_MPI_MAX_LIMBS) is higher.
+ * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
  */
-#define POLARSSL_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
-#endif /* !POLARSSL_MPI_MAX_SIZE */
+#define MBEDTLS_MPI_MAX_SIZE                              1024     /**< Maximum number of bytes for usable MPIs. */
+#endif /* !MBEDTLS_MPI_MAX_SIZE */
 
-#define POLARSSL_MPI_MAX_BITS                              ( 8 * POLARSSL_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
 
 /*
- * When reading from files with mpi_read_file() and writing to files with
- * mpi_write_file() the buffer should have space
+ * When reading from files with mbedtls_mpi_read_file() and writing to files with
+ * mbedtls_mpi_write_file() the buffer should have space
  * for a (short) label, the MPI (in the provided radix), the newline
  * characters and the '\0'.
  *
  * By default we assume at least a 10 char label, a minimum radix of 10
  * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
  * Autosized at compile time for at least a 10 char label, a minimum radix
- * of 10 (decimal) for a number of POLARSSL_MPI_MAX_BITS size.
+ * of 10 (decimal) for a number of MBEDTLS_MPI_MAX_BITS size.
  *
  * This used to be statically sized to 1250 for a maximum of 4096 bit
  * numbers (1234 decimal chars).
  *
  * Calculate using the formula:
- *  POLARSSL_MPI_RW_BUFFER_SIZE = ceil(POLARSSL_MPI_MAX_BITS / ln(10) * ln(2)) +
+ *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
  *                                LabelSize + 6
  */
-#define POLARSSL_MPI_MAX_BITS_SCALE100          ( 100 * POLARSSL_MPI_MAX_BITS )
-#define LN_2_DIV_LN_10_SCALE100                 332
-#define POLARSSL_MPI_RW_BUFFER_SIZE             ( ((POLARSSL_MPI_MAX_BITS_SCALE100 + LN_2_DIV_LN_10_SCALE100 - 1) / LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
 
 /*
  * Define the base integer type, architecture-wise
  */
-#if defined(POLARSSL_HAVE_INT8)
-typedef   signed char  t_sint;
-typedef unsigned char  t_uint;
-typedef uint16_t       t_udbl;
-#define POLARSSL_HAVE_UDBL
+#if defined(MBEDTLS_HAVE_INT8)
+typedef   signed char  mbedtls_mpi_sint;
+typedef unsigned char  mbedtls_mpi_uint;
+typedef uint16_t       mbedtls_t_udbl;
+#define MBEDTLS_HAVE_UDBL
 #else
-#if defined(POLARSSL_HAVE_INT16)
-typedef  int16_t t_sint;
-typedef uint16_t t_uint;
-typedef uint32_t t_udbl;
-#define POLARSSL_HAVE_UDBL
+#if defined(MBEDTLS_HAVE_INT16)
+typedef  int16_t mbedtls_mpi_sint;
+typedef uint16_t mbedtls_mpi_uint;
+typedef uint32_t mbedtls_t_udbl;
+#define MBEDTLS_HAVE_UDBL
 #else
   /*
    * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes)
-   * by defining POLARSSL_HAVE_INT32 and undefining POLARSSL_HAVE_ASM
+   * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM
    */
-  #if ( ! defined(POLARSSL_HAVE_INT32) && \
+  #if ( ! defined(MBEDTLS_HAVE_INT32) && \
           defined(_MSC_VER) && defined(_M_AMD64) )
-    #define POLARSSL_HAVE_INT64
-    typedef  int64_t t_sint;
-    typedef uint64_t t_uint;
+    #define MBEDTLS_HAVE_INT64
+    typedef  int64_t mbedtls_mpi_sint;
+    typedef uint64_t mbedtls_mpi_uint;
   #else
-    #if ( ! defined(POLARSSL_HAVE_INT32) &&               \
+    #if ( ! defined(MBEDTLS_HAVE_INT32) &&               \
           defined(__GNUC__) && (                          \
           defined(__amd64__) || defined(__x86_64__)    || \
           defined(__ppc64__) || defined(__powerpc64__) || \
           defined(__ia64__)  || defined(__alpha__)     || \
           (defined(__sparc__) && defined(__arch64__))  || \
           defined(__s390x__) || defined(__mips64) ) )
-       #define POLARSSL_HAVE_INT64
-       typedef  int64_t t_sint;
-       typedef uint64_t t_uint;
-       typedef unsigned int t_udbl __attribute__((mode(TI)));
-       #define POLARSSL_HAVE_UDBL
+       #define MBEDTLS_HAVE_INT64
+       typedef  int64_t mbedtls_mpi_sint;
+       typedef uint64_t mbedtls_mpi_uint;
+       typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+       #define MBEDTLS_HAVE_UDBL
     #else
-       #define POLARSSL_HAVE_INT32
-       typedef  int32_t t_sint;
-       typedef uint32_t t_uint;
+       #define MBEDTLS_HAVE_INT32
+       typedef  int32_t mbedtls_mpi_sint;
+       typedef uint32_t mbedtls_mpi_uint;
        #if ( defined(_MSC_VER) && defined(_M_IX86) )
-         typedef uint64_t t_udbl;
-         #define POLARSSL_HAVE_UDBL
+         typedef uint64_t mbedtls_t_udbl;
+         #define MBEDTLS_HAVE_UDBL
        #else
-         #if defined( POLARSSL_HAVE_LONGLONG )
-           typedef unsigned long long t_udbl;
-           #define POLARSSL_HAVE_UDBL
+         #if defined( MBEDTLS_HAVE_LONGLONG )
+           typedef unsigned long long mbedtls_t_udbl;
+           #define MBEDTLS_HAVE_UDBL
          #endif
        #endif
-    #endif /* !POLARSSL_HAVE_INT32 && __GNUC__ && 64-bit platform */
-  #endif /* !POLARSSL_HAVE_INT32 && _MSC_VER && _M_AMD64 */
-#endif /* POLARSSL_HAVE_INT16 */
-#endif /* POLARSSL_HAVE_INT8  */
+    #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */
+  #endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */
+#endif /* MBEDTLS_HAVE_INT16 */
+#endif /* MBEDTLS_HAVE_INT8  */
 
 #ifdef __cplusplus
 extern "C" {
@@ -183,23 +183,23 @@
 {
     int s;              /*!<  integer sign      */
     size_t n;           /*!<  total # of limbs  */
-    t_uint *p;          /*!<  pointer to limbs  */
+    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
 }
-mpi;
+mbedtls_mpi;
 
 /**
  * \brief           Initialize one MPI
  *
  * \param X         One MPI to initialize.
  */
-void mpi_init( mpi *X );
+void mbedtls_mpi_init( mbedtls_mpi *X );
 
 /**
  * \brief          Unallocate one MPI
  *
  * \param X        One MPI to unallocate.
  */
-void mpi_free( mpi *X );
+void mbedtls_mpi_free( mbedtls_mpi *X );
 
 /**
  * \brief          Enlarge to the specified number of limbs
@@ -208,9 +208,9 @@
  * \param nblimbs  The target number of limbs
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_grow( mpi *X, size_t nblimbs );
+int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
 
 /**
  * \brief          Resize down, keeping at least the specified number of limbs
@@ -219,9 +219,9 @@
  * \param nblimbs  The minimum number of limbs to keep
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_shrink( mpi *X, size_t nblimbs );
+int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
 
 /**
  * \brief          Copy the contents of Y into X
@@ -230,9 +230,9 @@
  * \param Y        Source MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_copy( mpi *X, const mpi *Y );
+int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
  * \brief          Swap the contents of X and Y
@@ -240,7 +240,7 @@
  * \param X        First MPI value
  * \param Y        Second MPI value
  */
-void mpi_swap( mpi *X, mpi *Y );
+void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
 
 /**
  * \brief          Safe conditional assignement X = Y if assign is 1
@@ -250,35 +250,35 @@
  * \param assign   1: perform the assignment, 0: keep X's original value
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
  *
  * \note           This function is equivalent to
- *                      if( assign ) mpi_copy( X, Y );
+ *                      if( assign ) mbedtls_mpi_copy( X, Y );
  *                 except that it avoids leaking any information about whether
  *                 the assignment was done or not (the above code may leak
  *                 information through branch prediction and/or memory access
  *                 patterns analysis).
  */
-int mpi_safe_cond_assign( mpi *X, const mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
 
 /**
  * \brief          Safe conditional swap X <-> Y if swap is 1
  *
- * \param X        First mpi value
- * \param Y        Second mpi value
+ * \param X        First mbedtls_mpi value
+ * \param Y        Second mbedtls_mpi value
  * \param assign   1: perform the swap, 0: keep X and Y's original values
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
  *
  * \note           This function is equivalent to
- *                      if( assign ) mpi_swap( X, Y );
+ *                      if( assign ) mbedtls_mpi_swap( X, Y );
  *                 except that it avoids leaking any information about whether
  *                 the assignment was done or not (the above code may leak
  *                 information through branch prediction and/or memory access
  *                 patterns analysis).
  */
-int mpi_safe_cond_swap( mpi *X, mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
 
 /**
  * \brief          Set value from integer
@@ -287,9 +287,9 @@
  * \param z        Value to use
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_lset( mpi *X, t_sint z );
+int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
 
 /**
  * \brief          Get a specific bit from X
@@ -299,7 +299,7 @@
  *
  * \return         Either a 0 or a 1
  */
-int mpi_get_bit( const mpi *X, size_t pos );
+int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
 
 /**
  * \brief          Set a bit of X to a specific value of 0 or 1
@@ -312,10 +312,10 @@
  * \param val      The value to set the bit to (0 or 1)
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
  */
-int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
+int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
 
 /**
  * \brief          Return the number of zero-bits before the least significant
@@ -325,7 +325,7 @@
  *
  * \param X        MPI to use
  */
-size_t mpi_lsb( const mpi *X );
+size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
 
 /**
  * \brief          Return the number of bits up to and including the most
@@ -335,14 +335,14 @@
  *
  * \param X        MPI to use
  */
-size_t mpi_msb( const mpi *X );
+size_t mbedtls_mpi_msb( const mbedtls_mpi *X );
 
 /**
  * \brief          Return the total size in bytes
  *
  * \param X        MPI to use
  */
-size_t mpi_size( const mpi *X );
+size_t mbedtls_mpi_size( const mbedtls_mpi *X );
 
 /**
  * \brief          Import from an ASCII string
@@ -351,9 +351,9 @@
  * \param radix    Input numeric base
  * \param s        Null-terminated string buffer
  *
- * \return         0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
  */
-int mpi_read_string( mpi *X, int radix, const char *s );
+int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
 
 /**
  * \brief          Export into an ASCII string
@@ -363,16 +363,16 @@
  * \param s        String buffer
  * \param slen     String buffer size
  *
- * \return         0 if successful, or a POLARSSL_ERR_MPI_XXX error code.
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code.
  *                 *slen is always updated to reflect the amount
  *                 of data that has (or would have) been written.
  *
  * \note           Call this function with *slen = 0 to obtain the
  *                 minimum required buffer size in *slen.
  */
-int mpi_write_string( const mpi *X, int radix, char *s, size_t *slen );
+int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix, char *s, size_t *slen );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /**
  * \brief          Read X from an opened file
  *
@@ -380,11 +380,11 @@
  * \param radix    Input numeric base
  * \param fin      Input file handle
  *
- * \return         0 if successful, POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if
+ * \return         0 if successful, MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if
  *                 the file read buffer is too small or a
- *                 POLARSSL_ERR_MPI_XXX error code
+ *                 MBEDTLS_ERR_MPI_XXX error code
  */
-int mpi_read_file( mpi *X, int radix, FILE *fin );
+int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
 
 /**
  * \brief          Write X into an opened file, or stdout if fout is NULL
@@ -394,12 +394,12 @@
  * \param radix    Output numeric base
  * \param fout     Output file handle (can be NULL)
  *
- * \return         0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ * \return         0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
  *
  * \note           Set fout == NULL to print X on the console.
  */
-int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
-#endif /* POLARSSL_FS_IO */
+int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X, int radix, FILE *fout );
+#endif /* MBEDTLS_FS_IO */
 
 /**
  * \brief          Import X from unsigned binary data, big endian
@@ -409,9 +409,9 @@
  * \param buflen   Input buffer size
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf, size_t buflen );
 
 /**
  * \brief          Export X into unsigned binary data, big endian.
@@ -423,9 +423,9 @@
  * \param buflen   Output buffer size
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
+ *                 MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL if buf isn't large enough
  */
-int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf, size_t buflen );
 
 /**
  * \brief          Left-shift: X <<= count
@@ -434,9 +434,9 @@
  * \param count    Amount to shift
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_shift_l( mpi *X, size_t count );
+int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
 
 /**
  * \brief          Right-shift: X >>= count
@@ -445,9 +445,9 @@
  * \param count    Amount to shift
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_shift_r( mpi *X, size_t count );
+int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
 
 /**
  * \brief          Compare unsigned values
@@ -459,7 +459,7 @@
  *                -1 if |X| is lesser  than |Y| or
  *                 0 if |X| is equal to |Y|
  */
-int mpi_cmp_abs( const mpi *X, const mpi *Y );
+int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
  * \brief          Compare signed values
@@ -471,7 +471,7 @@
  *                -1 if X is lesser  than Y or
  *                 0 if X is equal to Y
  */
-int mpi_cmp_mpi( const mpi *X, const mpi *Y );
+int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 
 /**
  * \brief          Compare signed values
@@ -483,7 +483,7 @@
  *                -1 if X is lesser  than z or
  *                 0 if X is equal to z
  */
-int mpi_cmp_int( const mpi *X, t_sint z );
+int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
 
 /**
  * \brief          Unsigned addition: X = |A| + |B|
@@ -493,9 +493,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
+int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Unsigned subtraction: X = |A| - |B|
@@ -505,9 +505,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_NEGATIVE_VALUE if B is greater than A
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B is greater than A
  */
-int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B );
+int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Signed addition: X = A + B
@@ -517,9 +517,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
+int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Signed subtraction: X = A - B
@@ -529,9 +529,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
+int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Signed addition: X = A + b
@@ -541,9 +541,9 @@
  * \param b        The integer value to add
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_add_int( mpi *X, const mpi *A, t_sint b );
+int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
 
 /**
  * \brief          Signed subtraction: X = A - b
@@ -553,9 +553,9 @@
  * \param b        The integer value to subtract
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
+int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_sint b );
 
 /**
  * \brief          Baseline multiplication: X = A * B
@@ -565,9 +565,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
+int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Baseline multiplication: X = A * b
@@ -579,12 +579,12 @@
  * \note           b is unsigned
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_mul_int( mpi *X, const mpi *A, t_uint b );
+int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A, mbedtls_mpi_uint b );
 
 /**
- * \brief          Division by mpi: A = Q * B + R
+ * \brief          Division by mbedtls_mpi: A = Q * B + R
  *
  * \param Q        Destination MPI for the quotient
  * \param R        Destination MPI for the rest value
@@ -592,12 +592,12 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0
  *
  * \note           Either Q or R can be NULL.
  */
-int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B );
+int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Division by int: A = Q * b + R
@@ -608,12 +608,12 @@
  * \param b        Integer to divide by
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0
  *
  * \note           Either Q or R can be NULL.
  */
-int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b );
+int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A, mbedtls_mpi_sint b );
 
 /**
  * \brief          Modulo: R = A mod B
@@ -623,25 +623,25 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
- *                 POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if B == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if B < 0
  */
-int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
+int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Modulo: r = A mod b
  *
- * \param r        Destination t_uint
+ * \param r        Destination mbedtls_mpi_uint
  * \param A        Left-hand MPI
  * \param b        Integer to divide by
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
- *                 POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if b == 0,
+ *                 MBEDTLS_ERR_MPI_NEGATIVE_VALUE if b < 0
  */
-int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
+int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_sint b );
 
 /**
  * \brief          Sliding-window exponentiation: X = A^E mod N
@@ -653,15 +653,15 @@
  * \param _RR      Speed-up MPI used for recalculations
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or even or
  *                 if E is negative
  *
  * \note           _RR is used to avoid re-computing R*R mod N across
  *                 multiple calls, which speeds up things a bit. It can
  *                 be set to NULL if the extra performance is unneeded.
  */
-int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
+int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *E, const mbedtls_mpi *N, mbedtls_mpi *_RR );
 
 /**
  * \brief          Fill an MPI X with size bytes of random
@@ -672,9 +672,9 @@
  * \param p_rng    RNG parameter
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_fill_random( mpi *X, size_t size,
+int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
 
@@ -686,9 +686,9 @@
  * \param B        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
+int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B );
 
 /**
  * \brief          Modular inverse: X = A^-1 mod N
@@ -698,11 +698,11 @@
  * \param N        Right-hand MPI
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
-                   POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
+                   MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
  */
-int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N );
+int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A, const mbedtls_mpi *N );
 
 /**
  * \brief          Miller-Rabin primality test
@@ -712,10 +712,10 @@
  * \param p_rng    RNG parameter
  *
  * \return         0 if successful (probably prime),
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if X is not prime
  */
-int mpi_is_prime( const mpi *X,
+int mbedtls_mpi_is_prime( const mbedtls_mpi *X,
                   int (*f_rng)(void *, unsigned char *, size_t),
                   void *p_rng );
 
@@ -724,16 +724,16 @@
  *
  * \param X        Destination MPI
  * \param nbits    Required size of X in bits
- *                 ( 3 <= nbits <= POLARSSL_MPI_MAX_BITS )
+ *                 ( 3 <= nbits <= MBEDTLS_MPI_MAX_BITS )
  * \param dh_flag  If 1, then (X-1)/2 will be prime too
  * \param f_rng    RNG function
  * \param p_rng    RNG parameter
  *
  * \return         0 if successful (probably prime),
- *                 POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                 POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
+ *                 MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                 MBEDTLS_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
  */
-int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,
+int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int dh_flag,
                    int (*f_rng)(void *, unsigned char *, size_t),
                    void *p_rng );
 
@@ -742,7 +742,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mpi_self_test( int verbose );
+int mbedtls_mpi_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/blowfish.h b/include/mbedtls/blowfish.h
index 21ba7d4..0b7ee06 100644
--- a/include/mbedtls/blowfish.h
+++ b/include/mbedtls/blowfish.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_BLOWFISH_H
-#define POLARSSL_BLOWFISH_H
+#ifndef MBEDTLS_BLOWFISH_H
+#define MBEDTLS_BLOWFISH_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,17 +39,17 @@
 #include <inttypes.h>
 #endif
 
-#define BLOWFISH_ENCRYPT     1
-#define BLOWFISH_DECRYPT     0
-#define BLOWFISH_MAX_KEY     448
-#define BLOWFISH_MIN_KEY     32
-#define BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
-#define BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
+#define MBEDTLS_BLOWFISH_ENCRYPT     1
+#define MBEDTLS_BLOWFISH_DECRYPT     0
+#define MBEDTLS_BLOWFISH_MAX_KEY     448
+#define MBEDTLS_BLOWFISH_MIN_KEY     32
+#define MBEDTLS_BLOWFISH_ROUNDS      16         /**< Rounds to use. When increasing this value, make sure to extend the initialisation vectors */
+#define MBEDTLS_BLOWFISH_BLOCKSIZE   8          /* Blowfish uses 64 bit blocks */
 
-#define POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
-#define POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH                -0x0016  /**< Invalid key length. */
+#define MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH              -0x0018  /**< Invalid data input length. */
 
-#if !defined(POLARSSL_BLOWFISH_ALT)
+#if !defined(MBEDTLS_BLOWFISH_ALT)
 // Regular implementation
 //
 
@@ -62,24 +62,24 @@
  */
 typedef struct
 {
-    uint32_t P[BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
+    uint32_t P[MBEDTLS_BLOWFISH_ROUNDS + 2];    /*!<  Blowfish round keys    */
     uint32_t S[4][256];                 /*!<  key dependent S-boxes  */
 }
-blowfish_context;
+mbedtls_blowfish_context;
 
 /**
  * \brief          Initialize Blowfish context
  *
  * \param ctx      Blowfish context to be initialized
  */
-void blowfish_init( blowfish_context *ctx );
+void mbedtls_blowfish_init( mbedtls_blowfish_context *ctx );
 
 /**
  * \brief          Clear Blowfish context
  *
  * \param ctx      Blowfish context to be cleared
  */
-void blowfish_free( blowfish_context *ctx );
+void mbedtls_blowfish_free( mbedtls_blowfish_context *ctx );
 
 /**
  * \brief          Blowfish key schedule
@@ -88,27 +88,27 @@
  * \param key      encryption key
  * \param keysize  must be between 32 and 448 bits
  *
- * \return         0 if successful, or POLARSSL_ERR_BLOWFISH_INVALID_KEY_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
  */
-int blowfish_setkey( blowfish_context *ctx, const unsigned char *key,
+int mbedtls_blowfish_setkey( mbedtls_blowfish_context *ctx, const unsigned char *key,
                      unsigned int keysize );
 
 /**
  * \brief          Blowfish-ECB block encryption/decryption
  *
  * \param ctx      Blowfish context
- * \param mode     BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
  * \param input    8-byte input block
  * \param output   8-byte output block
  *
  * \return         0 if successful
  */
-int blowfish_crypt_ecb( blowfish_context *ctx,
+int mbedtls_blowfish_crypt_ecb( mbedtls_blowfish_context *ctx,
                         int mode,
-                        const unsigned char input[BLOWFISH_BLOCKSIZE],
-                        unsigned char output[BLOWFISH_BLOCKSIZE] );
+                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
  * \brief          Blowfish-CBC buffer encryption/decryption
  *                 Length should be a multiple of the block
@@ -123,24 +123,24 @@
  *                 module instead.
  *
  * \param ctx      Blowfish context
- * \param mode     BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
  * \param output   buffer holding the output data
  *
  * \return         0 if successful, or
- *                 POLARSSL_ERR_BLOWFISH_INVALID_INPUT_LENGTH
+ *                 MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
  */
-int blowfish_crypt_cbc( blowfish_context *ctx,
+int mbedtls_blowfish_crypt_cbc( mbedtls_blowfish_context *ctx,
                         int mode,
                         size_t length,
-                        unsigned char iv[BLOWFISH_BLOCKSIZE],
+                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
                         const unsigned char *input,
                         unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-#if defined(POLARSSL_CIPHER_MODE_CFB)
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
  * \brief          Blowfish CFB buffer encryption/decryption.
  *
@@ -153,7 +153,7 @@
  *                 module instead.
  *
  * \param ctx      Blowfish context
- * \param mode     BLOWFISH_ENCRYPT or BLOWFISH_DECRYPT
+ * \param mode     MBEDTLS_BLOWFISH_ENCRYPT or MBEDTLS_BLOWFISH_DECRYPT
  * \param length   length of the input data
  * \param iv_off   offset in IV (updated after use)
  * \param iv       initialization vector (updated after use)
@@ -162,16 +162,16 @@
  *
  * \return         0 if successful
  */
-int blowfish_crypt_cfb64( blowfish_context *ctx,
+int mbedtls_blowfish_crypt_cfb64( mbedtls_blowfish_context *ctx,
                           int mode,
                           size_t length,
                           size_t *iv_off,
-                          unsigned char iv[BLOWFISH_BLOCKSIZE],
+                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
                           const unsigned char *input,
                           unsigned char *output );
-#endif /*POLARSSL_CIPHER_MODE_CFB */
+#endif /*MBEDTLS_CIPHER_MODE_CFB */
 
-#if defined(POLARSSL_CIPHER_MODE_CTR)
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
 /**
  * \brief               Blowfish-CTR buffer encryption/decryption
  *
@@ -190,21 +190,21 @@
  *
  * \return         0 if successful
  */
-int blowfish_crypt_ctr( blowfish_context *ctx,
+int mbedtls_blowfish_crypt_ctr( mbedtls_blowfish_context *ctx,
                         size_t length,
                         size_t *nc_off,
-                        unsigned char nonce_counter[BLOWFISH_BLOCKSIZE],
-                        unsigned char stream_block[BLOWFISH_BLOCKSIZE],
+                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
+                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
                         const unsigned char *input,
                         unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_BLOWFISH_ALT */
+#else  /* MBEDTLS_BLOWFISH_ALT */
 #include "blowfish_alt.h"
-#endif /* POLARSSL_BLOWFISH_ALT */
+#endif /* MBEDTLS_BLOWFISH_ALT */
 
 #endif /* blowfish.h */
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index aa940a9..7b8019c 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -35,12 +35,12 @@
  *         . Alpha                . MIPS32
  *         . C, longlong          . C, generic
  */
-#ifndef POLARSSL_BN_MUL_H
-#define POLARSSL_BN_MUL_H
+#ifndef MBEDTLS_BN_MUL_H
+#define MBEDTLS_BN_MUL_H
 
 #include "bignum.h"
 
-#if defined(POLARSSL_HAVE_ASM)
+#if defined(MBEDTLS_HAVE_ASM)
 
 #if defined(__GNUC__)
 #if defined(__i386__)
@@ -63,7 +63,7 @@
         "movl   %%edx,   %%ecx      \n\t"   \
         "stosl                      \n\t"
 
-#if defined(POLARSSL_HAVE_SSE2)
+#if defined(MBEDTLS_HAVE_SSE2)
 
 #define MULADDC_HUIT                            \
         "movd     %%ecx,     %%mm1      \n\t"   \
@@ -735,7 +735,7 @@
     __asm   mov     ecx, edx                    \
     __asm   stosd
 
-#if defined(POLARSSL_HAVE_SSE2)
+#if defined(MBEDTLS_HAVE_SSE2)
 
 #define EMIT __asm _emit
 
@@ -818,20 +818,20 @@
 #endif /* SSE2 */
 #endif /* MSVC */
 
-#endif /* POLARSSL_HAVE_ASM */
+#endif /* MBEDTLS_HAVE_ASM */
 
 #if !defined(MULADDC_CORE)
-#if defined(POLARSSL_HAVE_UDBL)
+#if defined(MBEDTLS_HAVE_UDBL)
 
 #define MULADDC_INIT                    \
 {                                       \
-    t_udbl r;                           \
-    t_uint r0, r1;
+    mbedtls_t_udbl r;                           \
+    mbedtls_mpi_uint r0, r1;
 
 #define MULADDC_CORE                    \
-    r   = *(s++) * (t_udbl) b;          \
-    r0  = (t_uint) r;                   \
-    r1  = (t_uint)( r >> biL );         \
+    r   = *(s++) * (mbedtls_t_udbl) b;          \
+    r0  = (mbedtls_mpi_uint) r;                   \
+    r1  = (mbedtls_mpi_uint)( r >> biL );         \
     r0 += c;  r1 += (r0 <  c);          \
     r0 += *d; r1 += (r0 < *d);          \
     c = r1; *(d++) = r0;
@@ -842,8 +842,8 @@
 #else
 #define MULADDC_INIT                    \
 {                                       \
-    t_uint s0, s1, b0, b1;              \
-    t_uint r0, r1, rx, ry;              \
+    mbedtls_mpi_uint s0, s1, b0, b1;              \
+    mbedtls_mpi_uint r0, r1, rx, ry;              \
     b0 = ( b << biH ) >> biH;           \
     b1 = ( b >> biH );
 
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 03218d1..b724ed5 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_CAMELLIA_H
-#define POLARSSL_CAMELLIA_H
+#ifndef MBEDTLS_CAMELLIA_H
+#define MBEDTLS_CAMELLIA_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,13 +39,13 @@
 #include <inttypes.h>
 #endif
 
-#define CAMELLIA_ENCRYPT     1
-#define CAMELLIA_DECRYPT     0
+#define MBEDTLS_CAMELLIA_ENCRYPT     1
+#define MBEDTLS_CAMELLIA_DECRYPT     0
 
-#define POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
-#define POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH           -0x0024  /**< Invalid key length. */
+#define MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH         -0x0026  /**< Invalid data input length. */
 
-#if !defined(POLARSSL_CAMELLIA_ALT)
+#if !defined(MBEDTLS_CAMELLIA_ALT)
 // Regular implementation
 //
 
@@ -61,21 +61,21 @@
     int nr;                     /*!<  number of rounds  */
     uint32_t rk[68];            /*!<  CAMELLIA round keys    */
 }
-camellia_context;
+mbedtls_camellia_context;
 
 /**
  * \brief          Initialize CAMELLIA context
  *
  * \param ctx      CAMELLIA context to be initialized
  */
-void camellia_init( camellia_context *ctx );
+void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
 
 /**
  * \brief          Clear CAMELLIA context
  *
  * \param ctx      CAMELLIA context to be cleared
  */
-void camellia_free( camellia_context *ctx );
+void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
 
 /**
  * \brief          CAMELLIA key schedule (encryption)
@@ -84,9 +84,9 @@
  * \param key      encryption key
  * \param keysize  must be 128, 192 or 256
  *
- * \return         0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
-int camellia_setkey_enc( camellia_context *ctx, const unsigned char *key,
+int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx, const unsigned char *key,
                          unsigned int keysize );
 
 /**
@@ -96,27 +96,27 @@
  * \param key      decryption key
  * \param keysize  must be 128, 192 or 256
  *
- * \return         0 if successful, or POLARSSL_ERR_CAMELLIA_INVALID_KEY_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
  */
-int camellia_setkey_dec( camellia_context *ctx, const unsigned char *key,
+int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx, const unsigned char *key,
                          unsigned int keysize );
 
 /**
  * \brief          CAMELLIA-ECB block encryption/decryption
  *
  * \param ctx      CAMELLIA context
- * \param mode     CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
  * \param input    16-byte input block
  * \param output   16-byte output block
  *
  * \return         0 if successful
  */
-int camellia_crypt_ecb( camellia_context *ctx,
+int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
                     int mode,
                     const unsigned char input[16],
                     unsigned char output[16] );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
  * \brief          CAMELLIA-CBC buffer encryption/decryption
  *                 Length should be a multiple of the block
@@ -131,30 +131,30 @@
  *                 module instead.
  *
  * \param ctx      CAMELLIA context
- * \param mode     CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
  * \param output   buffer holding the output data
  *
  * \return         0 if successful, or
- *                 POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
  */
-int camellia_crypt_cbc( camellia_context *ctx,
+int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
                     int mode,
                     size_t length,
                     unsigned char iv[16],
                     const unsigned char *input,
                     unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
 
-#if defined(POLARSSL_CIPHER_MODE_CFB)
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
 /**
  * \brief          CAMELLIA-CFB128 buffer encryption/decryption
  *
  * Note: Due to the nature of CFB you should use the same key schedule for
  * both encryption and decryption. So a context initialized with
- * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and CAMELLIE_DECRYPT.
  *
  * \note           Upon exit, the content of the IV is updated so that you can
  *                 call the function same function again on the following
@@ -165,7 +165,7 @@
  *                 module instead.
  *
  * \param ctx      CAMELLIA context
- * \param mode     CAMELLIA_ENCRYPT or CAMELLIA_DECRYPT
+ * \param mode     MBEDTLS_CAMELLIA_ENCRYPT or MBEDTLS_CAMELLIA_DECRYPT
  * \param length   length of the input data
  * \param iv_off   offset in IV (updated after use)
  * \param iv       initialization vector (updated after use)
@@ -173,18 +173,18 @@
  * \param output   buffer holding the output data
  *
  * \return         0 if successful, or
- *                 POLARSSL_ERR_CAMELLIA_INVALID_INPUT_LENGTH
+ *                 MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
  */
-int camellia_crypt_cfb128( camellia_context *ctx,
+int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
                        int mode,
                        size_t length,
                        size_t *iv_off,
                        unsigned char iv[16],
                        const unsigned char *input,
                        unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CFB */
+#endif /* MBEDTLS_CIPHER_MODE_CFB */
 
-#if defined(POLARSSL_CIPHER_MODE_CTR)
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
 /**
  * \brief               CAMELLIA-CTR buffer encryption/decryption
  *
@@ -192,7 +192,7 @@
  *
  * Note: Due to the nature of CTR you should use the same key schedule for
  * both encryption and decryption. So a context initialized with
- * camellia_setkey_enc() for both CAMELLIA_ENCRYPT and CAMELLIA_DECRYPT.
+ * mbedtls_camellia_setkey_enc() for both MBEDTLS_CAMELLIA_ENCRYPT and MBEDTLS_CAMELLIA_DECRYPT.
  *
  * \param ctx           CAMELLIA context
  * \param length        The length of the data
@@ -207,22 +207,22 @@
  *
  * \return         0 if successful
  */
-int camellia_crypt_ctr( camellia_context *ctx,
+int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
                        size_t length,
                        size_t *nc_off,
                        unsigned char nonce_counter[16],
                        unsigned char stream_block[16],
                        const unsigned char *input,
                        unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CTR */
+#endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_CAMELLIA_ALT */
+#else  /* MBEDTLS_CAMELLIA_ALT */
 #include "camellia_alt.h"
-#endif /* POLARSSL_CAMELLIA_ALT */
+#endif /* MBEDTLS_CAMELLIA_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -233,7 +233,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int camellia_self_test( int verbose );
+int mbedtls_camellia_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index 070b39d..7ee3a37 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_CCM_H
-#define POLARSSL_CCM_H
+#ifndef MBEDTLS_CCM_H
+#define MBEDTLS_CCM_H
 
 #include "cipher.h"
 
-#define POLARSSL_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
-#define POLARSSL_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_CCM_BAD_INPUT      -0x000D /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CCM_AUTH_FAILED    -0x000F /**< Authenticated decryption failed. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -37,9 +37,9 @@
  * \brief          CCM context structure
  */
 typedef struct {
-    cipher_context_t cipher_ctx;    /*!< cipher context used */
+    mbedtls_cipher_context_t cipher_ctx;    /*!< cipher context used */
 }
-ccm_context;
+mbedtls_ccm_context;
 
 /**
  * \brief           CCM initialization (encryption and decryption)
@@ -51,7 +51,7 @@
  *
  * \return          0 if successful, or a cipher specific error code
  */
-int ccm_init( ccm_context *ctx, cipher_id_t cipher,
+int mbedtls_ccm_init( mbedtls_ccm_context *ctx, mbedtls_cipher_id_t cipher,
               const unsigned char *key, unsigned int keysize );
 
 /**
@@ -59,7 +59,7 @@
  *
  * \param ctx       CCM context to free
  */
-void ccm_free( ccm_context *ctx );
+void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
 
 /**
  * \brief           CCM buffer encryption
@@ -86,7 +86,7 @@
  *
  * \return          0 if successful
  */
-int ccm_encrypt_and_tag( ccm_context *ctx, size_t length,
+int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
                          const unsigned char *iv, size_t iv_len,
                          const unsigned char *add, size_t add_len,
                          const unsigned char *input, unsigned char *output,
@@ -107,25 +107,25 @@
  * \param tag_len   length of the tag
  *
  * \return         0 if successful and authenticated,
- *                 POLARSSL_ERR_CCM_AUTH_FAILED if tag does not match
+ *                 MBEDTLS_ERR_CCM_AUTH_FAILED if tag does not match
  */
-int ccm_auth_decrypt( ccm_context *ctx, size_t length,
+int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
                       const unsigned char *iv, size_t iv_len,
                       const unsigned char *add, size_t add_len,
                       const unsigned char *input, unsigned char *output,
                       const unsigned char *tag, size_t tag_len );
 
-#if defined(POLARSSL_SELF_TEST) && defined(POLARSSL_AES_C)
+#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int ccm_self_test( int verbose );
-#endif /* POLARSSL_SELF_TEST && POLARSSL_AES_C */
+int mbedtls_ccm_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_CCM_H */
+#endif /* MBEDTLS_CCM_H */
diff --git a/include/mbedtls/certs.h b/include/mbedtls/certs.h
index 62db0ce..ee4d3a6 100644
--- a/include/mbedtls/certs.h
+++ b/include/mbedtls/certs.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_CERTS_H
-#define POLARSSL_CERTS_H
+#ifndef MBEDTLS_CERTS_H
+#define MBEDTLS_CERTS_H
 
 #include <stddef.h>
 
@@ -30,72 +30,72 @@
 extern "C" {
 #endif
 
-#if defined(POLARSSL_PEM_PARSE_C)
+#if defined(MBEDTLS_PEM_PARSE_C)
 /* Concatenation of all CA certificates in PEM format if available */
-extern const char   test_cas_pem[];
-extern const size_t test_cas_pem_len;
+extern const char   mbedtls_test_cas_pem[];
+extern const size_t mbedtls_test_cas_pem_len;
 #endif
 
 /* List of all CA certificates, terminated by NULL */
-extern const char * test_cas[];
-extern const size_t test_cas_len[];
+extern const char * mbedtls_test_cas[];
+extern const size_t mbedtls_test_cas_len[];
 
 /*
  * Convenience for users who just want a certificate:
  * RSA by default, or ECDSA if RSA is not available
  */
-extern const char * test_ca_crt;
-extern const size_t test_ca_crt_len;
-extern const char * test_ca_key;
-extern const size_t test_ca_key_len;
-extern const char * test_ca_pwd;
-extern const size_t test_ca_pwd_len;
-extern const char * test_srv_crt;
-extern const size_t test_srv_crt_len;
-extern const char * test_srv_key;
-extern const size_t test_srv_key_len;
-extern const char * test_cli_crt;
-extern const size_t test_cli_crt_len;
-extern const char * test_cli_key;
-extern const size_t test_cli_key_len;
+extern const char * mbedtls_test_ca_crt;
+extern const size_t mbedtls_test_ca_crt_len;
+extern const char * mbedtls_test_ca_key;
+extern const size_t mbedtls_test_ca_key_len;
+extern const char * mbedtls_test_ca_pwd;
+extern const size_t mbedtls_test_ca_pwd_len;
+extern const char * mbedtls_test_srv_crt;
+extern const size_t mbedtls_test_srv_crt_len;
+extern const char * mbedtls_test_srv_key;
+extern const size_t mbedtls_test_srv_key_len;
+extern const char * mbedtls_test_cli_crt;
+extern const size_t mbedtls_test_cli_crt_len;
+extern const char * mbedtls_test_cli_key;
+extern const size_t mbedtls_test_cli_key_len;
 
-#if defined(POLARSSL_ECDSA_C)
-extern const char   test_ca_crt_ec[];
-extern const size_t test_ca_crt_ec_len;
-extern const char   test_ca_key_ec[];
-extern const size_t test_ca_key_ec_len;
-extern const char   test_ca_pwd_ec[];
-extern const size_t test_ca_pwd_ec_len;
-extern const char   test_srv_crt_ec[];
-extern const size_t test_srv_crt_ec_len;
-extern const char   test_srv_key_ec[];
-extern const size_t test_srv_key_ec_len;
-extern const char   test_cli_crt_ec[];
-extern const size_t test_cli_crt_ec_len;
-extern const char   test_cli_key_ec[];
-extern const size_t test_cli_key_ec_len;
+#if defined(MBEDTLS_ECDSA_C)
+extern const char   mbedtls_test_ca_crt_ec[];
+extern const size_t mbedtls_test_ca_crt_ec_len;
+extern const char   mbedtls_test_ca_key_ec[];
+extern const size_t mbedtls_test_ca_key_ec_len;
+extern const char   mbedtls_test_ca_pwd_ec[];
+extern const size_t mbedtls_test_ca_pwd_ec_len;
+extern const char   mbedtls_test_srv_crt_ec[];
+extern const size_t mbedtls_test_srv_crt_ec_len;
+extern const char   mbedtls_test_srv_key_ec[];
+extern const size_t mbedtls_test_srv_key_ec_len;
+extern const char   mbedtls_test_cli_crt_ec[];
+extern const size_t mbedtls_test_cli_crt_ec_len;
+extern const char   mbedtls_test_cli_key_ec[];
+extern const size_t mbedtls_test_cli_key_ec_len;
 #endif
 
-#if defined(POLARSSL_RSA_C)
-extern const char   test_ca_crt_rsa[];
-extern const size_t test_ca_crt_rsa_len;
-extern const char   test_ca_key_rsa[];
-extern const size_t test_ca_key_rsa_len;
-extern const char   test_ca_pwd_rsa[];
-extern const size_t test_ca_pwd_rsa_len;
-extern const char   test_srv_crt_rsa[];
-extern const size_t test_srv_crt_rsa_len;
-extern const char   test_srv_key_rsa[];
-extern const size_t test_srv_key_rsa_len;
-extern const char   test_cli_crt_rsa[];
-extern const size_t test_cli_crt_rsa_len;
-extern const char   test_cli_key_rsa[];
-extern const size_t test_cli_key_rsa_len;
+#if defined(MBEDTLS_RSA_C)
+extern const char   mbedtls_test_ca_crt_rsa[];
+extern const size_t mbedtls_test_ca_crt_rsa_len;
+extern const char   mbedtls_test_ca_key_rsa[];
+extern const size_t mbedtls_test_ca_key_rsa_len;
+extern const char   mbedtls_test_ca_pwd_rsa[];
+extern const size_t mbedtls_test_ca_pwd_rsa_len;
+extern const char   mbedtls_test_srv_crt_rsa[];
+extern const size_t mbedtls_test_srv_crt_rsa_len;
+extern const char   mbedtls_test_srv_key_rsa[];
+extern const size_t mbedtls_test_srv_key_rsa_len;
+extern const char   mbedtls_test_cli_crt_rsa[];
+extern const size_t mbedtls_test_cli_crt_rsa_len;
+extern const char   mbedtls_test_cli_key_rsa[];
+extern const size_t mbedtls_test_cli_key_rsa_len;
 #endif
 
-#if defined(POLARSSL_DHM_C)
-extern const char   test_dhm_params[];
-extern const size_t test_dhm_params_len;
+#if defined(MBEDTLS_DHM_C)
+extern const char   mbedtls_test_dhm_params[];
+extern const size_t mbedtls_test_dhm_params_len;
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2194d47..e1b330f 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -27,474 +27,474 @@
  * in order to catch dependency issues early.
  */
 
-#ifndef POLARSSL_CHECK_CONFIG_H
-#define POLARSSL_CHECK_CONFIG_H
+#ifndef MBEDTLS_CHECK_CONFIG_H
+#define MBEDTLS_CHECK_CONFIG_H
 
-#if defined(POLARSSL_DEPRECATED_WARNING) && \
+#if defined(MBEDTLS_DEPRECATED_WARNING) && \
     !defined(__GNUC__) && !defined(__clang__)
-#error "POLARSSL_DEPRECATED_WARNING only works with GCC and Clang"
+#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
 #endif
 
-#if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM)
-#error "POLARSSL_AESNI_C defined, but not all prerequisites"
+#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_CTR_DRBG_C) && !defined(POLARSSL_AES_C)
-#error "POLARSSL_CTR_DRBG_C defined, but not all prerequisites"
+#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
+#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_DHM_C) && !defined(POLARSSL_BIGNUM_C)
-#error "POLARSSL_DHM_C defined, but not all prerequisites"
+#if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
+#error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ECDH_C) && !defined(POLARSSL_ECP_C)
-#error "POLARSSL_ECDH_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
+#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ECDSA_C) &&            \
-    ( !defined(POLARSSL_ECP_C) ||           \
-      !defined(POLARSSL_ASN1_PARSE_C) ||    \
-      !defined(POLARSSL_ASN1_WRITE_C) )
-#error "POLARSSL_ECDSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECDSA_C) &&            \
+    ( !defined(MBEDTLS_ECP_C) ||           \
+      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
+      !defined(MBEDTLS_ASN1_WRITE_C) )
+#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ECDSA_DETERMINISTIC) && !defined(POLARSSL_HMAC_DRBG_C)
-#error "POLARSSL_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
+#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ECP_C) && ( !defined(POLARSSL_BIGNUM_C) || (   \
-    !defined(POLARSSL_ECP_DP_SECP192R1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP224R1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP256R1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP384R1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP521R1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_BP256R1_ENABLED)   &&                  \
-    !defined(POLARSSL_ECP_DP_BP384R1_ENABLED)   &&                  \
-    !defined(POLARSSL_ECP_DP_BP512R1_ENABLED)   &&                  \
-    !defined(POLARSSL_ECP_DP_SECP192K1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(POLARSSL_ECP_DP_SECP256K1_ENABLED) ) )
-#error "POLARSSL_ECP_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (   \
+    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+#error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_ENTROPY_C) && (!defined(POLARSSL_SHA512_C) &&      \
-                                    !defined(POLARSSL_SHA256_C))
-#error "POLARSSL_ENTROPY_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
+                                    !defined(MBEDTLS_SHA256_C))
+#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
 #endif
-#if defined(POLARSSL_ENTROPY_C) && defined(POLARSSL_SHA512_C) &&         \
-    defined(CTR_DRBG_ENTROPY_LEN) && (CTR_DRBG_ENTROPY_LEN > 64)
-#error "CTR_DRBG_ENTROPY_LEN value too high"
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
 #endif
-#if defined(POLARSSL_ENTROPY_C) &&                                            \
-    ( !defined(POLARSSL_SHA512_C) || defined(POLARSSL_ENTROPY_FORCE_SHA256) ) \
-    && defined(CTR_DRBG_ENTROPY_LEN) && (CTR_DRBG_ENTROPY_LEN > 32)
-#error "CTR_DRBG_ENTROPY_LEN value too high"
+#if defined(MBEDTLS_ENTROPY_C) &&                                            \
+    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
+    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
 #endif
-#if defined(POLARSSL_ENTROPY_C) && \
-    defined(POLARSSL_ENTROPY_FORCE_SHA256) && !defined(POLARSSL_SHA256_C)
-#error "POLARSSL_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && \
+    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
+#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_GCM_C) && (                                        \
-        !defined(POLARSSL_AES_C) && !defined(POLARSSL_CAMELLIA_C) )
-#error "POLARSSL_GCM_C defined, but not all prerequisites"
+#if defined(MBEDTLS_GCM_C) && (                                        \
+        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) )
+#error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_HAVEGE_C) && !defined(POLARSSL_TIMING_C)
-#error "POLARSSL_HAVEGE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
+#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_HMAC_DRBG_C) && !defined(POLARSSL_MD_C)
-#error "POLARSSL_HMAC_DRBG_C defined, but not all prerequisites"
+#if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
+#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
-#error "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_X509_CRT_PARSE_C) )
-#error "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(POLARSSL_DHM_C)
-#error "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
+#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(POLARSSL_ECDH_C)
-#error "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
+    !defined(MBEDTLS_ECDH_C)
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
-    ( !defined(POLARSSL_DHM_C) || !defined(POLARSSL_RSA_C) ||           \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
-#error "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
+    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
-    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_RSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) || !defined(POLARSSL_PKCS1_V15) )
-#error "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
-    ( !defined(POLARSSL_ECDH_C) || !defined(POLARSSL_ECDSA_C) ||          \
-      !defined(POLARSSL_X509_CRT_PARSE_C) )
-#error "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
+    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
+      !defined(MBEDTLS_X509_CRT_PARSE_C) )
+#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
-    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
-      !defined(POLARSSL_PKCS1_V15) )
-#error "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_X509_CRT_PARSE_C) || \
-      !defined(POLARSSL_PKCS1_V15) )
-#error "POLARSSL_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+      !defined(MBEDTLS_PKCS1_V15) )
+#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C) &&                          \
-    ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
-#error "POLARSSL_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PADLOCK_C) && !defined(POLARSSL_HAVE_ASM)
-#error "POLARSSL_PADLOCK_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
+#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PEM_PARSE_C) && !defined(POLARSSL_BASE64_C)
-#error "POLARSSL_PEM_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PEM_WRITE_C) && !defined(POLARSSL_BASE64_C)
-#error "POLARSSL_PEM_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
+#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PK_C) && \
-    ( !defined(POLARSSL_RSA_C) && !defined(POLARSSL_ECP_C) )
-#error "POLARSSL_PK_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PK_C) && \
+    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
+#error "MBEDTLS_PK_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PK_PARSE_C) && !defined(POLARSSL_PK_C)
-#error "POLARSSL_PK_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PK_WRITE_C) && !defined(POLARSSL_PK_C)
-#error "POLARSSL_PK_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PKCS11_C) && !defined(POLARSSL_PK_C)
-#error "POLARSSL_PKCS11_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PKCS11_C) && !defined(MBEDTLS_PK_C)
+#error "MBEDTLS_PKCS11_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_EXIT_ALT) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_EXIT_MACRO) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_EXIT_MACRO) &&\
-    ( defined(POLARSSL_PLATFORM_STD_EXIT) ||\
-        defined(POLARSSL_PLATFORM_EXIT_ALT) )
-#error "POLARSSL_PLATFORM_EXIT_MACRO and POLARSSL_PLATFORM_STD_EXIT/POLARSSL_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
+        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
+#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO) &&\
-    ( defined(POLARSSL_PLATFORM_STD_FPRINTF) ||\
-        defined(POLARSSL_PLATFORM_FPRINTF_ALT) )
-#error "POLARSSL_PLATFORM_FPRINTF_MACRO and POLARSSL_PLATFORM_STD_FPRINTF/POLARSSL_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\
-    ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
-#error "POLARSSL_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FREE_MACRO) &&\
-    defined(POLARSSL_PLATFORM_STD_FREE)
-#error "POLARSSL_PLATFORM_FREE_MACRO and POLARSSL_PLATFORM_STD_FREE cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_FREE)
+#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_FREE_MACRO) && !defined(POLARSSL_PLATFORM_MALLOC_MACRO)
-#error "POLARSSL_PLATFORM_MALLOC_MACRO must be defined if POLARSSL_PLATFORM_FREE_MACRO is"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_MALLOC_MACRO)
+#error "MBEDTLS_PLATFORM_MALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
 #endif
 
-#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\
-    ( !defined(POLARSSL_PLATFORM_C) || !defined(POLARSSL_PLATFORM_MEMORY) )
-#error "POLARSSL_PLATFORM_MALLOC_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_MALLOC_MACRO) &&\
+    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
+#error "MBEDTLS_PLATFORM_MALLOC_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) &&\
-    defined(POLARSSL_PLATFORM_STD_MALLOC)
-#error "POLARSSL_PLATFORM_MALLOC_MACRO and POLARSSL_PLATFORM_STD_MALLOC cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_MALLOC_MACRO) &&\
+    defined(MBEDTLS_PLATFORM_STD_MALLOC)
+#error "MBEDTLS_PLATFORM_MALLOC_MACRO and MBEDTLS_PLATFORM_STD_MALLOC cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_MALLOC_MACRO) && !defined(POLARSSL_PLATFORM_FREE_MACRO)
-#error "POLARSSL_PLATFORM_FREE_MACRO must be defined if POLARSSL_PLATFORM_MALLOC_MACRO is"
+#if defined(MBEDTLS_PLATFORM_MALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_MALLOC_MACRO is"
 #endif
 
-#if defined(POLARSSL_PLATFORM_MEMORY) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_MEMORY defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_PRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_PRINTF_MACRO) &&\
-    ( defined(POLARSSL_PLATFORM_STD_PRINTF) ||\
-        defined(POLARSSL_PLATFORM_PRINTF_ALT) )
-#error "POLARSSL_PLATFORM_PRINTF_MACRO and POLARSSL_PLATFORM_STD_PRINTF/POLARSSL_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
+        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT) && ( defined(_WIN32)\
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && ( defined(_WIN32)\
     && !defined(EFIX64) && !defined(EFI32) )
-#error "POLARSSL_PLATFORM_SNPRINTF_ALT defined but not available on Windows"
+#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined but not available on Windows"
 #endif
 
-#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) && !defined(POLARSSL_PLATFORM_C)
-#error "POLARSSL_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO) &&\
-    ( defined(POLARSSL_PLATFORM_STD_SNPRINTF) ||\
-        defined(POLARSSL_PLATFORM_SNPRINTF_ALT) )
-#error "POLARSSL_PLATFORM_SNPRINTF_MACRO and POLARSSL_PLATFORM_STD_SNPRINTF/POLARSSL_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
+    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
+        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
+#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_MEM_HDR) &&\
-    !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
-#error "POLARSSL_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+    !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
+#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY)
-#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_MALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_MALLOC defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_MALLOC) && !defined(POLARSSL_PLATFORM_MEMORY)
-#error "POLARSSL_PLATFORM_STD_MALLOC defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_MALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_MALLOC defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_FREE) && !defined(POLARSSL_PLATFORM_MEMORY)
-#error "POLARSSL_PLATFORM_STD_FREE defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
+#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_EXIT) &&\
-    !defined(POLARSSL_PLATFORM_EXIT_ALT)
-#error "POLARSSL_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
+    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_FPRINTF) &&\
-    !defined(POLARSSL_PLATFORM_FPRINTF_ALT)
-#error "POLARSSL_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_PRINTF) &&\
-    !defined(POLARSSL_PLATFORM_PRINTF_ALT)
-#error "POLARSSL_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_PLATFORM_STD_SNPRINTF) &&\
-    !defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
-#error "POLARSSL_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+    !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_RSA_C) && ( !defined(POLARSSL_BIGNUM_C) ||         \
-    !defined(POLARSSL_OID_C) )
-#error "POLARSSL_RSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
+    !defined(MBEDTLS_OID_C) )
+#error "MBEDTLS_RSA_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT) &&                        \
-    ( !defined(POLARSSL_RSA_C) || !defined(POLARSSL_PKCS1_V21) )
-#error "POLARSSL_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
+    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
+#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_PROTO_SSL3) && ( !defined(POLARSSL_MD5_C) ||     \
-    !defined(POLARSSL_SHA1_C) )
-#error "POLARSSL_SSL_PROTO_SSL3 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_SSL3) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_SSL3 defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_PROTO_TLS1) && ( !defined(POLARSSL_MD5_C) ||     \
-    !defined(POLARSSL_SHA1_C) )
-#error "POLARSSL_SSL_PROTO_TLS1 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1 defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_PROTO_TLS1_1) && ( !defined(POLARSSL_MD5_C) ||     \
-    !defined(POLARSSL_SHA1_C) )
-#error "POLARSSL_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_1) && ( !defined(MBEDTLS_MD5_C) ||     \
+    !defined(MBEDTLS_SHA1_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_1 defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_PROTO_TLS1_2) && ( !defined(POLARSSL_SHA1_C) &&     \
-    !defined(POLARSSL_SHA256_C) && !defined(POLARSSL_SHA512_C) )
-#error "POLARSSL_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
+    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
+#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_PROTO_DTLS) && (       \
-    ( !defined(POLARSSL_SSL_PROTO_TLS1_1) &&      \
-      !defined(POLARSSL_SSL_PROTO_TLS1_2) ) ||    \
-    !defined(POLARSSL_TIMING_C) )
-#error "POLARSSL_SSL_PROTO_DTLS defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && (       \
+    ( !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+      !defined(MBEDTLS_SSL_PROTO_TLS1_2) ) ||    \
+    !defined(MBEDTLS_TIMING_C) )
+#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_CLI_C) && !defined(POLARSSL_SSL_TLS_C)
-#error "POLARSSL_SSL_CLI_C defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_TLS_C) && ( !defined(POLARSSL_CIPHER_C) ||     \
-    !defined(POLARSSL_MD_C) )
-#error "POLARSSL_SSL_TLS_C defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
+    !defined(MBEDTLS_MD_C) )
+#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_SRV_C) && !defined(POLARSSL_SSL_TLS_C)
-#error "POLARSSL_SSL_SRV_C defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
+#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_TLS_C) && (!defined(POLARSSL_SSL_PROTO_SSL3) && \
-    !defined(POLARSSL_SSL_PROTO_TLS1) && !defined(POLARSSL_SSL_PROTO_TLS1_1) && \
-    !defined(POLARSSL_SSL_PROTO_TLS1_2))
-#error "POLARSSL_SSL_TLS_C defined, but no protocols are active"
+#if defined(MBEDTLS_SSL_TLS_C) && (!defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1) && !defined(MBEDTLS_SSL_PROTO_TLS1_1) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2))
+#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
 #endif
 
-#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
-    defined(POLARSSL_SSL_PROTO_TLS1_1) && !defined(POLARSSL_SSL_PROTO_TLS1))
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_1) && !defined(MBEDTLS_SSL_PROTO_TLS1))
 #error "Illegal protocol selection"
 #endif
 
-#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_TLS1) && \
-    defined(POLARSSL_SSL_PROTO_TLS1_2) && !defined(POLARSSL_SSL_PROTO_TLS1_1))
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_TLS1) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && !defined(MBEDTLS_SSL_PROTO_TLS1_1))
 #error "Illegal protocol selection"
 #endif
 
-#if defined(POLARSSL_SSL_TLS_C) && (defined(POLARSSL_SSL_PROTO_SSL3) && \
-    defined(POLARSSL_SSL_PROTO_TLS1_2) && (!defined(POLARSSL_SSL_PROTO_TLS1) || \
-    !defined(POLARSSL_SSL_PROTO_TLS1_1)))
+#if defined(MBEDTLS_SSL_TLS_C) && (defined(MBEDTLS_SSL_PROTO_SSL3) && \
+    defined(MBEDTLS_SSL_PROTO_TLS1_2) && (!defined(MBEDTLS_SSL_PROTO_TLS1) || \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1)))
 #error "Illegal protocol selection"
 #endif
 
-#if defined(POLARSSL_SSL_COOKIE_C) && !defined(POLARSSL_SSL_DTLS_HELLO_VERIFY)
-#error "POLARSSL_SSL_COOKIE_C  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_COOKIE_C) && !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
+#error "MBEDTLS_SSL_COOKIE_C  defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_HELLO_VERIFY) &&                              \
-    ( !defined(POLARSSL_SSL_SRV_C) || !defined(POLARSSL_SSL_PROTO_DTLS) )
-#error "POLARSSL_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) &&                              \
+    ( !defined(MBEDTLS_SSL_SRV_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_ANTI_REPLAY) &&                              \
-    ( !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_PROTO_DTLS) )
-#error "POLARSSL_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_DTLS_BADMAC_LIMIT) &&                              \
-    ( !defined(POLARSSL_SSL_TLS_C) || !defined(POLARSSL_SSL_PROTO_DTLS) )
-#error "POLARSSL_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_BADMAC_LIMIT) &&                              \
+    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
+#error "MBEDTLS_SSL_DTLS_BADMAC_LIMIT  defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_ENCRYPT_THEN_MAC) &&   \
-    !defined(POLARSSL_SSL_PROTO_TLS1)   &&      \
-    !defined(POLARSSL_SSL_PROTO_TLS1_1) &&      \
-    !defined(POLARSSL_SSL_PROTO_TLS1_2)
-#error "POLARSSL_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&      \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
 #endif
 
-#if defined(POLARSSL_SSL_EXTENDED_MASTER_SECRET) && \
-    !defined(POLARSSL_SSL_PROTO_TLS1)   &&          \
-    !defined(POLARSSL_SSL_PROTO_TLS1_1) &&          \
-    !defined(POLARSSL_SSL_PROTO_TLS1_2)
-#error "POLARSSL_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
+    !defined(MBEDTLS_SSL_PROTO_TLS1)   &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_1) &&          \
+    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
 #endif
 
-#if defined(POLARSSL_SSL_SESSION_TICKETS) && defined(POLARSSL_SSL_TLS_C) && \
-    ( !defined(POLARSSL_AES_C) || !defined(POLARSSL_SHA256_C) ||            \
-      !defined(POLARSSL_CIPHER_MODE_CBC) )
-#error "POLARSSL_SSL_SESSION_TICKETS defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TLS_C) && \
+    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_SHA256_C) ||            \
+      !defined(MBEDTLS_CIPHER_MODE_CBC) )
+#error "MBEDTLS_SSL_SESSION_TICKETS defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) && \
-    !defined(POLARSSL_SSL_PROTO_SSL3) && !defined(POLARSSL_SSL_PROTO_TLS1)
-#error "POLARSSL_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) && \
+    !defined(MBEDTLS_SSL_PROTO_SSL3) && !defined(MBEDTLS_SSL_PROTO_TLS1)
+#error "MBEDTLS_SSL_CBC_RECORD_SPLITTING defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION) && \
-        !defined(POLARSSL_X509_CRT_PARSE_C)
-#error "POLARSSL_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
+        !defined(MBEDTLS_X509_CRT_PARSE_C)
+#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_THREADING_PTHREAD)
-#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
-#error "POLARSSL_THREADING_PTHREAD defined, but not all prerequisites"
+#if defined(MBEDTLS_THREADING_PTHREAD)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
 #endif
-#define POLARSSL_THREADING_IMPL
+#define MBEDTLS_THREADING_IMPL
 #endif
 
-#if defined(POLARSSL_THREADING_ALT)
-#if !defined(POLARSSL_THREADING_C) || defined(POLARSSL_THREADING_IMPL)
-#error "POLARSSL_THREADING_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_THREADING_ALT)
+#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
 #endif
-#define POLARSSL_THREADING_IMPL
+#define MBEDTLS_THREADING_IMPL
 #endif
 
-#if defined(POLARSSL_THREADING_C) && !defined(POLARSSL_THREADING_IMPL)
-#error "POLARSSL_THREADING_C defined, single threading implementation required"
+#if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
+#error "MBEDTLS_THREADING_C defined, single threading implementation required"
 #endif
-#undef POLARSSL_THREADING_IMPL
+#undef MBEDTLS_THREADING_IMPL
 
-#if defined(POLARSSL_VERSION_FEATURES) && !defined(POLARSSL_VERSION_C)
-#error "POLARSSL_VERSION_FEATURES defined, but not all prerequisites"
+#if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
+#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) ||  \
-    !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) ||      \
-    !defined(POLARSSL_PK_PARSE_C) )
-#error "POLARSSL_X509_USE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
+    !defined(MBEDTLS_PK_PARSE_C) )
+#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CREATE_C) && ( !defined(POLARSSL_BIGNUM_C) ||  \
-    !defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_WRITE_C) ||       \
-    !defined(POLARSSL_PK_WRITE_C) )
-#error "POLARSSL_X509_CREATE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
+    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
+    !defined(MBEDTLS_PK_WRITE_C) )
+#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CRT_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
-#error "POLARSSL_X509_CRT_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CRL_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
-#error "POLARSSL_X509_CRL_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CSR_PARSE_C) && ( !defined(POLARSSL_X509_USE_C) )
-#error "POLARSSL_X509_CSR_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
+#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CRT_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
-#error "POLARSSL_X509_CRT_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
 #endif
 
-#if defined(POLARSSL_X509_CSR_WRITE_C) && ( !defined(POLARSSL_X509_CREATE_C) )
-#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
+#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
 #endif
 
-#endif /* POLARSSL_CHECK_CONFIG_H */
+#endif /* MBEDTLS_CHECK_CONFIG_H */
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index b0d4721..58e4003 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -24,27 +24,27 @@
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#ifndef POLARSSL_CIPHER_H
-#define POLARSSL_CIPHER_H
+#ifndef MBEDTLS_CIPHER_H
+#define MBEDTLS_CIPHER_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if defined(POLARSSL_GCM_C) || defined(POLARSSL_CCM_C)
-#define POLARSSL_CIPHER_MODE_AEAD
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C)
+#define MBEDTLS_CIPHER_MODE_AEAD
 #endif
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
-#define POLARSSL_CIPHER_MODE_WITH_PADDING
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+#define MBEDTLS_CIPHER_MODE_WITH_PADDING
 #endif
 
-#if defined(POLARSSL_ARC4_C)
-#define POLARSSL_CIPHER_MODE_STREAM
+#if defined(MBEDTLS_ARC4_C)
+#define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
 #if defined(_MSC_VER) && !defined(inline)
@@ -55,159 +55,159 @@
 #endif /* __ARMCC_VERSION */
 #endif /*_MSC_VER */
 
-#define POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
-#define POLARSSL_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
-#define POLARSSL_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
-#define POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
-#define POLARSSL_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE            -0x6080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA                 -0x6100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED                   -0x6180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING                -0x6200  /**< Input data contains invalid padding and is rejected. */
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED            -0x6280  /**< Decryption of block requires a full block. */
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED                    -0x6300  /**< Authentication failed (for AEAD modes). */
 
-#define POLARSSL_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
-#define POLARSSL_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01    /**< Cipher accepts IVs of variable length */
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02    /**< Cipher accepts keys of variable length */
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 typedef enum {
-    POLARSSL_CIPHER_ID_NONE = 0,
-    POLARSSL_CIPHER_ID_NULL,
-    POLARSSL_CIPHER_ID_AES,
-    POLARSSL_CIPHER_ID_DES,
-    POLARSSL_CIPHER_ID_3DES,
-    POLARSSL_CIPHER_ID_CAMELLIA,
-    POLARSSL_CIPHER_ID_BLOWFISH,
-    POLARSSL_CIPHER_ID_ARC4,
-} cipher_id_t;
+    MBEDTLS_CIPHER_ID_NONE = 0,
+    MBEDTLS_CIPHER_ID_NULL,
+    MBEDTLS_CIPHER_ID_AES,
+    MBEDTLS_CIPHER_ID_DES,
+    MBEDTLS_CIPHER_ID_3DES,
+    MBEDTLS_CIPHER_ID_CAMELLIA,
+    MBEDTLS_CIPHER_ID_BLOWFISH,
+    MBEDTLS_CIPHER_ID_ARC4,
+} mbedtls_cipher_id_t;
 
 typedef enum {
-    POLARSSL_CIPHER_NONE = 0,
-    POLARSSL_CIPHER_NULL,
-    POLARSSL_CIPHER_AES_128_ECB,
-    POLARSSL_CIPHER_AES_192_ECB,
-    POLARSSL_CIPHER_AES_256_ECB,
-    POLARSSL_CIPHER_AES_128_CBC,
-    POLARSSL_CIPHER_AES_192_CBC,
-    POLARSSL_CIPHER_AES_256_CBC,
-    POLARSSL_CIPHER_AES_128_CFB128,
-    POLARSSL_CIPHER_AES_192_CFB128,
-    POLARSSL_CIPHER_AES_256_CFB128,
-    POLARSSL_CIPHER_AES_128_CTR,
-    POLARSSL_CIPHER_AES_192_CTR,
-    POLARSSL_CIPHER_AES_256_CTR,
-    POLARSSL_CIPHER_AES_128_GCM,
-    POLARSSL_CIPHER_AES_192_GCM,
-    POLARSSL_CIPHER_AES_256_GCM,
-    POLARSSL_CIPHER_CAMELLIA_128_ECB,
-    POLARSSL_CIPHER_CAMELLIA_192_ECB,
-    POLARSSL_CIPHER_CAMELLIA_256_ECB,
-    POLARSSL_CIPHER_CAMELLIA_128_CBC,
-    POLARSSL_CIPHER_CAMELLIA_192_CBC,
-    POLARSSL_CIPHER_CAMELLIA_256_CBC,
-    POLARSSL_CIPHER_CAMELLIA_128_CFB128,
-    POLARSSL_CIPHER_CAMELLIA_192_CFB128,
-    POLARSSL_CIPHER_CAMELLIA_256_CFB128,
-    POLARSSL_CIPHER_CAMELLIA_128_CTR,
-    POLARSSL_CIPHER_CAMELLIA_192_CTR,
-    POLARSSL_CIPHER_CAMELLIA_256_CTR,
-    POLARSSL_CIPHER_CAMELLIA_128_GCM,
-    POLARSSL_CIPHER_CAMELLIA_192_GCM,
-    POLARSSL_CIPHER_CAMELLIA_256_GCM,
-    POLARSSL_CIPHER_DES_ECB,
-    POLARSSL_CIPHER_DES_CBC,
-    POLARSSL_CIPHER_DES_EDE_ECB,
-    POLARSSL_CIPHER_DES_EDE_CBC,
-    POLARSSL_CIPHER_DES_EDE3_ECB,
-    POLARSSL_CIPHER_DES_EDE3_CBC,
-    POLARSSL_CIPHER_BLOWFISH_ECB,
-    POLARSSL_CIPHER_BLOWFISH_CBC,
-    POLARSSL_CIPHER_BLOWFISH_CFB64,
-    POLARSSL_CIPHER_BLOWFISH_CTR,
-    POLARSSL_CIPHER_ARC4_128,
-    POLARSSL_CIPHER_AES_128_CCM,
-    POLARSSL_CIPHER_AES_192_CCM,
-    POLARSSL_CIPHER_AES_256_CCM,
-    POLARSSL_CIPHER_CAMELLIA_128_CCM,
-    POLARSSL_CIPHER_CAMELLIA_192_CCM,
-    POLARSSL_CIPHER_CAMELLIA_256_CCM,
-} cipher_type_t;
+    MBEDTLS_CIPHER_NONE = 0,
+    MBEDTLS_CIPHER_NULL,
+    MBEDTLS_CIPHER_AES_128_ECB,
+    MBEDTLS_CIPHER_AES_192_ECB,
+    MBEDTLS_CIPHER_AES_256_ECB,
+    MBEDTLS_CIPHER_AES_128_CBC,
+    MBEDTLS_CIPHER_AES_192_CBC,
+    MBEDTLS_CIPHER_AES_256_CBC,
+    MBEDTLS_CIPHER_AES_128_CFB128,
+    MBEDTLS_CIPHER_AES_192_CFB128,
+    MBEDTLS_CIPHER_AES_256_CFB128,
+    MBEDTLS_CIPHER_AES_128_CTR,
+    MBEDTLS_CIPHER_AES_192_CTR,
+    MBEDTLS_CIPHER_AES_256_CTR,
+    MBEDTLS_CIPHER_AES_128_GCM,
+    MBEDTLS_CIPHER_AES_192_GCM,
+    MBEDTLS_CIPHER_AES_256_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB,
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC,
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR,
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM,
+    MBEDTLS_CIPHER_DES_ECB,
+    MBEDTLS_CIPHER_DES_CBC,
+    MBEDTLS_CIPHER_DES_EDE_ECB,
+    MBEDTLS_CIPHER_DES_EDE_CBC,
+    MBEDTLS_CIPHER_DES_EDE3_ECB,
+    MBEDTLS_CIPHER_DES_EDE3_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_ECB,
+    MBEDTLS_CIPHER_BLOWFISH_CBC,
+    MBEDTLS_CIPHER_BLOWFISH_CFB64,
+    MBEDTLS_CIPHER_BLOWFISH_CTR,
+    MBEDTLS_CIPHER_ARC4_128,
+    MBEDTLS_CIPHER_AES_128_CCM,
+    MBEDTLS_CIPHER_AES_192_CCM,
+    MBEDTLS_CIPHER_AES_256_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM,
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM,
+} mbedtls_cipher_type_t;
 
 typedef enum {
-    POLARSSL_MODE_NONE = 0,
-    POLARSSL_MODE_ECB,
-    POLARSSL_MODE_CBC,
-    POLARSSL_MODE_CFB,
-    POLARSSL_MODE_OFB, /* Unused! */
-    POLARSSL_MODE_CTR,
-    POLARSSL_MODE_GCM,
-    POLARSSL_MODE_STREAM,
-    POLARSSL_MODE_CCM,
-} cipher_mode_t;
+    MBEDTLS_MODE_NONE = 0,
+    MBEDTLS_MODE_ECB,
+    MBEDTLS_MODE_CBC,
+    MBEDTLS_MODE_CFB,
+    MBEDTLS_MODE_OFB, /* Unused! */
+    MBEDTLS_MODE_CTR,
+    MBEDTLS_MODE_GCM,
+    MBEDTLS_MODE_STREAM,
+    MBEDTLS_MODE_CCM,
+} mbedtls_cipher_mode_t;
 
 typedef enum {
-    POLARSSL_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
-    POLARSSL_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
-    POLARSSL_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
-    POLARSSL_PADDING_ZEROS,         /**< zero padding (not reversible!) */
-    POLARSSL_PADDING_NONE,          /**< never pad (full blocks only)   */
-} cipher_padding_t;
+    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default)        */
+    MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding         */
+    MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding             */
+    MBEDTLS_PADDING_ZEROS,         /**< zero padding (not reversible!) */
+    MBEDTLS_PADDING_NONE,          /**< never pad (full blocks only)   */
+} mbedtls_cipher_padding_t;
 
 typedef enum {
-    POLARSSL_OPERATION_NONE = -1,
-    POLARSSL_DECRYPT = 0,
-    POLARSSL_ENCRYPT,
-} operation_t;
+    MBEDTLS_OPERATION_NONE = -1,
+    MBEDTLS_DECRYPT = 0,
+    MBEDTLS_ENCRYPT,
+} mbedtls_operation_t;
 
 enum {
     /** Undefined key length */
-    POLARSSL_KEY_LENGTH_NONE = 0,
+    MBEDTLS_KEY_LENGTH_NONE = 0,
     /** Key length, in bits (including parity), for DES keys */
-    POLARSSL_KEY_LENGTH_DES  = 64,
+    MBEDTLS_KEY_LENGTH_DES  = 64,
     /** Key length, in bits (including parity), for DES in two key EDE */
-    POLARSSL_KEY_LENGTH_DES_EDE = 128,
+    MBEDTLS_KEY_LENGTH_DES_EDE = 128,
     /** Key length, in bits (including parity), for DES in three-key EDE */
-    POLARSSL_KEY_LENGTH_DES_EDE3 = 192,
+    MBEDTLS_KEY_LENGTH_DES_EDE3 = 192,
 };
 
 /** Maximum length of any IV, in bytes */
-#define POLARSSL_MAX_IV_LENGTH      16
+#define MBEDTLS_MAX_IV_LENGTH      16
 /** Maximum block size of any cipher, in bytes */
-#define POLARSSL_MAX_BLOCK_LENGTH   16
+#define MBEDTLS_MAX_BLOCK_LENGTH   16
 
 /**
  * Base cipher information. The non-mode specific functions and values.
  */
 typedef struct {
 
-    /** Base Cipher type (e.g. POLARSSL_CIPHER_ID_AES) */
-    cipher_id_t cipher;
+    /** Base Cipher type (e.g. MBEDTLS_CIPHER_ID_AES) */
+    mbedtls_cipher_id_t cipher;
 
     /** Encrypt using ECB */
-    int (*ecb_func)( void *ctx, operation_t mode,
+    int (*ecb_func)( void *ctx, mbedtls_operation_t mode,
                      const unsigned char *input, unsigned char *output );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
     /** Encrypt using CBC */
-    int (*cbc_func)( void *ctx, operation_t mode, size_t length,
+    int (*cbc_func)( void *ctx, mbedtls_operation_t mode, size_t length,
                      unsigned char *iv, const unsigned char *input,
                      unsigned char *output );
 #endif
 
-#if defined(POLARSSL_CIPHER_MODE_CFB)
+#if defined(MBEDTLS_CIPHER_MODE_CFB)
     /** Encrypt using CFB (Full length) */
-    int (*cfb_func)( void *ctx, operation_t mode, size_t length, size_t *iv_off,
+    int (*cfb_func)( void *ctx, mbedtls_operation_t mode, size_t length, size_t *iv_off,
                      unsigned char *iv, const unsigned char *input,
                      unsigned char *output );
 #endif
 
-#if defined(POLARSSL_CIPHER_MODE_CTR)
+#if defined(MBEDTLS_CIPHER_MODE_CTR)
     /** Encrypt using CTR */
     int (*ctr_func)( void *ctx, size_t length, size_t *nc_off,
                      unsigned char *nonce_counter, unsigned char *stream_block,
                      const unsigned char *input, unsigned char *output );
 #endif
 
-#if defined(POLARSSL_CIPHER_MODE_STREAM)
+#if defined(MBEDTLS_CIPHER_MODE_STREAM)
     /** Encrypt using STREAM */
     int (*stream_func)( void *ctx, size_t length,
                         const unsigned char *input, unsigned char *output );
@@ -227,17 +227,17 @@
     /** Free the given context */
     void (*ctx_free_func)( void *ctx );
 
-} cipher_base_t;
+} mbedtls_cipher_base_t;
 
 /**
  * Cipher information. Allows cipher functions to be called in a generic way.
  */
 typedef struct {
-    /** Full cipher identifier (e.g. POLARSSL_CIPHER_AES_256_CBC) */
-    cipher_type_t type;
+    /** Full cipher identifier (e.g. MBEDTLS_CIPHER_AES_256_CBC) */
+    mbedtls_cipher_type_t type;
 
-    /** Cipher mode (e.g. POLARSSL_MODE_CBC) */
-    cipher_mode_t mode;
+    /** Cipher mode (e.g. MBEDTLS_MODE_CBC) */
+    mbedtls_cipher_mode_t mode;
 
     /** Cipher key length, in bits (default length for variable sized ciphers)
      *  (Includes parity bits for ciphers like DES) */
@@ -257,44 +257,44 @@
     unsigned int block_size;
 
     /** Base cipher information and functions */
-    const cipher_base_t *base;
+    const mbedtls_cipher_base_t *base;
 
-} cipher_info_t;
+} mbedtls_cipher_info_t;
 
 /**
  * Generic cipher context.
  */
 typedef struct {
     /** Information about the associated cipher */
-    const cipher_info_t *cipher_info;
+    const mbedtls_cipher_info_t *cipher_info;
 
     /** Key length to use */
     int key_length;
 
     /** Operation that the context's key has been initialised for */
-    operation_t operation;
+    mbedtls_operation_t operation;
 
-#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
     /** Padding functions to use, if relevant for cipher mode */
     void (*add_padding)( unsigned char *output, size_t olen, size_t data_len );
     int (*get_padding)( unsigned char *input, size_t ilen, size_t *data_len );
 #endif
 
     /** Buffer for data that hasn't been encrypted yet */
-    unsigned char unprocessed_data[POLARSSL_MAX_BLOCK_LENGTH];
+    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
 
     /** Number of bytes that still need processing */
     size_t unprocessed_len;
 
     /** Current IV or NONCE_COUNTER for CTR-mode */
-    unsigned char iv[POLARSSL_MAX_IV_LENGTH];
+    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
 
     /** IV size in bytes (for ciphers with variable-length IVs) */
     size_t iv_size;
 
     /** Cipher-specific context */
     void *cipher_ctx;
-} cipher_context_t;
+} mbedtls_cipher_context_t;
 
 /**
  * \brief Returns the list of ciphers supported by the generic cipher module.
@@ -302,7 +302,7 @@
  * \return              a statically allocated array of ciphers, the last entry
  *                      is 0.
  */
-const int *cipher_list( void );
+const int *mbedtls_cipher_list( void );
 
 /**
  * \brief               Returns the cipher information structure associated
@@ -313,7 +313,7 @@
  * \return              the cipher information structure associated with the
  *                      given cipher_name, or NULL if not found.
  */
-const cipher_info_t *cipher_info_from_string( const char *cipher_name );
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
 
 /**
  * \brief               Returns the cipher information structure associated
@@ -324,53 +324,53 @@
  * \return              the cipher information structure associated with the
  *                      given cipher_type, or NULL if not found.
  */
-const cipher_info_t *cipher_info_from_type( const cipher_type_t cipher_type );
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
 
 /**
  * \brief               Returns the cipher information structure associated
  *                      with the given cipher id, key size and mode.
  *
  * \param cipher_id     Id of the cipher to search for
- *                      (e.g. POLARSSL_CIPHER_ID_AES)
+ *                      (e.g. MBEDTLS_CIPHER_ID_AES)
  * \param key_length    Length of the key in bits
- * \param mode          Cipher mode (e.g. POLARSSL_MODE_CBC)
+ * \param mode          Cipher mode (e.g. MBEDTLS_MODE_CBC)
  *
  * \return              the cipher information structure associated with the
  *                      given cipher_type, or NULL if not found.
  */
-const cipher_info_t *cipher_info_from_values( const cipher_id_t cipher_id,
+const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
                                               int key_length,
-                                              const cipher_mode_t mode );
+                                              const mbedtls_cipher_mode_t mode );
 
 /**
  * \brief               Initialize a cipher_context (as NONE)
  */
-void cipher_init( cipher_context_t *ctx );
+void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
 
 /**
  * \brief               Free and clear the cipher-specific context of ctx.
  *                      Freeing ctx itself remains the responsibility of the
  *                      caller.
  */
-void cipher_free( cipher_context_t *ctx );
+void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
 
 /**
  * \brief               Initialises and fills the cipher context structure with
  *                      the appropriate values.
  *
  * \note                Currently also clears structure. In future versions you
- *                      will be required to call cipher_init() on the structure
+ *                      will be required to call mbedtls_cipher_init() on the structure
  *                      first.
  *
  * \param ctx           context to initialise. May not be NULL.
  * \param cipher_info   cipher to use.
  *
  * \return              0 on success,
- *                      POLARSSL_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
- *                      POLARSSL_ERR_CIPHER_ALLOC_FAILED if allocation of the
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on parameter failure,
+ *                      MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
  *                      cipher-specific context failed.
  */
-int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info );
+int mbedtls_cipher_init_ctx( mbedtls_cipher_context_t *ctx, const mbedtls_cipher_info_t *cipher_info );
 
 /**
  * \brief               Returns the block size of the given cipher.
@@ -380,7 +380,7 @@
  * \return              size of the cipher's blocks, or 0 if ctx has not been
  *                      initialised.
  */
-static inline unsigned int cipher_get_block_size( const cipher_context_t *ctx )
+static inline unsigned int mbedtls_cipher_get_block_size( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return 0;
@@ -390,17 +390,17 @@
 
 /**
  * \brief               Returns the mode of operation for the cipher.
- *                      (e.g. POLARSSL_MODE_CBC)
+ *                      (e.g. MBEDTLS_MODE_CBC)
  *
  * \param ctx           cipher's context. Must have been initialised.
  *
- * \return              mode of operation, or POLARSSL_MODE_NONE if ctx
+ * \return              mode of operation, or MBEDTLS_MODE_NONE if ctx
  *                      has not been initialised.
  */
-static inline cipher_mode_t cipher_get_cipher_mode( const cipher_context_t *ctx )
+static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
-        return POLARSSL_MODE_NONE;
+        return MBEDTLS_MODE_NONE;
 
     return ctx->cipher_info->mode;
 }
@@ -414,7 +414,7 @@
  *                      (0 for ciphers not using IV/NONCE).
  *                      If IV has already been set: actual size.
  */
-static inline int cipher_get_iv_size( const cipher_context_t *ctx )
+static inline int mbedtls_cipher_get_iv_size( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return 0;
@@ -430,13 +430,13 @@
  *
  * \param ctx           cipher's context. Must have been initialised.
  *
- * \return              type of the cipher, or POLARSSL_CIPHER_NONE if ctx has
+ * \return              type of the cipher, or MBEDTLS_CIPHER_NONE if ctx has
  *                      not been initialised.
  */
-static inline cipher_type_t cipher_get_type( const cipher_context_t *ctx )
+static inline mbedtls_cipher_type_t mbedtls_cipher_get_type( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
-        return POLARSSL_CIPHER_NONE;
+        return MBEDTLS_CIPHER_NONE;
 
     return ctx->cipher_info->type;
 }
@@ -448,7 +448,7 @@
  *
  * \return              name of the cipher, or NULL if ctx was not initialised.
  */
-static inline const char *cipher_get_name( const cipher_context_t *ctx )
+static inline const char *mbedtls_cipher_get_name( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
         return 0;
@@ -462,13 +462,13 @@
  * \param ctx           cipher's context. Must have been initialised.
  *
  * \return              cipher's key length, in bits, or
- *                      POLARSSL_KEY_LENGTH_NONE if ctx has not been
+ *                      MBEDTLS_KEY_LENGTH_NONE if ctx has not been
  *                      initialised.
  */
-static inline int cipher_get_key_size( const cipher_context_t *ctx )
+static inline int mbedtls_cipher_get_key_size( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
-        return POLARSSL_KEY_LENGTH_NONE;
+        return MBEDTLS_KEY_LENGTH_NONE;
 
     return ctx->cipher_info->key_length;
 }
@@ -478,14 +478,14 @@
  *
  * \param ctx           cipher's context. Must have been initialised.
  *
- * \return              operation (POLARSSL_ENCRYPT or POLARSSL_DECRYPT),
- *                      or POLARSSL_OPERATION_NONE if ctx has not been
+ * \return              operation (MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT),
+ *                      or MBEDTLS_OPERATION_NONE if ctx has not been
  *                      initialised.
  */
-static inline operation_t cipher_get_operation( const cipher_context_t *ctx )
+static inline mbedtls_operation_t mbedtls_cipher_get_operation( const mbedtls_cipher_context_t *ctx )
 {
     if( NULL == ctx || NULL == ctx->cipher_info )
-        return POLARSSL_OPERATION_NONE;
+        return MBEDTLS_OPERATION_NONE;
 
     return ctx->operation;
 }
@@ -499,16 +499,16 @@
  * \param key           The key to use.
  * \param key_length    key length to use, in bits.
  * \param operation     Operation that the key will be used for, either
- *                      POLARSSL_ENCRYPT or POLARSSL_DECRYPT.
+ *                      MBEDTLS_ENCRYPT or MBEDTLS_DECRYPT.
  *
- * \returns             0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  *                      parameter verification fails or a cipher specific
  *                      error code.
  */
-int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
-                   int key_length, const operation_t operation );
+int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx, const unsigned char *key,
+                   int key_length, const mbedtls_operation_t operation );
 
-#if defined(POLARSSL_CIPHER_MODE_WITH_PADDING)
+#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
 /**
  * \brief               Set padding mode, for cipher modes that use padding.
  *                      (Default: PKCS7 padding.)
@@ -516,13 +516,13 @@
  * \param ctx           generic cipher context
  * \param mode          padding mode
  *
- * \returns             0 on success, POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE
  *                      if selected padding mode is not supported, or
- *                      POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
  *                      does not support padding.
  */
-int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
-#endif /* POLARSSL_CIPHER_MODE_WITH_PADDING */
+int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx, mbedtls_cipher_padding_t mode );
+#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
 /**
  * \brief               Set the initialization vector (IV) or nonce
@@ -532,12 +532,12 @@
  * \param iv_len        IV length for ciphers with variable-size IV;
  *                      discarded by ciphers with fixed-size IV.
  *
- * \returns             0 on success, or POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+ * \returns             0 on success, or MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
  *
  * \note                Some ciphers don't use IVs nor NONCE. For these
  *                      ciphers, this function has no effect.
  */
-int cipher_set_iv( cipher_context_t *ctx,
+int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
                    const unsigned char *iv, size_t iv_len );
 
 /**
@@ -545,16 +545,16 @@
  *
  * \param ctx           generic cipher context
  *
- * \returns             0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA
  *                      if parameter verification fails.
  */
-int cipher_reset( cipher_context_t *ctx );
+int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
 
-#if defined(POLARSSL_GCM_C)
+#if defined(MBEDTLS_GCM_C)
 /**
  * \brief               Add additional data (for AEAD ciphers).
  *                      Currently only supported with GCM.
- *                      Must be called exactly once, after cipher_reset().
+ *                      Must be called exactly once, after mbedtls_cipher_reset().
  *
  * \param ctx           generic cipher context
  * \param ad            Additional data to use.
@@ -562,9 +562,9 @@
  *
  * \return              0 on success, or a specific error code.
  */
-int cipher_update_ad( cipher_context_t *ctx,
+int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
                       const unsigned char *ad, size_t ad_len );
-#endif /* POLARSSL_GCM_C */
+#endif /* MBEDTLS_GCM_C */
 
 /**
  * \brief               Generic cipher update function. Encrypts/decrypts
@@ -573,7 +573,7 @@
  *                      that cannot be written immediately will either be added
  *                      to the next block, or flushed when cipher_final is
  *                      called.
- *                      Exception: for POLARSSL_MODE_ECB, expects single block
+ *                      Exception: for MBEDTLS_MODE_ECB, expects single block
  *                                 in size (e.g. 16 bytes for AES)
  *
  * \param ctx           generic cipher context
@@ -585,17 +585,17 @@
  * \param olen          length of the output data, will be filled with the
  *                      actual number of bytes written.
  *
- * \returns             0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  *                      parameter verification fails,
- *                      POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE on an
+ *                      MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE on an
  *                      unsupported mode for a cipher or a cipher specific
  *                      error code.
  *
  * \note                If the underlying cipher is GCM, all calls to this
- *                      function, except the last one before cipher_finish(),
+ *                      function, except the last one before mbedtls_cipher_finish(),
  *                      must have ilen a multiple of the block size.
  */
-int cipher_update( cipher_context_t *ctx, const unsigned char *input,
+int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx, const unsigned char *input,
                    size_t ilen, unsigned char *output, size_t *olen );
 
 /**
@@ -608,21 +608,21 @@
  * \param output        buffer to write data to. Needs block_size available.
  * \param olen          length of the data written to the output buffer.
  *
- * \returns             0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA if
+ * \returns             0 on success, MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if
  *                      parameter verification fails,
- *                      POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
  *                      expected a full block but was not provided one,
- *                      POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
  *                      while decrypting or a cipher specific error code.
  */
-int cipher_finish( cipher_context_t *ctx,
+int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
                    unsigned char *output, size_t *olen );
 
-#if defined(POLARSSL_GCM_C)
+#if defined(MBEDTLS_GCM_C)
 /**
  * \brief               Write tag for AEAD ciphers.
  *                      Currently only supported with GCM.
- *                      Must be called after cipher_finish().
+ *                      Must be called after mbedtls_cipher_finish().
  *
  * \param ctx           Generic cipher context
  * \param tag           buffer to write the tag
@@ -630,13 +630,13 @@
  *
  * \return              0 on success, or a specific error code.
  */
-int cipher_write_tag( cipher_context_t *ctx,
+int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
                       unsigned char *tag, size_t tag_len );
 
 /**
  * \brief               Check tag for AEAD ciphers.
  *                      Currently only supported with GCM.
- *                      Must be called after cipher_finish().
+ *                      Must be called after mbedtls_cipher_finish().
  *
  * \param ctx           Generic cipher context
  * \param tag           Buffer holding the tag
@@ -644,9 +644,9 @@
  *
  * \return              0 on success, or a specific error code.
  */
-int cipher_check_tag( cipher_context_t *ctx,
+int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
                       const unsigned char *tag, size_t tag_len );
-#endif /* POLARSSL_GCM_C */
+#endif /* MBEDTLS_GCM_C */
 
 /**
  * \brief               Generic all-in-one encryption/decryption
@@ -668,19 +668,19 @@
  *                      ciphers, use iv = NULL and iv_len = 0.
  *
  * \returns             0 on success, or
- *                      POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
- *                      POLARSSL_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED if decryption
  *                      expected a full block but was not provided one, or
- *                      POLARSSL_ERR_CIPHER_INVALID_PADDING on invalid padding
+ *                      MBEDTLS_ERR_CIPHER_INVALID_PADDING on invalid padding
  *                      while decrypting, or
  *                      a cipher specific error code.
  */
-int cipher_crypt( cipher_context_t *ctx,
+int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
                   const unsigned char *iv, size_t iv_len,
                   const unsigned char *input, size_t ilen,
                   unsigned char *output, size_t *olen );
 
-#if defined(POLARSSL_CIPHER_MODE_AEAD)
+#if defined(MBEDTLS_CIPHER_MODE_AEAD)
 /**
  * \brief               Generic autenticated encryption (AEAD ciphers).
  *
@@ -700,10 +700,10 @@
  * \param tag_len       desired tag length
  *
  * \returns             0 on success, or
- *                      POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
  *                      a cipher specific error code.
  */
-int cipher_auth_encrypt( cipher_context_t *ctx,
+int mbedtls_cipher_auth_encrypt( mbedtls_cipher_context_t *ctx,
                          const unsigned char *iv, size_t iv_len,
                          const unsigned char *ad, size_t ad_len,
                          const unsigned char *input, size_t ilen,
@@ -729,24 +729,24 @@
  * \param tag_len       length of the authentication tag
  *
  * \returns             0 on success, or
- *                      POLARSSL_ERR_CIPHER_BAD_INPUT_DATA, or
- *                      POLARSSL_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
+ *                      MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_CIPHER_AUTH_FAILED if data isn't authentic,
  *                      or a cipher specific error code.
  *
  * \note                If the data is not authentic, then the output buffer
  *                      is zeroed out to prevent the unauthentic plaintext to
  *                      be used by mistake, making this interface safer.
  */
-int cipher_auth_decrypt( cipher_context_t *ctx,
+int mbedtls_cipher_auth_decrypt( mbedtls_cipher_context_t *ctx,
                          const unsigned char *iv, size_t iv_len,
                          const unsigned char *ad, size_t ad_len,
                          const unsigned char *input, size_t ilen,
                          unsigned char *output, size_t *olen,
                          const unsigned char *tag, size_t tag_len );
-#endif /* POLARSSL_CIPHER_MODE_AEAD */
+#endif /* MBEDTLS_CIPHER_MODE_AEAD */
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_CIPHER_H */
+#endif /* MBEDTLS_CIPHER_H */
diff --git a/include/mbedtls/cipher_wrap.h b/include/mbedtls/cipher_wrap.h
index 3e685b1..c619267 100644
--- a/include/mbedtls/cipher_wrap.h
+++ b/include/mbedtls/cipher_wrap.h
@@ -23,13 +23,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_CIPHER_WRAP_H
-#define POLARSSL_CIPHER_WRAP_H
+#ifndef MBEDTLS_CIPHER_WRAP_H
+#define MBEDTLS_CIPHER_WRAP_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "cipher.h"
@@ -40,16 +40,16 @@
 
 typedef struct
 {
-    cipher_type_t type;
-    const cipher_info_t *info;
-} cipher_definition_t;
+    mbedtls_cipher_type_t type;
+    const mbedtls_cipher_info_t *info;
+} mbedtls_cipher_definition_t;
 
-extern const cipher_definition_t cipher_definitions[];
+extern const mbedtls_cipher_definition_t mbedtls_cipher_definitions[];
 
-extern int supported_ciphers[];
+extern int mbedtls_cipher_supported[];
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_CIPHER_WRAP_H */
+#endif /* MBEDTLS_CIPHER_WRAP_H */
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 3388330..c6cdc00 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -25,8 +25,8 @@
  * or disable features selectively, and reduce the global
  * memory footprint.
  */
-#ifndef POLARSSL_CONFIG_H
-#define POLARSSL_CONFIG_H
+#ifndef MBEDTLS_CONFIG_H
+#define MBEDTLS_CONFIG_H
 
 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
 #define _CRT_SECURE_NO_DEPRECATE 1
@@ -40,33 +40,33 @@
  */
 
 /**
- * \def POLARSSL_HAVE_INT8
+ * \def MBEDTLS_HAVE_INT8
  *
  * The system uses 8-bit wide native integers.
  *
  * Uncomment if native integers are 8-bit wide.
  */
-//#define POLARSSL_HAVE_INT8
+//#define MBEDTLS_HAVE_INT8
 
 /**
- * \def POLARSSL_HAVE_INT16
+ * \def MBEDTLS_HAVE_INT16
  *
  * The system uses 16-bit wide native integers.
  *
  * Uncomment if native integers are 16-bit wide.
  */
-//#define POLARSSL_HAVE_INT16
+//#define MBEDTLS_HAVE_INT16
 
 /**
- * \def POLARSSL_HAVE_LONGLONG
+ * \def MBEDTLS_HAVE_LONGLONG
  *
  * The compiler supports the 'long long' type.
  * (Only used on 32-bit platforms)
  */
-#define POLARSSL_HAVE_LONGLONG
+#define MBEDTLS_HAVE_LONGLONG
 
 /**
- * \def POLARSSL_HAVE_ASM
+ * \def MBEDTLS_HAVE_ASM
  *
  * The compiler has support for asm().
  *
@@ -79,28 +79,28 @@
  *
  * Comment to disable the use of assembly code.
  */
-#define POLARSSL_HAVE_ASM
+#define MBEDTLS_HAVE_ASM
 
 /**
- * \def POLARSSL_HAVE_SSE2
+ * \def MBEDTLS_HAVE_SSE2
  *
  * CPU supports SSE2 instruction set.
  *
  * Uncomment if the CPU supports SSE2 (IA-32 specific).
  */
-//#define POLARSSL_HAVE_SSE2
+//#define MBEDTLS_HAVE_SSE2
 
 /**
- * \def POLARSSL_HAVE_TIME
+ * \def MBEDTLS_HAVE_TIME
  *
  * System has time.h and time() / localtime()  / gettimeofday().
  *
  * Comment if your system does not support time functions
  */
-#define POLARSSL_HAVE_TIME
+#define MBEDTLS_HAVE_TIME
 
 /**
- * \def POLARSSL_HAVE_IPV6
+ * \def MBEDTLS_HAVE_IPV6
  *
  * System supports the basic socket interface for IPv6 (RFC 3493),
  * specifically getaddrinfo(), freeaddrinfo() and struct sockaddr_storage.
@@ -109,10 +109,10 @@
  *
  * Comment if your system does not support the IPv6 socket interface
  */
-#define POLARSSL_HAVE_IPV6
+#define MBEDTLS_HAVE_IPV6
 
 /**
- * \def POLARSSL_PLATFORM_MEMORY
+ * \def MBEDTLS_PLATFORM_MEMORY
  *
  * Enable the memory allocation layer.
  *
@@ -120,68 +120,68 @@
  * This allows different allocators (self-implemented or provided) to be
  * provided to the platform abstraction layer.
  *
- * Enabling POLARSSL_PLATFORM_MEMORY without the
- * POLARSSL_PLATFORM_{FREE,MALLOC}_MACROs will provide
- * "platform_set_malloc_free()" allowing you to set an alternative malloc() and
+ * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * MBEDTLS_PLATFORM_{FREE,MALLOC}_MACROs will provide
+ * "mbedtls_platform_set_malloc_free()" allowing you to set an alternative malloc() and
  * free() function pointer at runtime.
  *
- * Enabling POLARSSL_PLATFORM_MEMORY and specifying
- * POLARSSL_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the
+ * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * MBEDTLS_PLATFORM_{MALLOC,FREE}_MACROs will allow you to specify the
  * alternate function at compile time.
  *
- * Requires: POLARSSL_PLATFORM_C
+ * Requires: MBEDTLS_PLATFORM_C
  *
  * Enable this layer to allow use of alternative memory allocators.
  */
-//#define POLARSSL_PLATFORM_MEMORY
+//#define MBEDTLS_PLATFORM_MEMORY
 
 /**
- * \def POLARSSL_PLATFORM_NO_STD_FUNCTIONS
+ * \def MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
  *
  * Do not assign standard functions in the platform layer (e.g. malloc() to
- * POLARSSL_PLATFORM_STD_MALLOC and printf() to POLARSSL_PLATFORM_STD_PRINTF)
+ * MBEDTLS_PLATFORM_STD_MALLOC and printf() to MBEDTLS_PLATFORM_STD_PRINTF)
  *
  * This makes sure there are no linking errors on platforms that do not support
  * these functions. You will HAVE to provide alternatives, either at runtime
  * via the platform_set_xxx() functions or at compile time by setting
- * the POLARSSL_PLATFORM_STD_XXX defines, or enabling a
- * POLARSSL_PLATFORM_XXX_MACRO.
+ * the MBEDTLS_PLATFORM_STD_XXX defines, or enabling a
+ * MBEDTLS_PLATFORM_XXX_MACRO.
  *
- * Requires: POLARSSL_PLATFORM_C
+ * Requires: MBEDTLS_PLATFORM_C
  *
  * Uncomment to prevent default assignment of standard functions in the
  * platform layer.
  */
-//#define POLARSSL_PLATFORM_NO_STD_FUNCTIONS
+//#define MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
 
 /**
- * \def POLARSSL_PLATFORM_XXX_ALT
+ * \def MBEDTLS_PLATFORM_XXX_ALT
  *
  * Uncomment a macro to let mbed TLS support the function in the platform
  * abstraction layer.
  *
- * Example: In case you uncomment POLARSSL_PLATFORM_PRINTF_ALT, mbed TLS will
- * provide a function "platform_set_printf()" that allows you to set an
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * provide a function "mbedtls_platform_set_printf()" that allows you to set an
  * alternative printf function pointer.
  *
- * All these define require POLARSSL_PLATFORM_C to be defined!
+ * All these define require MBEDTLS_PLATFORM_C to be defined!
  *
- * WARNING: POLARSSL_PLATFORM_SNPRINTF_ALT is not available on Windows
+ * WARNING: MBEDTLS_PLATFORM_SNPRINTF_ALT is not available on Windows
  * for compatibility reasons.
  *
- * WARNING: POLARSSL_PLATFORM_XXX_ALT cannot be defined at the same time as
- * POLARSSL_PLATFORM_XXX_MACRO!
+ * WARNING: MBEDTLS_PLATFORM_XXX_ALT cannot be defined at the same time as
+ * MBEDTLS_PLATFORM_XXX_MACRO!
  *
  * Uncomment a macro to enable alternate implementation of specific base
  * platform function
  */
-//#define POLARSSL_PLATFORM_EXIT_ALT
-//#define POLARSSL_PLATFORM_FPRINTF_ALT
-//#define POLARSSL_PLATFORM_PRINTF_ALT
-//#define POLARSSL_PLATFORM_SNPRINTF_ALT
+//#define MBEDTLS_PLATFORM_EXIT_ALT
+//#define MBEDTLS_PLATFORM_FPRINTF_ALT
+//#define MBEDTLS_PLATFORM_PRINTF_ALT
+//#define MBEDTLS_PLATFORM_SNPRINTF_ALT
 
 /**
- * \def POLARSSL_DEPRECATED_WARNING
+ * \def MBEDTLS_DEPRECATED_WARNING
  *
  * Mark deprecated functions so that they generate a warning if used.
  * Functions deprecated in one version will usually be removed in the next
@@ -189,14 +189,14 @@
  * major version by making sure your code is not using these functions.
  *
  * This only works with GCC and Clang. With other compilers, you may want to
- * use POLARSSL_DEPRECATED_REMOVED
+ * use MBEDTLS_DEPRECATED_REMOVED
  *
  * Uncomment to get warnings on using deprecated functions.
  */
-//#define POLARSSL_DEPRECATED_WARNING
+//#define MBEDTLS_DEPRECATED_WARNING
 
 /**
- * \def POLARSSL_DEPRECATED_REMOVED
+ * \def MBEDTLS_DEPRECATED_REMOVED
  *
  * Remove deprecated functions so that they generate an error if used.
  * Functions deprecated in one version will usually be removed in the next
@@ -205,7 +205,7 @@
  *
  * Uncomment to get errors on using deprecated functions.
  */
-//#define POLARSSL_DEPRECATED_REMOVED
+//#define MBEDTLS_DEPRECATED_REMOVED
 
 /* \} name SECTION: System support */
 
@@ -218,20 +218,20 @@
  */
 
 /**
- * \def POLARSSL_TIMING_ALT
+ * \def MBEDTLS_TIMING_ALT
  *
- * Uncomment to provide your own alternate implementation for hardclock(),
- * get_timer(), set_alarm() and m_sleep().
+ * Uncomment to provide your own alternate implementation for mbedtls_timing_hardclock(),
+ * mbedtls_timing_get_timer(), mbedtls_set_alarm() and mbedtls_timing_m_sleep().
  *
- * Only works if you have POLARSSL_TIMING_C enabled.
+ * Only works if you have MBEDTLS_TIMING_C enabled.
  *
  * You will need to provide a header "timing_alt.h" and an implementation at
  * compile time.
  */
-//#define POLARSSL_TIMING_ALT
+//#define MBEDTLS_TIMING_ALT
 
 /**
- * \def POLARSSL__MODULE_NAME__ALT
+ * \def MBEDTLS__MODULE_NAME__ALT
  *
  * Uncomment a macro to let mbed TLS use your alternate core implementation of
  * a symmetric or hash module (e.g. platform specific assembly optimized
@@ -239,132 +239,132 @@
  * the same.
  *
  * This replaces the whole module. If you only want to replace one of the
- * functions, use one of the POLARSSL__FUNCTION_NAME__ALT flags.
+ * functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
  *
- * Example: In case you uncomment POLARSSL_AES_ALT, mbed TLS will no longer
- * provide the "struct aes_context" definition and omit the base function
+ * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * provide the "struct mbedtls_aes_context" definition and omit the base function
  * declarations and implementations. "aes_alt.h" will be included from
  * "aes.h" to include the new function definitions.
  *
  * Uncomment a macro to enable alternate implementation of the corresponding
  * module.
  */
-//#define POLARSSL_AES_ALT
-//#define POLARSSL_ARC4_ALT
-//#define POLARSSL_BLOWFISH_ALT
-//#define POLARSSL_CAMELLIA_ALT
-//#define POLARSSL_DES_ALT
-//#define POLARSSL_XTEA_ALT
-//#define POLARSSL_MD2_ALT
-//#define POLARSSL_MD4_ALT
-//#define POLARSSL_MD5_ALT
-//#define POLARSSL_RIPEMD160_ALT
-//#define POLARSSL_SHA1_ALT
-//#define POLARSSL_SHA256_ALT
-//#define POLARSSL_SHA512_ALT
+//#define MBEDTLS_AES_ALT
+//#define MBEDTLS_ARC4_ALT
+//#define MBEDTLS_BLOWFISH_ALT
+//#define MBEDTLS_CAMELLIA_ALT
+//#define MBEDTLS_DES_ALT
+//#define MBEDTLS_XTEA_ALT
+//#define MBEDTLS_MD2_ALT
+//#define MBEDTLS_MD4_ALT
+//#define MBEDTLS_MD5_ALT
+//#define MBEDTLS_RIPEMD160_ALT
+//#define MBEDTLS_SHA1_ALT
+//#define MBEDTLS_SHA256_ALT
+//#define MBEDTLS_SHA512_ALT
 
 /**
- * \def POLARSSL__FUNCTION_NAME__ALT
+ * \def MBEDTLS__FUNCTION_NAME__ALT
  *
  * Uncomment a macro to let mbed TLS use you alternate core implementation of
  * symmetric of hash function. Keep in mind that function prototypes should
  * remain the same.
  *
  * This replaces only one function. The header file from mbed TLS is still
- * used, in contrast to the POLARSSL__MODULE_NAME__ALT flags.
+ * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
  *
- * Example: In case you uncomment POLARSSL_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the sha1_process() function, but it will still provide
- * the other function (using your sha1_process() function) and the definition
- * of sha1_context, so your implementation of sha1_process must be compatible
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * no longer provide the mbedtls_sha1_process() function, but it will still provide
+ * the other function (using your mbedtls_sha1_process() function) and the definition
+ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
  * with this definition.
  *
  *
  * Uncomment a macro to enable alternate implementation of the corresponding
  * function.
  */
-//#define POLARSSL_MD2_PROCESS_ALT
-//#define POLARSSL_MD4_PROCESS_ALT
-//#define POLARSSL_MD5_PROCESS_ALT
-//#define POLARSSL_RIPEMD160_PROCESS_ALT
-//#define POLARSSL_SHA1_PROCESS_ALT
-//#define POLARSSL_SHA256_PROCESS_ALT
-//#define POLARSSL_SHA512_PROCESS_ALT
+//#define MBEDTLS_MD2_PROCESS_ALT
+//#define MBEDTLS_MD4_PROCESS_ALT
+//#define MBEDTLS_MD5_PROCESS_ALT
+//#define MBEDTLS_RIPEMD160_PROCESS_ALT
+//#define MBEDTLS_SHA1_PROCESS_ALT
+//#define MBEDTLS_SHA256_PROCESS_ALT
+//#define MBEDTLS_SHA512_PROCESS_ALT
 
 /**
- * \def POLARSSL_AES_ROM_TABLES
+ * \def MBEDTLS_AES_ROM_TABLES
  *
  * Store the AES tables in ROM.
  *
  * Uncomment this macro to store the AES tables in ROM.
  */
-//#define POLARSSL_AES_ROM_TABLES
+//#define MBEDTLS_AES_ROM_TABLES
 
 /**
- * \def POLARSSL_CAMELLIA_SMALL_MEMORY
+ * \def MBEDTLS_CAMELLIA_SMALL_MEMORY
  *
  * Use less ROM for the Camellia implementation (saves about 768 bytes).
  *
  * Uncomment this macro to use less memory for Camellia.
  */
-//#define POLARSSL_CAMELLIA_SMALL_MEMORY
+//#define MBEDTLS_CAMELLIA_SMALL_MEMORY
 
 /**
- * \def POLARSSL_CIPHER_MODE_CBC
+ * \def MBEDTLS_CIPHER_MODE_CBC
  *
  * Enable Cipher Block Chaining mode (CBC) for symmetric ciphers.
  */
-#define POLARSSL_CIPHER_MODE_CBC
+#define MBEDTLS_CIPHER_MODE_CBC
 
 /**
- * \def POLARSSL_CIPHER_MODE_CFB
+ * \def MBEDTLS_CIPHER_MODE_CFB
  *
  * Enable Cipher Feedback mode (CFB) for symmetric ciphers.
  */
-#define POLARSSL_CIPHER_MODE_CFB
+#define MBEDTLS_CIPHER_MODE_CFB
 
 /**
- * \def POLARSSL_CIPHER_MODE_CTR
+ * \def MBEDTLS_CIPHER_MODE_CTR
  *
  * Enable Counter Block Cipher mode (CTR) for symmetric ciphers.
  */
-#define POLARSSL_CIPHER_MODE_CTR
+#define MBEDTLS_CIPHER_MODE_CTR
 
 /**
- * \def POLARSSL_CIPHER_NULL_CIPHER
+ * \def MBEDTLS_CIPHER_NULL_CIPHER
  *
  * Enable NULL cipher.
  * Warning: Only do so when you know what you are doing. This allows for
  * encryption or channels without any security!
  *
- * Requires POLARSSL_ENABLE_WEAK_CIPHERSUITES as well to enable
+ * Requires MBEDTLS_ENABLE_WEAK_CIPHERSUITES as well to enable
  * the following ciphersuites:
- *      TLS_ECDH_ECDSA_WITH_NULL_SHA
- *      TLS_ECDH_RSA_WITH_NULL_SHA
- *      TLS_ECDHE_ECDSA_WITH_NULL_SHA
- *      TLS_ECDHE_RSA_WITH_NULL_SHA
- *      TLS_ECDHE_PSK_WITH_NULL_SHA384
- *      TLS_ECDHE_PSK_WITH_NULL_SHA256
- *      TLS_ECDHE_PSK_WITH_NULL_SHA
- *      TLS_DHE_PSK_WITH_NULL_SHA384
- *      TLS_DHE_PSK_WITH_NULL_SHA256
- *      TLS_DHE_PSK_WITH_NULL_SHA
- *      TLS_RSA_WITH_NULL_SHA256
- *      TLS_RSA_WITH_NULL_SHA
- *      TLS_RSA_WITH_NULL_MD5
- *      TLS_RSA_PSK_WITH_NULL_SHA384
- *      TLS_RSA_PSK_WITH_NULL_SHA256
- *      TLS_RSA_PSK_WITH_NULL_SHA
- *      TLS_PSK_WITH_NULL_SHA384
- *      TLS_PSK_WITH_NULL_SHA256
- *      TLS_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_NULL_SHA
+ *      MBEDTLS_TLS_RSA_WITH_NULL_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_NULL_SHA
  *
  * Uncomment this macro to enable the NULL cipher and ciphersuites
  */
-//#define POLARSSL_CIPHER_NULL_CIPHER
+//#define MBEDTLS_CIPHER_NULL_CIPHER
 
 /**
- * \def POLARSSL_CIPHER_PADDING_XXX
+ * \def MBEDTLS_CIPHER_PADDING_XXX
  *
  * Uncomment or comment macros to add support for specific padding modes
  * in the cipher layer with cipher modes that support padding (e.g. CBC)
@@ -373,65 +373,65 @@
  *
  * Enable padding modes in the cipher layer.
  */
-#define POLARSSL_CIPHER_PADDING_PKCS7
-#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
-#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
-#define POLARSSL_CIPHER_PADDING_ZEROS
+#define MBEDTLS_CIPHER_PADDING_PKCS7
+#define MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS
+#define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
+#define MBEDTLS_CIPHER_PADDING_ZEROS
 
 /**
- * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
+ * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
  *
  * Enable weak ciphersuites in SSL / TLS.
  * Warning: Only do so when you know what you are doing. This allows for
  * channels with virtually no security at all!
  *
  * This enables the following ciphersuites:
- *      TLS_RSA_WITH_DES_CBC_SHA
- *      TLS_DHE_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_DES_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_DES_CBC_SHA
  *
  * Uncomment this macro to enable weak ciphersuites
  */
-//#define POLARSSL_ENABLE_WEAK_CIPHERSUITES
+//#define MBEDTLS_ENABLE_WEAK_CIPHERSUITES
 
 /**
- * \def POLARSSL_REMOVE_ARC4_CIPHERSUITES
+ * \def MBEDTLS_REMOVE_ARC4_CIPHERSUITES
  *
  * Remove RC4 ciphersuites by default in SSL / TLS.
  * This flag removes the ciphersuites based on RC4 from the default list as
- * returned by ssl_list_ciphersuites(). However, it is still possible to
- * enable (some of) them with ssl_set_ciphersuites() by including them
+ * returned by mbedtls_ssl_list_ciphersuites(). However, it is still possible to
+ * enable (some of) them with mbedtls_ssl_set_ciphersuites() by including them
  * explicitly.
  *
  * Uncomment this macro to remove RC4 ciphersuites by default.
  */
-#define POLARSSL_REMOVE_ARC4_CIPHERSUITES
+#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
 
 /**
- * \def POLARSSL_ECP_XXXX_ENABLED
+ * \def MBEDTLS_ECP_XXXX_ENABLED
  *
  * Enables specific curves within the Elliptic Curve module.
  * By default all supported curves are enabled.
  *
  * Comment macros to disable the curve and functions for it
  */
-#define POLARSSL_ECP_DP_SECP192R1_ENABLED
-#define POLARSSL_ECP_DP_SECP224R1_ENABLED
-#define POLARSSL_ECP_DP_SECP256R1_ENABLED
-#define POLARSSL_ECP_DP_SECP384R1_ENABLED
-#define POLARSSL_ECP_DP_SECP521R1_ENABLED
-#define POLARSSL_ECP_DP_SECP192K1_ENABLED
-#define POLARSSL_ECP_DP_SECP224K1_ENABLED
-#define POLARSSL_ECP_DP_SECP256K1_ENABLED
-#define POLARSSL_ECP_DP_BP256R1_ENABLED
-#define POLARSSL_ECP_DP_BP384R1_ENABLED
-#define POLARSSL_ECP_DP_BP512R1_ENABLED
-//#define POLARSSL_ECP_DP_M221_ENABLED  // Not implemented yet!
-#define POLARSSL_ECP_DP_M255_ENABLED
-//#define POLARSSL_ECP_DP_M383_ENABLED  // Not implemented yet!
-//#define POLARSSL_ECP_DP_M511_ENABLED  // Not implemented yet!
+#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#define MBEDTLS_ECP_DP_BP512R1_ENABLED
+//#define MBEDTLS_ECP_DP_M221_ENABLED  // Not implemented yet!
+#define MBEDTLS_ECP_DP_M255_ENABLED
+//#define MBEDTLS_ECP_DP_M383_ENABLED  // Not implemented yet!
+//#define MBEDTLS_ECP_DP_M511_ENABLED  // Not implemented yet!
 
 /**
- * \def POLARSSL_ECP_NIST_OPTIM
+ * \def MBEDTLS_ECP_NIST_OPTIM
  *
  * Enable specific 'modulo p' routines for each NIST prime.
  * Depending on the prime and architecture, makes operations 4 to 8 times
@@ -439,266 +439,266 @@
  *
  * Comment this macro to disable NIST curves optimisation.
  */
-#define POLARSSL_ECP_NIST_OPTIM
+#define MBEDTLS_ECP_NIST_OPTIM
 
 /**
- * \def POLARSSL_ECDSA_DETERMINISTIC
+ * \def MBEDTLS_ECDSA_DETERMINISTIC
  *
  * Enable deterministic ECDSA (RFC 6979).
  * Standard ECDSA is "fragile" in the sense that lack of entropy when signing
  * may result in a compromise of the long-term signing key. This is avoided by
  * the deterministic variant.
  *
- * Requires: POLARSSL_HMAC_DRBG_C
+ * Requires: MBEDTLS_HMAC_DRBG_C
  *
  * Comment this macro to disable deterministic ECDSA.
  */
-#define POLARSSL_ECDSA_DETERMINISTIC
+#define MBEDTLS_ECDSA_DETERMINISTIC
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
  *
  * Enable the PSK based ciphersuite modes in SSL / TLS.
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_PSK_WITH_AES_256_CBC_SHA
- *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_PSK_WITH_AES_128_CBC_SHA
- *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
  *
  * Enable the DHE-PSK based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_DHM_C
+ * Requires: MBEDTLS_DHM_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
  *
  * Enable the ECDHE-PSK based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_ECDH_C
+ * Requires: MBEDTLS_ECDH_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
  *
  * Enable the RSA-PSK based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- *           POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
  *
  * Enable the RSA-only based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- *           POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_RSA_WITH_AES_256_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_WITH_AES_128_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_RSA_WITH_RC4_128_SHA
- *      TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
  */
-#define POLARSSL_KEY_EXCHANGE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
  *
  * Enable the DHE-RSA based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_DHM_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- *           POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_DHM_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
  *
  * Enable the ECDHE-RSA based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_RSA_C, POLARSSL_PKCS1_V15,
- *           POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_RSA_C, MBEDTLS_PKCS1_V15,
+ *           MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
  *
  * Enable the ECDHE-ECDSA based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_ECDSA_C, POLARSSL_X509_CRT_PARSE_C,
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_ECDSA_C, MBEDTLS_X509_CRT_PARSE_C,
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  */
-#define POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
  *
  * Enable the ECDH-ECDSA based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
 
 /**
- * \def POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+ * \def MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
  *
  * Enable the ECDH-RSA based ciphersuite modes in SSL / TLS.
  *
- * Requires: POLARSSL_ECDH_C, POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_ECDH_C, MBEDTLS_X509_CRT_PARSE_C
  *
  * This enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
  */
-#define POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED
+#define MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED
 
 /**
- * \def POLARSSL_PK_PARSE_EC_EXTENDED
+ * \def MBEDTLS_PK_PARSE_EC_EXTENDED
  *
  * Enhance support for reading EC keys using variants of SEC1 not allowed by
  * RFC 5915 and RFC 5480.
@@ -709,54 +709,54 @@
  *
  * Disable if you only need to support RFC 5915 + 5480 key formats.
  */
-#define POLARSSL_PK_PARSE_EC_EXTENDED
+#define MBEDTLS_PK_PARSE_EC_EXTENDED
 
 /**
- * \def POLARSSL_ERROR_STRERROR_DUMMY
+ * \def MBEDTLS_ERROR_STRERROR_DUMMY
  *
- * Enable a dummy error function to make use of polarssl_strerror() in
- * third party libraries easier when POLARSSL_ERROR_C is disabled
- * (no effect when POLARSSL_ERROR_C is enabled).
+ * Enable a dummy error function to make use of mbedtls_strerror() in
+ * third party libraries easier when MBEDTLS_ERROR_C is disabled
+ * (no effect when MBEDTLS_ERROR_C is enabled).
  *
- * You can safely disable this if POLARSSL_ERROR_C is enabled, or if you're
- * not using polarssl_strerror() or error_strerror() in your application.
+ * You can safely disable this if MBEDTLS_ERROR_C is enabled, or if you're
+ * not using mbedtls_strerror() or error_strerror() in your application.
  *
  * Disable if you run into name conflicts and want to really remove the
- * polarssl_strerror()
+ * mbedtls_strerror()
  */
-#define POLARSSL_ERROR_STRERROR_DUMMY
+#define MBEDTLS_ERROR_STRERROR_DUMMY
 
 /**
- * \def POLARSSL_GENPRIME
+ * \def MBEDTLS_GENPRIME
  *
  * Enable the prime-number generation code.
  *
- * Requires: POLARSSL_BIGNUM_C
+ * Requires: MBEDTLS_BIGNUM_C
  */
-#define POLARSSL_GENPRIME
+#define MBEDTLS_GENPRIME
 
 /**
- * \def POLARSSL_FS_IO
+ * \def MBEDTLS_FS_IO
  *
  * Enable functions that use the filesystem.
  */
-#define POLARSSL_FS_IO
+#define MBEDTLS_FS_IO
 
 /**
- * \def POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+ * \def MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
  *
  * Do not add default entropy sources. These are the platform specific,
- * hardclock and HAVEGE based poll functions.
+ * mbedtls_timing_hardclock and HAVEGE based poll functions.
  *
  * This is useful to have more control over the added entropy sources in an
  * application.
  *
  * Uncomment this macro to prevent loading of default entropy functions.
  */
-//#define POLARSSL_NO_DEFAULT_ENTROPY_SOURCES
+//#define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
 
 /**
- * \def POLARSSL_NO_PLATFORM_ENTROPY
+ * \def MBEDTLS_NO_PLATFORM_ENTROPY
  *
  * Do not use built-in platform entropy functions.
  * This is useful if your platform does not support
@@ -764,99 +764,99 @@
  *
  * Uncomment this macro to disable the built-in platform entropy functions.
  */
-//#define POLARSSL_NO_PLATFORM_ENTROPY
+//#define MBEDTLS_NO_PLATFORM_ENTROPY
 
 /**
- * \def POLARSSL_ENTROPY_FORCE_SHA256
+ * \def MBEDTLS_ENTROPY_FORCE_SHA256
  *
  * Force the entropy accumulator to use a SHA-256 accumulator instead of the
  * default SHA-512 based one (if both are available).
  *
- * Requires: POLARSSL_SHA256_C
+ * Requires: MBEDTLS_SHA256_C
  *
  * On 32-bit systems SHA-256 can be much faster than SHA-512. Use this option
  * if you have performance concerns.
  *
- * This option is only useful if both POLARSSL_SHA256_C and
- * POLARSSL_SHA512_C are defined. Otherwise the available hash module is used.
+ * This option is only useful if both MBEDTLS_SHA256_C and
+ * MBEDTLS_SHA512_C are defined. Otherwise the available hash module is used.
  */
-//#define POLARSSL_ENTROPY_FORCE_SHA256
+//#define MBEDTLS_ENTROPY_FORCE_SHA256
 
 /**
- * \def POLARSSL_MEMORY_DEBUG
+ * \def MBEDTLS_MEMORY_DEBUG
  *
  * Enable debugging of buffer allocator memory issues. Automatically prints
  * (to stderr) all (fatal) messages on memory allocation issues. Enables
  * function for 'debug output' of allocated memory.
  *
- * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
  *
  * Uncomment this macro to let the buffer allocator print out error messages.
  */
-//#define POLARSSL_MEMORY_DEBUG
+//#define MBEDTLS_MEMORY_DEBUG
 
 /**
- * \def POLARSSL_MEMORY_BACKTRACE
+ * \def MBEDTLS_MEMORY_BACKTRACE
  *
  * Include backtrace information with each allocated block.
  *
- * Requires: POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * Requires: MBEDTLS_MEMORY_BUFFER_ALLOC_C
  *           GLIBC-compatible backtrace() an backtrace_symbols() support
  *
  * Uncomment this macro to include backtrace information
  */
-//#define POLARSSL_MEMORY_BACKTRACE
+//#define MBEDTLS_MEMORY_BACKTRACE
 
 /**
- * \def POLARSSL_PK_RSA_ALT_SUPPORT
+ * \def MBEDTLS_PK_RSA_ALT_SUPPORT
  *
  * Support external private RSA keys (eg from a HSM) in the PK layer.
  *
  * Comment this macro to disable support for external private RSA keys.
  */
-#define POLARSSL_PK_RSA_ALT_SUPPORT
+#define MBEDTLS_PK_RSA_ALT_SUPPORT
 
 /**
- * \def POLARSSL_PKCS1_V15
+ * \def MBEDTLS_PKCS1_V15
  *
  * Enable support for PKCS#1 v1.5 encoding.
  *
- * Requires: POLARSSL_RSA_C
+ * Requires: MBEDTLS_RSA_C
  *
  * This enables support for PKCS#1 v1.5 operations.
  */
-#define POLARSSL_PKCS1_V15
+#define MBEDTLS_PKCS1_V15
 
 /**
- * \def POLARSSL_PKCS1_V21
+ * \def MBEDTLS_PKCS1_V21
  *
  * Enable support for PKCS#1 v2.1 encoding.
  *
- * Requires: POLARSSL_MD_C, POLARSSL_RSA_C
+ * Requires: MBEDTLS_MD_C, MBEDTLS_RSA_C
  *
  * This enables support for RSAES-OAEP and RSASSA-PSS operations.
  */
-#define POLARSSL_PKCS1_V21
+#define MBEDTLS_PKCS1_V21
 
 /**
- * \def POLARSSL_RSA_NO_CRT
+ * \def MBEDTLS_RSA_NO_CRT
  *
  * Do not use the Chinese Remainder Theorem for the RSA private operation.
  *
  * Uncomment this macro to disable the use of CRT in RSA.
  *
  */
-//#define POLARSSL_RSA_NO_CRT
+//#define MBEDTLS_RSA_NO_CRT
 
 /**
- * \def POLARSSL_SELF_TEST
+ * \def MBEDTLS_SELF_TEST
  *
  * Enable the checkup functions (*_self_test).
  */
-#define POLARSSL_SELF_TEST
+#define MBEDTLS_SELF_TEST
 
 /**
- * \def POLARSSL_SSL_AEAD_RANDOM_IV
+ * \def MBEDTLS_SSL_AEAD_RANDOM_IV
  *
  * Generate a random IV rather than using the record sequence number as a
  * nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
@@ -865,10 +865,10 @@
  *
  * Uncomment this macro to always use random IVs with AEAD ciphersuites.
  */
-//#define POLARSSL_SSL_AEAD_RANDOM_IV
+//#define MBEDTLS_SSL_AEAD_RANDOM_IV
 
 /**
- * \def POLARSSL_SSL_ALL_ALERT_MESSAGES
+ * \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
  *
  * Enable sending of alert messages in case of encountered errors as per RFC.
  * If you choose not to send the alert messages, mbed TLS can still communicate
@@ -879,10 +879,10 @@
  *
  * Enable sending of all alert messages
  */
-#define POLARSSL_SSL_ALL_ALERT_MESSAGES
+#define MBEDTLS_SSL_ALL_ALERT_MESSAGES
 
 /**
- * \def POLARSSL_SSL_DEBUG_ALL
+ * \def MBEDTLS_SSL_DEBUG_ALL
  *
  * Enable the debug messages in SSL module for all issues.
  * Debug messages have been disabled in some places to prevent timing
@@ -895,9 +895,9 @@
  * a timing side-channel.
  *
  */
-//#define POLARSSL_SSL_DEBUG_ALL
+//#define MBEDTLS_SSL_DEBUG_ALL
 
-/** \def POLARSSL_SSL_ENCRYPT_THEN_MAC
+/** \def MBEDTLS_SSL_ENCRYPT_THEN_MAC
  *
  * Enable support for Encrypt-then-MAC, RFC 7366.
  *
@@ -907,15 +907,15 @@
  *
  * This only affects CBC ciphersuites, and is useless if none is defined.
  *
- * Requires: POLARSSL_SSL_PROTO_TLS1    or
- *           POLARSSL_SSL_PROTO_TLS1_1  or
- *           POLARSSL_SSL_PROTO_TLS1_2
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
  *
  * Comment this macro to disable support for Encrypt-then-MAC
  */
-#define POLARSSL_SSL_ENCRYPT_THEN_MAC
+#define MBEDTLS_SSL_ENCRYPT_THEN_MAC
 
-/** \def POLARSSL_SSL_EXTENDED_MASTER_SECRET
+/** \def MBEDTLS_SSL_EXTENDED_MASTER_SECRET
  *
  * Enable support for Extended Master Secret, aka Session Hash
  * (draft-ietf-tls-session-hash-02).
@@ -925,16 +925,16 @@
  * renegotiation), since it actually fixes a more fundamental issue in the
  * original SSL/TLS design, and has implications beyond Triple Handshake.
  *
- * Requires: POLARSSL_SSL_PROTO_TLS1    or
- *           POLARSSL_SSL_PROTO_TLS1_1  or
- *           POLARSSL_SSL_PROTO_TLS1_2
+ * Requires: MBEDTLS_SSL_PROTO_TLS1    or
+ *           MBEDTLS_SSL_PROTO_TLS1_1  or
+ *           MBEDTLS_SSL_PROTO_TLS1_2
  *
  * Comment this macro to disable support for Extended Master Secret.
  */
-#define POLARSSL_SSL_EXTENDED_MASTER_SECRET
+#define MBEDTLS_SSL_EXTENDED_MASTER_SECRET
 
 /**
- * \def POLARSSL_SSL_FALLBACK_SCSV
+ * \def MBEDTLS_SSL_FALLBACK_SCSV
  *
  * Enable support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv-00).
  *
@@ -948,20 +948,20 @@
  *
  * Comment this macro to disable support for FALLBACK_SCSV
  */
-#define POLARSSL_SSL_FALLBACK_SCSV
+#define MBEDTLS_SSL_FALLBACK_SCSV
 
 /**
- * \def POLARSSL_SSL_HW_RECORD_ACCEL
+ * \def MBEDTLS_SSL_HW_RECORD_ACCEL
  *
  * Enable hooking functions in SSL module for hardware acceleration of
  * individual records.
  *
  * Uncomment this macro to enable hooking functions.
  */
-//#define POLARSSL_SSL_HW_RECORD_ACCEL
+//#define MBEDTLS_SSL_HW_RECORD_ACCEL
 
 /**
- * \def POLARSSL_SSL_CBC_RECORD_SPLITTING
+ * \def MBEDTLS_SSL_CBC_RECORD_SPLITTING
  *
  * Enable 1/n-1 record splitting for CBC mode in SSLv3 and TLS 1.0.
  *
@@ -970,10 +970,10 @@
  *
  * Comment this macro to disable 1/n-1 record splitting.
  */
-#define POLARSSL_SSL_CBC_RECORD_SPLITTING
+#define MBEDTLS_SSL_CBC_RECORD_SPLITTING
 
 /**
- * \def POLARSSL_SSL_RENEGOTIATION
+ * \def MBEDTLS_SSL_RENEGOTIATION
  *
  * Disable support for TLS renegotiation.
  *
@@ -985,96 +985,96 @@
  *
  * Comment this to disable support for renegotiation.
  */
-#define POLARSSL_SSL_RENEGOTIATION
+#define MBEDTLS_SSL_RENEGOTIATION
 
 /**
- * \def POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+ * \def MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
  *
  * Enable support for receiving and parsing SSLv2 Client Hello messages for the
- * SSL Server module (POLARSSL_SSL_SRV_C).
+ * SSL Server module (MBEDTLS_SSL_SRV_C).
  *
  * Uncomment this macro to enable support for SSLv2 Client Hello messages.
  */
-//#define POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
+//#define MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
 
 /**
- * \def POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+ * \def MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
  *
  * Pick the ciphersuite according to the client's preferences rather than ours
- * in the SSL Server module (POLARSSL_SSL_SRV_C).
+ * in the SSL Server module (MBEDTLS_SSL_SRV_C).
  *
  * Uncomment this macro to respect client's ciphersuite order
  */
-//#define POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE
+//#define MBEDTLS_SSL_SRV_RESPECT_CLIENT_PREFERENCE
 
 /**
- * \def POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+ * \def MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
  *
  * Enable support for RFC 6066 max_fragment_length extension in SSL.
  *
  * Comment this macro to disable support for the max_fragment_length extension
  */
-#define POLARSSL_SSL_MAX_FRAGMENT_LENGTH
+#define MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
 
 /**
- * \def POLARSSL_SSL_PROTO_SSL3
+ * \def MBEDTLS_SSL_PROTO_SSL3
  *
  * Enable support for SSL 3.0.
  *
- * Requires: POLARSSL_MD5_C
- *           POLARSSL_SHA1_C
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
  *
  * Comment this macro to disable support for SSL 3.0
  */
-#define POLARSSL_SSL_PROTO_SSL3
+#define MBEDTLS_SSL_PROTO_SSL3
 
 /**
- * \def POLARSSL_SSL_PROTO_TLS1
+ * \def MBEDTLS_SSL_PROTO_TLS1
  *
  * Enable support for TLS 1.0.
  *
- * Requires: POLARSSL_MD5_C
- *           POLARSSL_SHA1_C
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
  *
  * Comment this macro to disable support for TLS 1.0
  */
-#define POLARSSL_SSL_PROTO_TLS1
+#define MBEDTLS_SSL_PROTO_TLS1
 
 /**
- * \def POLARSSL_SSL_PROTO_TLS1_1
+ * \def MBEDTLS_SSL_PROTO_TLS1_1
  *
  * Enable support for TLS 1.1 (and DTLS 1.0 if DTLS is enabled).
  *
- * Requires: POLARSSL_MD5_C
- *           POLARSSL_SHA1_C
+ * Requires: MBEDTLS_MD5_C
+ *           MBEDTLS_SHA1_C
  *
  * Comment this macro to disable support for TLS 1.1 / DTLS 1.0
  */
-#define POLARSSL_SSL_PROTO_TLS1_1
+#define MBEDTLS_SSL_PROTO_TLS1_1
 
 /**
- * \def POLARSSL_SSL_PROTO_TLS1_2
+ * \def MBEDTLS_SSL_PROTO_TLS1_2
  *
  * Enable support for TLS 1.2 (and DTLS 1.2 if DTLS is enabled).
  *
- * Requires: POLARSSL_SHA1_C or POLARSSL_SHA256_C or POLARSSL_SHA512_C
+ * Requires: MBEDTLS_SHA1_C or MBEDTLS_SHA256_C or MBEDTLS_SHA512_C
  *           (Depends on ciphersuites)
  *
  * Comment this macro to disable support for TLS 1.2 / DTLS 1.2
  */
-#define POLARSSL_SSL_PROTO_TLS1_2
+#define MBEDTLS_SSL_PROTO_TLS1_2
 
 /**
- * \def POLARSSL_SSL_PROTO_DTLS
+ * \def MBEDTLS_SSL_PROTO_DTLS
  *
  * Enable support for DTLS (all available versions).
  *
- * Enable this and POLARSSL_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
- * and/or this and POLARSSL_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
+ * Enable this and MBEDTLS_SSL_PROTO_TLS1_1 to enable DTLS 1.0,
+ * and/or this and MBEDTLS_SSL_PROTO_TLS1_2 to enable DTLS 1.2.
  *
- * Requires: POLARSSL_SSL_PROTO_TLS1_1
- *        or POLARSSL_SSL_PROTO_TLS1_2
- *           POLARSSL_TIMING_C
+ * Requires: MBEDTLS_SSL_PROTO_TLS1_1
+ *        or MBEDTLS_SSL_PROTO_TLS1_2
+ *           MBEDTLS_TIMING_C
  *
  * \note Dependency on TIMING_C may be replaced by something more flexible
  * (callbacks or abstraction layer in the next major version). Please contact
@@ -1082,34 +1082,34 @@
  *
  * Comment this macro to disable support for DTLS
  */
-#define POLARSSL_SSL_PROTO_DTLS
+#define MBEDTLS_SSL_PROTO_DTLS
 
 /**
- * \def POLARSSL_SSL_ALPN
+ * \def MBEDTLS_SSL_ALPN
  *
  * Enable support for RFC 7301 Application Layer Protocol Negotiation.
  *
  * Comment this macro to disable support for ALPN.
  */
-#define POLARSSL_SSL_ALPN
+#define MBEDTLS_SSL_ALPN
 
 /**
- * \def POLARSSL_SSL_DTLS_ANTI_REPLAY
+ * \def MBEDTLS_SSL_DTLS_ANTI_REPLAY
  *
  * Enable support for the anti-replay mechanism in DTLS.
  *
- * Requires: POLARSSL_SSL_TLS_C
- *           POLARSSL_SSL_PROTO_DTLS
+ * Requires: MBEDTLS_SSL_TLS_C
+ *           MBEDTLS_SSL_PROTO_DTLS
  *
  * \warning Disabling this is often a security risk!
- * See ssl_set_dtls_anti_replay() for details.
+ * See mbedtls_ssl_set_dtls_anti_replay() for details.
  *
  * Comment this to disable anti-replay in DTLS.
  */
-#define POLARSSL_SSL_DTLS_ANTI_REPLAY
+#define MBEDTLS_SSL_DTLS_ANTI_REPLAY
 
 /**
- * \def POLARSSL_SSL_DTLS_HELLO_VERIFY
+ * \def MBEDTLS_SSL_DTLS_HELLO_VERIFY
  *
  * Enable support for HelloVerifyRequest on DTLS servers.
  *
@@ -1120,128 +1120,128 @@
  *
  * \warning Disabling this can ba a security risk! (see above)
  *
- * Requires: POLARSSL_SSL_SRV_C
- *           POLARSSL_SSL_PROTO_DTLS
+ * Requires: MBEDTLS_SSL_SRV_C
+ *           MBEDTLS_SSL_PROTO_DTLS
  *
  * Comment this to disable support for HelloVerifyRequest.
  */
-#define POLARSSL_SSL_DTLS_HELLO_VERIFY
+#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
 
 /**
- * \def POLARSSL_SSL_DTLS_BADMAC_LIMIT
+ * \def MBEDTLS_SSL_DTLS_BADMAC_LIMIT
  *
  * Enable support for a limit of records with bad MAC.
  *
- * See ssl_set_dtls_badmac_limit().
+ * See mbedtls_ssl_set_dtls_badmac_limit().
  *
- * Requires: POLARSSL_SSL_PROTO_DTLS
+ * Requires: MBEDTLS_SSL_PROTO_DTLS
  */
-#define POLARSSL_SSL_DTLS_BADMAC_LIMIT
+#define MBEDTLS_SSL_DTLS_BADMAC_LIMIT
 
 /**
- * \def POLARSSL_SSL_SESSION_TICKETS
+ * \def MBEDTLS_SSL_SESSION_TICKETS
  *
  * Enable support for RFC 5077 session tickets in SSL.
  *
- * Requires: POLARSSL_AES_C
- *           POLARSSL_SHA256_C
- *           POLARSSL_CIPHER_MODE_CBC
+ * Requires: MBEDTLS_AES_C
+ *           MBEDTLS_SHA256_C
+ *           MBEDTLS_CIPHER_MODE_CBC
  *
  * Comment this macro to disable support for SSL session tickets
  */
-#define POLARSSL_SSL_SESSION_TICKETS
+#define MBEDTLS_SSL_SESSION_TICKETS
 
 /**
- * \def POLARSSL_SSL_SERVER_NAME_INDICATION
+ * \def MBEDTLS_SSL_SERVER_NAME_INDICATION
  *
  * Enable support for RFC 6066 server name indication (SNI) in SSL.
  *
- * Requires: POLARSSL_X509_CRT_PARSE_C
+ * Requires: MBEDTLS_X509_CRT_PARSE_C
  *
  * Comment this macro to disable support for server name indication in SSL
  */
-#define POLARSSL_SSL_SERVER_NAME_INDICATION
+#define MBEDTLS_SSL_SERVER_NAME_INDICATION
 
 /**
- * \def POLARSSL_SSL_TRUNCATED_HMAC
+ * \def MBEDTLS_SSL_TRUNCATED_HMAC
  *
  * Enable support for RFC 6066 truncated HMAC in SSL.
  *
  * Comment this macro to disable support for truncated HMAC in SSL
  */
-#define POLARSSL_SSL_TRUNCATED_HMAC
+#define MBEDTLS_SSL_TRUNCATED_HMAC
 
 /**
- * \def POLARSSL_SSL_SET_CURVES
+ * \def MBEDTLS_SSL_SET_CURVES
  *
- * Enable ssl_set_curves().
+ * Enable mbedtls_ssl_set_curves().
  *
  * This is disabled by default since it breaks binary compatibility with the
  * 1.3.x line. If you choose to enable it, you will need to rebuild your
  * application against the new header files, relinking will not be enough.
  * It will be enabled by default, or no longer an option, in the 1.4 branch.
  *
- * Uncomment to make ssl_set_curves() available.
+ * Uncomment to make mbedtls_ssl_set_curves() available.
  */
-//#define POLARSSL_SSL_SET_CURVES
+//#define MBEDTLS_SSL_SET_CURVES
 
 /**
- * \def POLARSSL_THREADING_ALT
+ * \def MBEDTLS_THREADING_ALT
  *
  * Provide your own alternate threading implementation.
  *
- * Requires: POLARSSL_THREADING_C
+ * Requires: MBEDTLS_THREADING_C
  *
  * Uncomment this to allow your own alternate threading implementation.
  */
-//#define POLARSSL_THREADING_ALT
+//#define MBEDTLS_THREADING_ALT
 
 /**
- * \def POLARSSL_THREADING_PTHREAD
+ * \def MBEDTLS_THREADING_PTHREAD
  *
  * Enable the pthread wrapper layer for the threading layer.
  *
- * Requires: POLARSSL_THREADING_C
+ * Requires: MBEDTLS_THREADING_C
  *
  * Uncomment this to enable pthread mutexes.
  */
-//#define POLARSSL_THREADING_PTHREAD
+//#define MBEDTLS_THREADING_PTHREAD
 
 /**
- * \def POLARSSL_VERSION_FEATURES
+ * \def MBEDTLS_VERSION_FEATURES
  *
  * Allow run-time checking of compile-time enabled features. Thus allowing users
  * to check at run-time if the library is for instance compiled with threading
- * support via version_check_feature().
+ * support via mbedtls_version_check_feature().
  *
- * Requires: POLARSSL_VERSION_C
+ * Requires: MBEDTLS_VERSION_C
  *
  * Comment this to disable run-time checking and save ROM space
  */
-#define POLARSSL_VERSION_FEATURES
+#define MBEDTLS_VERSION_FEATURES
 
 /**
- * \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+ * \def MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
  *
  * If set, the X509 parser will not break-off when parsing an X509 certificate
  * and encountering an extension in a v1 or v2 certificate.
  *
  * Uncomment to prevent an error.
  */
-//#define POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
+//#define MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3
 
 /**
- * \def POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+ * \def MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
  *
  * If set, the X509 parser will not break-off when parsing an X509 certificate
  * and encountering an unknown critical extension.
  *
  * Uncomment to prevent an error.
  */
-//#define POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
+//#define MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION
 
 /**
- * \def POLARSSL_X509_CHECK_KEY_USAGE
+ * \def MBEDTLS_X509_CHECK_KEY_USAGE
  *
  * Enable verification of the keyUsage extension (CA and leaf certificates).
  *
@@ -1252,10 +1252,10 @@
  *
  * Comment to skip keyUsage checking for both CA and leaf certificates.
  */
-#define POLARSSL_X509_CHECK_KEY_USAGE
+#define MBEDTLS_X509_CHECK_KEY_USAGE
 
 /**
- * \def POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
+ * \def MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
  *
  * Enable verification of the extendedKeyUsage extension (leaf certificates).
  *
@@ -1265,20 +1265,20 @@
  *
  * Comment to skip extendedKeyUsage checking for certificates.
  */
-#define POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
 
 /**
- * \def POLARSSL_X509_RSASSA_PSS_SUPPORT
+ * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
  *
  * Enable parsing and verification of X.509 certificates, CRLs and CSRS
  * signed with RSASSA-PSS (aka PKCS#1 v2.1).
  *
  * Comment this macro to disallow using RSASSA-PSS in certificates.
  */
-#define POLARSSL_X509_RSASSA_PSS_SUPPORT
+#define MBEDTLS_X509_RSASSA_PSS_SUPPORT
 
 /**
- * \def POLARSSL_ZLIB_SUPPORT
+ * \def MBEDTLS_ZLIB_SUPPORT
  *
  * If set, the SSL/TLS module uses ZLIB to support compression and
  * decompression of packet data.
@@ -1297,7 +1297,7 @@
  *
  * Uncomment to enable use of ZLIB
  */
-//#define POLARSSL_ZLIB_SUPPORT
+//#define MBEDTLS_ZLIB_SUPPORT
 /* \} name SECTION: mbed TLS feature support */
 
 /**
@@ -1308,21 +1308,21 @@
  */
 
 /**
- * \def POLARSSL_AESNI_C
+ * \def MBEDTLS_AESNI_C
  *
  * Enable AES-NI support on x86-64.
  *
  * Module:  library/aesni.c
  * Caller:  library/aes.c
  *
- * Requires: POLARSSL_HAVE_ASM
+ * Requires: MBEDTLS_HAVE_ASM
  *
  * This modules adds support for the AES-NI instructions on x86-64
  */
-#define POLARSSL_AESNI_C
+#define MBEDTLS_AESNI_C
 
 /**
- * \def POLARSSL_AES_C
+ * \def MBEDTLS_AES_C
  *
  * Enable the AES block cipher.
  *
@@ -1333,71 +1333,71 @@
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_256_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_DHE_PSK_WITH_AES_128_CBC_SHA
- *      TLS_RSA_WITH_AES_256_GCM_SHA384
- *      TLS_RSA_WITH_AES_256_CBC_SHA256
- *      TLS_RSA_WITH_AES_256_CBC_SHA
- *      TLS_RSA_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_WITH_AES_128_CBC_SHA
- *      TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_RSA_PSK_WITH_AES_256_CBC_SHA
- *      TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_RSA_PSK_WITH_AES_128_CBC_SHA
- *      TLS_PSK_WITH_AES_256_GCM_SHA384
- *      TLS_PSK_WITH_AES_256_CBC_SHA384
- *      TLS_PSK_WITH_AES_256_CBC_SHA
- *      TLS_PSK_WITH_AES_128_GCM_SHA256
- *      TLS_PSK_WITH_AES_128_CBC_SHA256
- *      TLS_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA
  *
  * PEM_PARSE uses AES for decrypting encrypted keys.
  */
-#define POLARSSL_AES_C
+#define MBEDTLS_AES_C
 
 /**
- * \def POLARSSL_ARC4_C
+ * \def MBEDTLS_ARC4_C
  *
  * Enable the ARCFOUR stream cipher.
  *
@@ -1406,21 +1406,21 @@
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_ECDSA_WITH_RC4_128_SHA
- *      TLS_ECDH_RSA_WITH_RC4_128_SHA
- *      TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- *      TLS_ECDHE_RSA_WITH_RC4_128_SHA
- *      TLS_ECDHE_PSK_WITH_RC4_128_SHA
- *      TLS_DHE_PSK_WITH_RC4_128_SHA
- *      TLS_RSA_WITH_RC4_128_SHA
- *      TLS_RSA_WITH_RC4_128_MD5
- *      TLS_RSA_PSK_WITH_RC4_128_SHA
- *      TLS_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
+ *      MBEDTLS_TLS_RSA_PSK_WITH_RC4_128_SHA
+ *      MBEDTLS_TLS_PSK_WITH_RC4_128_SHA
  */
-#define POLARSSL_ARC4_C
+#define MBEDTLS_ARC4_C
 
 /**
- * \def POLARSSL_ASN1_PARSE_C
+ * \def MBEDTLS_ASN1_PARSE_C
  *
  * Enable the generic ASN1 parser.
  *
@@ -1431,10 +1431,10 @@
  *          library/pkcs5.c
  *          library/pkparse.c
  */
-#define POLARSSL_ASN1_PARSE_C
+#define MBEDTLS_ASN1_PARSE_C
 
 /**
- * \def POLARSSL_ASN1_WRITE_C
+ * \def MBEDTLS_ASN1_WRITE_C
  *
  * Enable the generic ASN1 writer.
  *
@@ -1443,12 +1443,12 @@
  *          library/pkwrite.c
  *          library/x509_create.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  */
-#define POLARSSL_ASN1_WRITE_C
+#define MBEDTLS_ASN1_WRITE_C
 
 /**
- * \def POLARSSL_BASE64_C
+ * \def MBEDTLS_BASE64_C
  *
  * Enable the Base64 module.
  *
@@ -1457,10 +1457,10 @@
  *
  * This module is required for PEM support (required by X.509).
  */
-#define POLARSSL_BASE64_C
+#define MBEDTLS_BASE64_C
 
 /**
- * \def POLARSSL_BIGNUM_C
+ * \def MBEDTLS_BIGNUM_C
  *
  * Enable the multi-precision integer library.
  *
@@ -1473,19 +1473,19 @@
  *
  * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
  */
-#define POLARSSL_BIGNUM_C
+#define MBEDTLS_BIGNUM_C
 
 /**
- * \def POLARSSL_BLOWFISH_C
+ * \def MBEDTLS_BLOWFISH_C
  *
  * Enable the Blowfish block cipher.
  *
  * Module:  library/blowfish.c
  */
-#define POLARSSL_BLOWFISH_C
+#define MBEDTLS_BLOWFISH_C
 
 /**
- * \def POLARSSL_CAMELLIA_C
+ * \def MBEDTLS_CAMELLIA_C
  *
  * Enable the Camellia block cipher.
  *
@@ -1494,67 +1494,67 @@
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
- *      TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
- *      TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
- *      TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
- *      TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
- *      TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
- *      TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256
+ *      MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256
  */
-#define POLARSSL_CAMELLIA_C
+#define MBEDTLS_CAMELLIA_C
 
 /**
- * \def POLARSSL_CCM_C
+ * \def MBEDTLS_CCM_C
  *
  * Enable the Counter with CBC-MAC (CCM) mode for 128-bit block cipher.
  *
  * Module:  library/ccm.c
  *
- * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
  *
  * This module enables the AES-CCM ciphersuites, if other requisites are
  * enabled as well.
  */
-#define POLARSSL_CCM_C
+#define MBEDTLS_CCM_C
 
 /**
- * \def POLARSSL_CERTS_C
+ * \def MBEDTLS_CERTS_C
  *
  * Enable the test certificates.
  *
@@ -1563,10 +1563,10 @@
  *
  * This module is used for testing (ssl_client/server).
  */
-#define POLARSSL_CERTS_C
+#define MBEDTLS_CERTS_C
 
 /**
- * \def POLARSSL_CIPHER_C
+ * \def MBEDTLS_CIPHER_C
  *
  * Enable the generic cipher layer.
  *
@@ -1575,24 +1575,24 @@
  *
  * Uncomment to enable generic cipher wrappers.
  */
-#define POLARSSL_CIPHER_C
+#define MBEDTLS_CIPHER_C
 
 /**
- * \def POLARSSL_CTR_DRBG_C
+ * \def MBEDTLS_CTR_DRBG_C
  *
  * Enable the CTR_DRBG AES-256-based random generator.
  *
  * Module:  library/ctr_drbg.c
  * Caller:
  *
- * Requires: POLARSSL_AES_C
+ * Requires: MBEDTLS_AES_C
  *
  * This module provides the CTR_DRBG AES-256 random number generator.
  */
-#define POLARSSL_CTR_DRBG_C
+#define MBEDTLS_CTR_DRBG_C
 
 /**
- * \def POLARSSL_DEBUG_C
+ * \def MBEDTLS_DEBUG_C
  *
  * Enable the debug functions.
  *
@@ -1603,10 +1603,10 @@
  *
  * This module provides debugging functions.
  */
-#define POLARSSL_DEBUG_C
+#define MBEDTLS_DEBUG_C
 
 /**
- * \def POLARSSL_DES_C
+ * \def MBEDTLS_DES_C
  *
  * Enable the DES block cipher.
  *
@@ -1616,23 +1616,23 @@
  *
  * This module enables the following ciphersuites (if other requisites are
  * enabled as well):
- *      TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_RSA_WITH_3DES_EDE_CBC_SHA
- *      TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
- *      TLS_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_DHE_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA
+ *      MBEDTLS_TLS_PSK_WITH_3DES_EDE_CBC_SHA
  *
  * PEM_PARSE uses DES/3DES for decrypting encrypted keys.
  */
-#define POLARSSL_DES_C
+#define MBEDTLS_DES_C
 
 /**
- * \def POLARSSL_DHM_C
+ * \def MBEDTLS_DHM_C
  *
  * Enable the Diffie-Hellman-Merkle module.
  *
@@ -1643,10 +1643,10 @@
  * This module is used by the following key exchanges:
  *      DHE-RSA, DHE-PSK
  */
-#define POLARSSL_DHM_C
+#define MBEDTLS_DHM_C
 
 /**
- * \def POLARSSL_ECDH_C
+ * \def MBEDTLS_ECDH_C
  *
  * Enable the elliptic curve Diffie-Hellman library.
  *
@@ -1657,12 +1657,12 @@
  * This module is used by the following key exchanges:
  *      ECDHE-ECDSA, ECDHE-RSA, DHE-PSK
  *
- * Requires: POLARSSL_ECP_C
+ * Requires: MBEDTLS_ECP_C
  */
-#define POLARSSL_ECDH_C
+#define MBEDTLS_ECDH_C
 
 /**
- * \def POLARSSL_ECDSA_C
+ * \def MBEDTLS_ECDSA_C
  *
  * Enable the elliptic curve DSA library.
  *
@@ -1672,12 +1672,12 @@
  * This module is used by the following key exchanges:
  *      ECDHE-ECDSA
  *
- * Requires: POLARSSL_ECP_C, POLARSSL_ASN1_WRITE_C, POLARSSL_ASN1_PARSE_C
+ * Requires: MBEDTLS_ECP_C, MBEDTLS_ASN1_WRITE_C, MBEDTLS_ASN1_PARSE_C
  */
-#define POLARSSL_ECDSA_C
+#define MBEDTLS_ECDSA_C
 
 /**
- * \def POLARSSL_ECP_C
+ * \def MBEDTLS_ECP_C
  *
  * Enable the elliptic curve over GF(p) library.
  *
@@ -1685,52 +1685,52 @@
  * Caller:  library/ecdh.c
  *          library/ecdsa.c
  *
- * Requires: POLARSSL_BIGNUM_C and at least one POLARSSL_ECP_DP_XXX_ENABLED
+ * Requires: MBEDTLS_BIGNUM_C and at least one MBEDTLS_ECP_DP_XXX_ENABLED
  */
-#define POLARSSL_ECP_C
+#define MBEDTLS_ECP_C
 
 /**
- * \def POLARSSL_ENTROPY_C
+ * \def MBEDTLS_ENTROPY_C
  *
  * Enable the platform-specific entropy code.
  *
  * Module:  library/entropy.c
  * Caller:
  *
- * Requires: POLARSSL_SHA512_C or POLARSSL_SHA256_C
+ * Requires: MBEDTLS_SHA512_C or MBEDTLS_SHA256_C
  *
  * This module provides a generic entropy pool
  */
-#define POLARSSL_ENTROPY_C
+#define MBEDTLS_ENTROPY_C
 
 /**
- * \def POLARSSL_ERROR_C
+ * \def MBEDTLS_ERROR_C
  *
  * Enable error code to error string conversion.
  *
  * Module:  library/error.c
  * Caller:
  *
- * This module enables polarssl_strerror().
+ * This module enables mbedtls_strerror().
  */
-#define POLARSSL_ERROR_C
+#define MBEDTLS_ERROR_C
 
 /**
- * \def POLARSSL_GCM_C
+ * \def MBEDTLS_GCM_C
  *
  * Enable the Galois/Counter Mode (GCM) for AES.
  *
  * Module:  library/gcm.c
  *
- * Requires: POLARSSL_AES_C or POLARSSL_CAMELLIA_C
+ * Requires: MBEDTLS_AES_C or MBEDTLS_CAMELLIA_C
  *
  * This module enables the AES-GCM and CAMELLIA-GCM ciphersuites, if other
  * requisites are enabled as well.
  */
-#define POLARSSL_GCM_C
+#define MBEDTLS_GCM_C
 
 /**
- * \def POLARSSL_HAVEGE_C
+ * \def MBEDTLS_HAVEGE_C
  *
  * Enable the HAVEGE random generator.
  *
@@ -1746,79 +1746,79 @@
  * Module:  library/havege.c
  * Caller:
  *
- * Requires: POLARSSL_TIMING_C
+ * Requires: MBEDTLS_TIMING_C
  *
  * Uncomment to enable the HAVEGE random generator.
  */
-//#define POLARSSL_HAVEGE_C
+//#define MBEDTLS_HAVEGE_C
 
 /**
- * \def POLARSSL_HMAC_DRBG_C
+ * \def MBEDTLS_HMAC_DRBG_C
  *
  * Enable the HMAC_DRBG random generator.
  *
  * Module:  library/hmac_drbg.c
  * Caller:
  *
- * Requires: POLARSSL_MD_C
+ * Requires: MBEDTLS_MD_C
  *
  * Uncomment to enable the HMAC_DRBG random number geerator.
  */
-#define POLARSSL_HMAC_DRBG_C
+#define MBEDTLS_HMAC_DRBG_C
 
 /**
- * \def POLARSSL_MD_C
+ * \def MBEDTLS_MD_C
  *
  * Enable the generic message digest layer.
  *
- * Module:  library/md.c
+ * Module:  library/mbedtls_md.c
  * Caller:
  *
  * Uncomment to enable generic message digest wrappers.
  */
-#define POLARSSL_MD_C
+#define MBEDTLS_MD_C
 
 /**
- * \def POLARSSL_MD2_C
+ * \def MBEDTLS_MD2_C
  *
  * Enable the MD2 hash algorithm.
  *
- * Module:  library/md2.c
+ * Module:  library/mbedtls_md2.c
  * Caller:
  *
  * Uncomment to enable support for (rare) MD2-signed X.509 certs.
  */
-//#define POLARSSL_MD2_C
+//#define MBEDTLS_MD2_C
 
 /**
- * \def POLARSSL_MD4_C
+ * \def MBEDTLS_MD4_C
  *
  * Enable the MD4 hash algorithm.
  *
- * Module:  library/md4.c
+ * Module:  library/mbedtls_md4.c
  * Caller:
  *
  * Uncomment to enable support for (rare) MD4-signed X.509 certs.
  */
-//#define POLARSSL_MD4_C
+//#define MBEDTLS_MD4_C
 
 /**
- * \def POLARSSL_MD5_C
+ * \def MBEDTLS_MD5_C
  *
  * Enable the MD5 hash algorithm.
  *
- * Module:  library/md5.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_md5.c
+ * Caller:  library/mbedtls_md.c
  *          library/pem.c
  *          library/ssl_tls.c
  *
  * This module is required for SSL/TLS and X.509.
  * PEM_PARSE uses MD5 for decrypting encrypted keys.
  */
-#define POLARSSL_MD5_C
+#define MBEDTLS_MD5_C
 
 /**
- * \def POLARSSL_MEMORY_BUFFER_ALLOC_C
+ * \def MBEDTLS_MEMORY_BUFFER_ALLOC_C
  *
  * Enable the buffer allocator implementation that makes use of a (stack)
  * based buffer to 'allocate' dynamic memory. (replaces malloc() and free()
@@ -1826,15 +1826,15 @@
  *
  * Module:  library/memory_buffer_alloc.c
  *
- * Requires: POLARSSL_PLATFORM_C
- *           POLARSSL_PLATFORM_MEMORY (to use it within mbed TLS)
+ * Requires: MBEDTLS_PLATFORM_C
+ *           MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
  *
  * Enable this module to enable the buffer memory allocator.
  */
-//#define POLARSSL_MEMORY_BUFFER_ALLOC_C
+//#define MBEDTLS_MEMORY_BUFFER_ALLOC_C
 
 /**
- * \def POLARSSL_NET_C
+ * \def MBEDTLS_NET_C
  *
  * Enable the TCP/IP networking routines.
  *
@@ -1842,10 +1842,10 @@
  *
  * This module provides TCP/IP networking routines.
  */
-#define POLARSSL_NET_C
+#define MBEDTLS_NET_C
 
 /**
- * \def POLARSSL_OID_C
+ * \def MBEDTLS_OID_C
  *
  * Enable the OID database.
  *
@@ -1857,66 +1857,66 @@
  *          library/rsa.c
  *          library/x509.c
  *          library/x509_create.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  *
  * This modules translates between OIDs and internal values.
  */
-#define POLARSSL_OID_C
+#define MBEDTLS_OID_C
 
 /**
- * \def POLARSSL_PADLOCK_C
+ * \def MBEDTLS_PADLOCK_C
  *
  * Enable VIA Padlock support on x86.
  *
  * Module:  library/padlock.c
  * Caller:  library/aes.c
  *
- * Requires: POLARSSL_HAVE_ASM
+ * Requires: MBEDTLS_HAVE_ASM
  *
  * This modules adds support for the VIA PadLock on x86.
  */
-#define POLARSSL_PADLOCK_C
+#define MBEDTLS_PADLOCK_C
 
 /**
- * \def POLARSSL_PEM_PARSE_C
+ * \def MBEDTLS_PEM_PARSE_C
  *
  * Enable PEM decoding / parsing.
  *
  * Module:  library/pem.c
  * Caller:  library/dhm.c
  *          library/pkparse.c
- *          library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ *          library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
- * Requires: POLARSSL_BASE64_C
+ * Requires: MBEDTLS_BASE64_C
  *
  * This modules adds support for decoding / parsing PEM files.
  */
-#define POLARSSL_PEM_PARSE_C
+#define MBEDTLS_PEM_PARSE_C
 
 /**
- * \def POLARSSL_PEM_WRITE_C
+ * \def MBEDTLS_PEM_WRITE_C
  *
  * Enable PEM encoding / writing.
  *
  * Module:  library/pem.c
  * Caller:  library/pkwrite.c
  *          library/x509write_crt.c
- *          library/x509write_csr.c
+ *          library/mbedtls_x509write_csr.c
  *
- * Requires: POLARSSL_BASE64_C
+ * Requires: MBEDTLS_BASE64_C
  *
  * This modules adds support for encoding / writing PEM files.
  */
-#define POLARSSL_PEM_WRITE_C
+#define MBEDTLS_PEM_WRITE_C
 
 /**
- * \def POLARSSL_PK_C
+ * \def MBEDTLS_PK_C
  *
  * Enable the generic public (asymetric) key layer.
  *
@@ -1925,71 +1925,71 @@
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
- * Requires: POLARSSL_RSA_C or POLARSSL_ECP_C
+ * Requires: MBEDTLS_RSA_C or MBEDTLS_ECP_C
  *
  * Uncomment to enable generic public key wrappers.
  */
-#define POLARSSL_PK_C
+#define MBEDTLS_PK_C
 
 /**
- * \def POLARSSL_PK_PARSE_C
+ * \def MBEDTLS_PK_PARSE_C
  *
  * Enable the generic public (asymetric) key parser.
  *
  * Module:  library/pkparse.c
- * Caller:  library/x509_crt.c
- *          library/x509_csr.c
+ * Caller:  library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
- * Requires: POLARSSL_PK_C
+ * Requires: MBEDTLS_PK_C
  *
  * Uncomment to enable generic public key parse functions.
  */
-#define POLARSSL_PK_PARSE_C
+#define MBEDTLS_PK_PARSE_C
 
 /**
- * \def POLARSSL_PK_WRITE_C
+ * \def MBEDTLS_PK_WRITE_C
  *
  * Enable the generic public (asymetric) key writer.
  *
  * Module:  library/pkwrite.c
  * Caller:  library/x509write.c
  *
- * Requires: POLARSSL_PK_C
+ * Requires: MBEDTLS_PK_C
  *
  * Uncomment to enable generic public key write functions.
  */
-#define POLARSSL_PK_WRITE_C
+#define MBEDTLS_PK_WRITE_C
 
 /**
- * \def POLARSSL_PKCS5_C
+ * \def MBEDTLS_PKCS5_C
  *
  * Enable PKCS#5 functions.
  *
  * Module:  library/pkcs5.c
  *
- * Requires: POLARSSL_MD_C
+ * Requires: MBEDTLS_MD_C
  *
  * This module adds support for the PKCS#5 functions.
  */
-#define POLARSSL_PKCS5_C
+#define MBEDTLS_PKCS5_C
 
 /**
- * \def POLARSSL_PKCS11_C
+ * \def MBEDTLS_PKCS11_C
  *
  * Enable wrapper for PKCS#11 smartcard support.
  *
  * Module:  library/pkcs11.c
  * Caller:  library/pk.c
  *
- * Requires: POLARSSL_PK_C
+ * Requires: MBEDTLS_PK_C
  *
  * This module enables SSL/TLS PKCS #11 smartcard support.
  * Requires the presence of the PKCS#11 helper library (libpkcs11-helper)
  */
-//#define POLARSSL_PKCS11_C
+//#define MBEDTLS_PKCS11_C
 
 /**
- * \def POLARSSL_PKCS12_C
+ * \def MBEDTLS_PKCS12_C
  *
  * Enable PKCS#12 PBE functions.
  * Adds algorithms for parsing PKCS#8 encrypted private keys
@@ -1997,21 +1997,21 @@
  * Module:  library/pkcs12.c
  * Caller:  library/pkparse.c
  *
- * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_CIPHER_C, POLARSSL_MD_C
- * Can use:  POLARSSL_ARC4_C
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ * Can use:  MBEDTLS_ARC4_C
  *
  * This module enables PKCS#12 functions.
  */
-#define POLARSSL_PKCS12_C
+#define MBEDTLS_PKCS12_C
 
 /**
- * \def POLARSSL_PLATFORM_C
+ * \def MBEDTLS_PLATFORM_C
  *
  * Enable the platform abstraction layer that allows you to re-assign
  * functions like malloc(), free(), snprintf(), printf(), fprintf(), exit()
  *
- * Enabling POLARSSL_PLATFORM_C enables to use of POLARSSL_PLATFORM_XXX_ALT
- * or POLARSSL_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
+ * Enabling MBEDTLS_PLATFORM_C enables to use of MBEDTLS_PLATFORM_XXX_ALT
+ * or MBEDTLS_PLATFORM_XXX_MACRO directives, allowing the functions mentioned
  * above to be specified at runtime or compile time respectively.
  *
  * Module:  library/platform.c
@@ -2019,21 +2019,21 @@
  *
  * This module enables abstraction of common (libc) functions.
  */
-#define POLARSSL_PLATFORM_C
+#define MBEDTLS_PLATFORM_C
 
 /**
- * \def POLARSSL_RIPEMD160_C
+ * \def MBEDTLS_RIPEMD160_C
  *
  * Enable the RIPEMD-160 hash algorithm.
  *
- * Module:  library/ripemd160.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_ripemd160.c
+ * Caller:  library/mbedtls_md.c
  *
  */
-#define POLARSSL_RIPEMD160_C
+#define MBEDTLS_RIPEMD160_C
 
 /**
- * \def POLARSSL_RSA_C
+ * \def MBEDTLS_RSA_C
  *
  * Enable the RSA public-key cryptosystem.
  *
@@ -2046,17 +2046,17 @@
  * This module is used by the following key exchanges:
  *      RSA, DHE-RSA, ECDHE-RSA, RSA-PSK
  *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C
  */
-#define POLARSSL_RSA_C
+#define MBEDTLS_RSA_C
 
 /**
- * \def POLARSSL_SHA1_C
+ * \def MBEDTLS_SHA1_C
  *
  * Enable the SHA1 cryptographic hash algorithm.
  *
- * Module:  library/sha1.c
- * Caller:  library/md.c
+ * Module:  library/mbedtls_sha1.c
+ * Caller:  library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2064,16 +2064,16 @@
  *
  * This module is required for SSL/TLS and SHA1-signed certificates.
  */
-#define POLARSSL_SHA1_C
+#define MBEDTLS_SHA1_C
 
 /**
- * \def POLARSSL_SHA256_C
+ * \def MBEDTLS_SHA256_C
  *
  * Enable the SHA-224 and SHA-256 cryptographic hash algorithms.
  *
- * Module:  library/sha256.c
+ * Module:  library/mbedtls_sha256.c
  * Caller:  library/entropy.c
- *          library/md.c
+ *          library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
@@ -2081,77 +2081,77 @@
  * This module adds support for SHA-224 and SHA-256.
  * This module is required for the SSL/TLS 1.2 PRF function.
  */
-#define POLARSSL_SHA256_C
+#define MBEDTLS_SHA256_C
 
 /**
- * \def POLARSSL_SHA512_C
+ * \def MBEDTLS_SHA512_C
  *
  * Enable the SHA-384 and SHA-512 cryptographic hash algorithms.
  *
- * Module:  library/sha512.c
+ * Module:  library/mbedtls_sha512.c
  * Caller:  library/entropy.c
- *          library/md.c
+ *          library/mbedtls_md.c
  *          library/ssl_cli.c
  *          library/ssl_srv.c
  *
  * This module adds support for SHA-384 and SHA-512.
  */
-#define POLARSSL_SHA512_C
+#define MBEDTLS_SHA512_C
 
 /**
- * \def POLARSSL_SSL_CACHE_C
+ * \def MBEDTLS_SSL_CACHE_C
  *
  * Enable simple SSL cache implementation.
  *
  * Module:  library/ssl_cache.c
  * Caller:
  *
- * Requires: POLARSSL_SSL_CACHE_C
+ * Requires: MBEDTLS_SSL_CACHE_C
  */
-#define POLARSSL_SSL_CACHE_C
+#define MBEDTLS_SSL_CACHE_C
 
 /**
- * \def POLARSSL_SSL_COOKIE_C
+ * \def MBEDTLS_SSL_COOKIE_C
  *
  * Enable basic implementation of DTLS cookies for hello verification.
  *
  * Module:  library/ssl_cookie.c
  * Caller:
  *
- * Requires: POLARSSL_SSL_DTLS_HELLO_VERIFY
+ * Requires: MBEDTLS_SSL_DTLS_HELLO_VERIFY
  */
-#define POLARSSL_SSL_COOKIE_C
+#define MBEDTLS_SSL_COOKIE_C
 
 /**
- * \def POLARSSL_SSL_CLI_C
+ * \def MBEDTLS_SSL_CLI_C
  *
  * Enable the SSL/TLS client code.
  *
  * Module:  library/ssl_cli.c
  * Caller:
  *
- * Requires: POLARSSL_SSL_TLS_C
+ * Requires: MBEDTLS_SSL_TLS_C
  *
  * This module is required for SSL/TLS client support.
  */
-#define POLARSSL_SSL_CLI_C
+#define MBEDTLS_SSL_CLI_C
 
 /**
- * \def POLARSSL_SSL_SRV_C
+ * \def MBEDTLS_SSL_SRV_C
  *
  * Enable the SSL/TLS server code.
  *
  * Module:  library/ssl_srv.c
  * Caller:
  *
- * Requires: POLARSSL_SSL_TLS_C
+ * Requires: MBEDTLS_SSL_TLS_C
  *
  * This module is required for SSL/TLS server support.
  */
-#define POLARSSL_SSL_SRV_C
+#define MBEDTLS_SSL_SRV_C
 
 /**
- * \def POLARSSL_SSL_TLS_C
+ * \def MBEDTLS_SSL_TLS_C
  *
  * Enable the generic SSL/TLS code.
  *
@@ -2159,15 +2159,15 @@
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *
- * Requires: POLARSSL_CIPHER_C, POLARSSL_MD_C
- *           and at least one of the POLARSSL_SSL_PROTO_XXX defines
+ * Requires: MBEDTLS_CIPHER_C, MBEDTLS_MD_C
+ *           and at least one of the MBEDTLS_SSL_PROTO_XXX defines
  *
  * This module is required for SSL/TLS.
  */
-#define POLARSSL_SSL_TLS_C
+#define MBEDTLS_SSL_TLS_C
 
 /**
- * \def POLARSSL_THREADING_C
+ * \def MBEDTLS_THREADING_C
  *
  * Enable the threading abstraction layer.
  * By default mbed TLS assumes it is used in a non-threaded environment or that
@@ -2180,15 +2180,15 @@
  * This allows different threading implementations (self-implemented or
  * provided).
  *
- * You will have to enable either POLARSSL_THREADING_ALT or
- * POLARSSL_THREADING_PTHREAD.
+ * You will have to enable either MBEDTLS_THREADING_ALT or
+ * MBEDTLS_THREADING_PTHREAD.
  *
  * Enable this layer to allow use of mutexes within mbed TLS
  */
-//#define POLARSSL_THREADING_C
+//#define MBEDTLS_THREADING_C
 
 /**
- * \def POLARSSL_TIMING_C
+ * \def MBEDTLS_TIMING_C
  *
  * Enable the portable timing interface.
  *
@@ -2197,10 +2197,10 @@
  *
  * This module is used by the HAVEGE random number generator.
  */
-#define POLARSSL_TIMING_C
+#define MBEDTLS_TIMING_C
 
 /**
- * \def POLARSSL_VERSION_C
+ * \def MBEDTLS_VERSION_C
  *
  * Enable run-time version information.
  *
@@ -2208,117 +2208,117 @@
  *
  * This module provides run-time version information.
  */
-#define POLARSSL_VERSION_C
+#define MBEDTLS_VERSION_C
 
 /**
- * \def POLARSSL_X509_USE_C
+ * \def MBEDTLS_X509_USE_C
  *
  * Enable X.509 core for using certificates.
  *
  * Module:  library/x509.c
- * Caller:  library/x509_crl.c
- *          library/x509_crt.c
- *          library/x509_csr.c
+ * Caller:  library/mbedtls_x509_crl.c
+ *          library/mbedtls_x509_crt.c
+ *          library/mbedtls_x509_csr.c
  *
- * Requires: POLARSSL_ASN1_PARSE_C, POLARSSL_BIGNUM_C, POLARSSL_OID_C,
- *           POLARSSL_PK_PARSE_C
+ * Requires: MBEDTLS_ASN1_PARSE_C, MBEDTLS_BIGNUM_C, MBEDTLS_OID_C,
+ *           MBEDTLS_PK_PARSE_C
  *
  * This module is required for the X.509 parsing modules.
  */
-#define POLARSSL_X509_USE_C
+#define MBEDTLS_X509_USE_C
 
 /**
- * \def POLARSSL_X509_CRT_PARSE_C
+ * \def MBEDTLS_X509_CRT_PARSE_C
  *
  * Enable X.509 certificate parsing.
  *
- * Module:  library/x509_crt.c
+ * Module:  library/mbedtls_x509_crt.c
  * Caller:  library/ssl_cli.c
  *          library/ssl_srv.c
  *          library/ssl_tls.c
  *
- * Requires: POLARSSL_X509_USE_C
+ * Requires: MBEDTLS_X509_USE_C
  *
  * This module is required for X.509 certificate parsing.
  */
-#define POLARSSL_X509_CRT_PARSE_C
+#define MBEDTLS_X509_CRT_PARSE_C
 
 /**
- * \def POLARSSL_X509_CRL_PARSE_C
+ * \def MBEDTLS_X509_CRL_PARSE_C
  *
  * Enable X.509 CRL parsing.
  *
- * Module:  library/x509_crl.c
- * Caller:  library/x509_crt.c
+ * Module:  library/mbedtls_x509_crl.c
+ * Caller:  library/mbedtls_x509_crt.c
  *
- * Requires: POLARSSL_X509_USE_C
+ * Requires: MBEDTLS_X509_USE_C
  *
  * This module is required for X.509 CRL parsing.
  */
-#define POLARSSL_X509_CRL_PARSE_C
+#define MBEDTLS_X509_CRL_PARSE_C
 
 /**
- * \def POLARSSL_X509_CSR_PARSE_C
+ * \def MBEDTLS_X509_CSR_PARSE_C
  *
  * Enable X.509 Certificate Signing Request (CSR) parsing.
  *
- * Module:  library/x509_csr.c
+ * Module:  library/mbedtls_x509_csr.c
  * Caller:  library/x509_crt_write.c
  *
- * Requires: POLARSSL_X509_USE_C
+ * Requires: MBEDTLS_X509_USE_C
  *
  * This module is used for reading X.509 certificate request.
  */
-#define POLARSSL_X509_CSR_PARSE_C
+#define MBEDTLS_X509_CSR_PARSE_C
 
 /**
- * \def POLARSSL_X509_CREATE_C
+ * \def MBEDTLS_X509_CREATE_C
  *
  * Enable X.509 core for creating certificates.
  *
  * Module:  library/x509_create.c
  *
- * Requires: POLARSSL_BIGNUM_C, POLARSSL_OID_C, POLARSSL_PK_WRITE_C
+ * Requires: MBEDTLS_BIGNUM_C, MBEDTLS_OID_C, MBEDTLS_PK_WRITE_C
  *
  * This module is the basis for creating X.509 certificates and CSRs.
  */
-#define POLARSSL_X509_CREATE_C
+#define MBEDTLS_X509_CREATE_C
 
 /**
- * \def POLARSSL_X509_CRT_WRITE_C
+ * \def MBEDTLS_X509_CRT_WRITE_C
  *
  * Enable creating X.509 certificates.
  *
  * Module:  library/x509_crt_write.c
  *
- * Requires: POLARSSL_X509_CREATE_C
+ * Requires: MBEDTLS_X509_CREATE_C
  *
  * This module is required for X.509 certificate creation.
  */
-#define POLARSSL_X509_CRT_WRITE_C
+#define MBEDTLS_X509_CRT_WRITE_C
 
 /**
- * \def POLARSSL_X509_CSR_WRITE_C
+ * \def MBEDTLS_X509_CSR_WRITE_C
  *
  * Enable creating X.509 Certificate Signing Requests (CSR).
  *
  * Module:  library/x509_csr_write.c
  *
- * Requires: POLARSSL_X509_CREATE_C
+ * Requires: MBEDTLS_X509_CREATE_C
  *
  * This module is required for X.509 certificate request writing.
  */
-#define POLARSSL_X509_CSR_WRITE_C
+#define MBEDTLS_X509_CSR_WRITE_C
 
 /**
- * \def POLARSSL_XTEA_C
+ * \def MBEDTLS_XTEA_C
  *
  * Enable the XTEA block cipher.
  *
  * Module:  library/xtea.c
  * Caller:
  */
-#define POLARSSL_XTEA_C
+#define MBEDTLS_XTEA_C
 
 /* \} name SECTION: mbed TLS modules */
 
@@ -2338,61 +2338,61 @@
  */
 
 /* MPI / BIGNUM options */
-//#define POLARSSL_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
-//#define POLARSSL_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
+//#define MBEDTLS_MPI_WINDOW_SIZE            6 /**< Maximum windows size used. */
+//#define MBEDTLS_MPI_MAX_SIZE            1024 /**< Maximum number of bytes for usable MPIs. */
 
 /* CTR_DRBG options */
-//#define CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
-//#define CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
-//#define CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
-//#define CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
-//#define CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48 /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+//#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
 
 /* HMAC_DRBG options */
-//#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
-//#define POLARSSL_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
-//#define POLARSSL_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
-//#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
+//#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
+//#define MBEDTLS_HMAC_DRBG_MAX_INPUT           256 /**< Maximum number of additional input bytes */
+//#define MBEDTLS_HMAC_DRBG_MAX_REQUEST        1024 /**< Maximum number of requested bytes per call */
+//#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT      384 /**< Maximum size of (re)seed buffer */
 
 /* ECP options */
-//#define POLARSSL_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
-//#define POLARSSL_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
-//#define POLARSSL_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
+//#define MBEDTLS_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
+//#define MBEDTLS_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+//#define MBEDTLS_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
 
 /* Entropy options */
-//#define ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
-//#define ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
+//#define MBEDTLS_ENTROPY_MAX_SOURCES                20 /**< Maximum number of sources supported */
+//#define MBEDTLS_ENTROPY_MAX_GATHER                128 /**< Maximum amount requested from entropy sources */
 
 /* Memory buffer allocator options */
-//#define POLARSSL_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
+//#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4 /**< Align on multiples of this value */
 
 /* Platform options */
-//#define POLARSSL_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if POLARSSL_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define POLARSSL_PLATFORM_STD_MALLOC        malloc /**< Default allocator to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-//#define POLARSSL_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_MALLOC        malloc /**< Default allocator to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FREE            free /**< Default free to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_EXIT            exit /**< Default exit to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
+//#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
 
-/* To Use Function Macros POLARSSL_PLATFORM_C must be enabled */
-/* POLARSSL_PLATFORM_XXX_MACRO and POLARSSL_PLATFORM_XXX_ALT cannot both be defined */
-//#define POLARSSL_PLATFORM_MALLOC_MACRO        malloc /**< Default allocator macro to use, can be undefined */
-//#define POLARSSL_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
-//#define POLARSSL_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
-//#define POLARSSL_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
-//#define POLARSSL_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-//#define POLARSSL_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
+/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+//#define MBEDTLS_PLATFORM_MALLOC_MACRO        malloc /**< Default allocator macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FREE_MACRO            free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_EXIT_MACRO            exit /**< Default exit macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
 
 /* SSL Cache options */
-//#define SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
-//#define SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400 /**< 1 day  */
+//#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50 /**< Maximum entries in cache */
 
 /* SSL options */
-//#define SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
-//#define SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
-//#define POLARSSL_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
-//#define POLARSSL_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+//#define MBEDTLS_SSL_MAX_CONTENT_LEN             16384 /**< Size of the input / output buffer */
+//#define MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME     86400 /**< Lifetime of session tickets (if enabled) */
+//#define MBEDTLS_PSK_MAX_LEN               32 /**< Max size of TLS pre-shared keys, in bytes (default 256 bits) */
+//#define MBEDTLS_SSL_COOKIE_TIMEOUT        60 /**< Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
 
 /**
  * Complete list of ciphersuites to use, in order of preference.
@@ -2406,16 +2406,16 @@
  *
  * The value below is only an example, not the default.
  */
-//#define SSL_CIPHERSUITES TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 
 /* Debug options */
-//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
+//#define MBEDTLS_DEBUG_DFL_MODE MBEDTLS_DEBUG_LOG_FULL /**< Default log: Full or Raw */
 
 /* X509 options */
-//#define POLARSSL_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
+//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8   /**< Maximum number of intermediate CAs in a verification chain. */
 
 /* \} name SECTION: Module configuration options */
 
 #include "check_config.h"
 
-#endif /* POLARSSL_CONFIG_H */
+#endif /* MBEDTLS_CONFIG_H */
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index ebab55f..f32ae80 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -21,20 +21,20 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_CTR_DRBG_H
-#define POLARSSL_CTR_DRBG_H
+#ifndef MBEDTLS_CTR_DRBG_H
+#define MBEDTLS_CTR_DRBG_H
 
 #include "aes.h"
 
-#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
-#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
-#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
-#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034  /**< The entropy source failed. */
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A  /**< Read/write error in file. */
 
-#define CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
-#define CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
-#define CTR_DRBG_KEYBITS            ( CTR_DRBG_KEYSIZE * 8 )
-#define CTR_DRBG_SEEDLEN            ( CTR_DRBG_KEYSIZE + CTR_DRBG_BLOCKSIZE )
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16      /**< Block size used by the cipher                  */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32      /**< Key size used by the cipher                    */
+#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 )
+#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE )
                                             /**< The seed length (counter + AES key)            */
 
 /**
@@ -45,34 +45,34 @@
  * \{
  */
 
-#if !defined(CTR_DRBG_ENTROPY_LEN)
-#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
-#define CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
 #else
-#define CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32      /**< Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
 #endif
 #endif
 
-#if !defined(CTR_DRBG_RESEED_INTERVAL)
-#define CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
+#if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000   /**< Interval before reseed is performed by default */
 #endif
 
-#if !defined(CTR_DRBG_MAX_INPUT)
-#define CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
+#if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_INPUT          256     /**< Maximum number of additional input bytes */
 #endif
 
-#if !defined(CTR_DRBG_MAX_REQUEST)
-#define CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
+#if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
+#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024    /**< Maximum number of requested bytes per call */
 #endif
 
-#if !defined(CTR_DRBG_MAX_SEED_INPUT)
-#define CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
+#if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384     /**< Maximum size of (re)seed buffer */
 #endif
 
 /* \} name SECTION: Module settings */
 
-#define CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
-#define CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
+#define MBEDTLS_CTR_DRBG_PR_OFF             0       /**< No prediction resistance       */
+#define MBEDTLS_CTR_DRBG_PR_ON              1       /**< Prediction resistance enabled  */
 
 #ifdef __cplusplus
 extern "C" {
@@ -91,7 +91,7 @@
                                       (re)seed          */
     int reseed_interval;        /*!<  reseed interval   */
 
-    aes_context aes_ctx;        /*!<  AES context       */
+    mbedtls_aes_context aes_ctx;        /*!<  AES context       */
 
     /*
      * Callbacks (Entropy)
@@ -100,7 +100,7 @@
 
     void *p_entropy;            /*!<  context for the entropy function */
 }
-ctr_drbg_context;
+mbedtls_ctr_drbg_context;
 
 /**
  * \brief               CTR_DRBG initialization
@@ -117,9 +117,9 @@
  * \param len           Length of personalization data
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
  */
-int ctr_drbg_init( ctr_drbg_context *ctx,
+int mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx,
                    int (*f_entropy)(void *, unsigned char *, size_t),
                    void *p_entropy,
                    const unsigned char *custom,
@@ -130,7 +130,7 @@
  *
  * \param ctx           CTR_DRBG context to clear
  */
-void ctr_drbg_free( ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
 
 /**
  * \brief               Enable / disable prediction resistance (Default: Off)
@@ -139,29 +139,29 @@
  *       Only use this if you have ample supply of good entropy!
  *
  * \param ctx           CTR_DRBG context
- * \param resistance    CTR_DRBG_PR_ON or CTR_DRBG_PR_OFF
+ * \param resistance    MBEDTLS_CTR_DRBG_PR_ON or MBEDTLS_CTR_DRBG_PR_OFF
  */
-void ctr_drbg_set_prediction_resistance( ctr_drbg_context *ctx,
+void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
                                          int resistance );
 
 /**
  * \brief               Set the amount of entropy grabbed on each (re)seed
- *                      (Default: CTR_DRBG_ENTROPY_LEN)
+ *                      (Default: MBEDTLS_CTR_DRBG_ENTROPY_LEN)
  *
  * \param ctx           CTR_DRBG context
  * \param len           Amount of entropy to grab
  */
-void ctr_drbg_set_entropy_len( ctr_drbg_context *ctx,
+void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
                                size_t len );
 
 /**
  * \brief               Set the reseed interval
- *                      (Default: CTR_DRBG_RESEED_INTERVAL)
+ *                      (Default: MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
  *
  * \param ctx           CTR_DRBG context
  * \param interval      Reseed interval
  */
-void ctr_drbg_set_reseed_interval( ctr_drbg_context *ctx,
+void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
                                    int interval );
 
 /**
@@ -172,9 +172,9 @@
  * \param len           Length of additional data
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
  */
-int ctr_drbg_reseed( ctr_drbg_context *ctx,
+int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
                      const unsigned char *additional, size_t len );
 
 /**
@@ -184,11 +184,11 @@
  * \param additional    Additional data to update state with
  * \param add_len       Length of additional data
  *
- * \note                If add_len is greater than CTR_DRBG_MAX_SEED_INPUT,
- *                      only the first CTR_DRBG_MAX_SEED_INPUT bytes are used,
+ * \note                If add_len is greater than MBEDTLS_CTR_DRBG_MAX_SEED_INPUT,
+ *                      only the first MBEDTLS_CTR_DRBG_MAX_SEED_INPUT bytes are used,
  *                      the remaining ones are silently discarded.
  */
-void ctr_drbg_update( ctr_drbg_context *ctx,
+void mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
                       const unsigned char *additional, size_t add_len );
 
 /**
@@ -203,10 +203,10 @@
  * \param add_len       Length of additional data
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
  */
-int ctr_drbg_random_with_add( void *p_rng,
+int mbedtls_ctr_drbg_random_with_add( void *p_rng,
                               unsigned char *output, size_t output_len,
                               const unsigned char *additional, size_t add_len );
 
@@ -220,13 +220,13 @@
  * \param output_len    Length of the buffer
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG
  */
-int ctr_drbg_random( void *p_rng,
+int mbedtls_ctr_drbg_random( void *p_rng,
                      unsigned char *output, size_t output_len );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /**
  * \brief               Write a seed file
  *
@@ -234,10 +234,10 @@
  * \param path          Name of the file
  *
  * \return              0 if successful,
- *                      POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
  */
-int ctr_drbg_write_seed_file( ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
 
 /**
  * \brief               Read and update a seed file. Seed is added to this
@@ -247,22 +247,22 @@
  * \param path          Name of the file
  *
  * \return              0 if successful,
- *                      POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
- *                      POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG
+ *                      MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG
  */
-int ctr_drbg_update_seed_file( ctr_drbg_context *ctx, const char *path );
-#endif /* POLARSSL_FS_IO */
+int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
 
 /**
  * \brief               Checkup routine
  *
  * \return              0 if successful, or 1 if the test failed
  */
-int ctr_drbg_self_test( int verbose );
+int mbedtls_ctr_drbg_self_test( int verbose );
 
 /* Internal functions (do not call directly) */
-int ctr_drbg_init_entropy_len( ctr_drbg_context *,
+int mbedtls_ctr_drbg_init_entropy_len( mbedtls_ctr_drbg_context *,
                                int (*)(void *, unsigned char *, size_t), void *,
                                const unsigned char *, size_t, size_t );
 
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 8a4da1c..36fdb04 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -21,25 +21,25 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_DEBUG_H
-#define POLARSSL_DEBUG_H
+#ifndef MBEDTLS_DEBUG_H
+#define MBEDTLS_DEBUG_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "ssl.h"
 
-#if defined(POLARSSL_ECP_C)
+#if defined(MBEDTLS_ECP_C)
 #include "ecp.h"
 #endif
 
-#if defined(POLARSSL_DEBUG_C)
+#if defined(MBEDTLS_DEBUG_C)
 
-#define POLARSSL_DEBUG_LOG_FULL         0 /**< Include file:line in log lines */
-#define POLARSSL_DEBUG_LOG_RAW          1 /**< Only log raw debug lines */
+#define MBEDTLS_DEBUG_LOG_FULL         0 /**< Include file:line in log lines */
+#define MBEDTLS_DEBUG_LOG_RAW          1 /**< Only log raw debug lines */
 
 /**
  * \name SECTION: Module settings
@@ -49,47 +49,47 @@
  * \{
  */
 
-#if !defined(POLARSSL_DEBUG_DFL_MODE)
-#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
+#if !defined(MBEDTLS_DEBUG_DFL_MODE)
+#define MBEDTLS_DEBUG_DFL_MODE MBEDTLS_DEBUG_LOG_FULL /**< Default log: Full or Raw */
 #endif
 
 /* \} name SECTION: Module settings */
 
 
-#define SSL_DEBUG_MSG( level, args )                    \
-    debug_print_msg( ssl, level, __FILE__, __LINE__, debug_fmt args );
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
+    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__, mbedtls_debug_fmt args );
 
-#define SSL_DEBUG_RET( level, text, ret )                \
-    debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
+    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret );
 
-#define SSL_DEBUG_BUF( level, text, buf, len )           \
-    debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
+    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len );
 
-#if defined(POLARSSL_BIGNUM_C)
-#define SSL_DEBUG_MPI( level, text, X )                  \
-    debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
+#if defined(MBEDTLS_BIGNUM_C)
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
+    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X );
 #endif
 
-#if defined(POLARSSL_ECP_C)
-#define SSL_DEBUG_ECP( level, text, X )                  \
-    debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
+#if defined(MBEDTLS_ECP_C)
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
+    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X );
 #endif
 
-#if defined(POLARSSL_X509_CRT_PARSE_C)
-#define SSL_DEBUG_CRT( level, text, crt )                \
-    debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
+    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt );
 #endif
 
-#else /* POLARSSL_DEBUG_C */
+#else /* MBEDTLS_DEBUG_C */
 
-#define SSL_DEBUG_MSG( level, args )            do { } while( 0 )
-#define SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
-#define SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
-#define SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
-#define SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
-#define SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
+#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
 
-#endif /* POLARSSL_DEBUG_C */
+#endif /* MBEDTLS_DEBUG_C */
 
 #ifdef __cplusplus
 extern "C" {
@@ -97,12 +97,12 @@
 
 /**
  * \brief   Set the log mode for the debug functions globally
- *          (Default value: POLARSSL_DEBUG_DFL_MODE)
+ *          (Default value: MBEDTLS_DEBUG_DFL_MODE)
  *
- * \param log_mode      The log mode to use (POLARSSL_DEBUG_LOG_FULL or
- *                                           POLARSSL_DEBUG_LOG_RAW)
+ * \param log_mode      The log mode to use (MBEDTLS_DEBUG_LOG_FULL or
+ *                                           MBEDTLS_DEBUG_LOG_RAW)
  */
-void debug_set_log_mode( int log_mode );
+void mbedtls_debug_set_log_mode( int log_mode );
 
 /**
  * \brief   Set the level threshold to handle globally. Messages that have a
@@ -111,37 +111,37 @@
  *
  * \param threshold     maximum level of messages to pass on
  */
-void debug_set_threshold( int threshold );
+void mbedtls_debug_set_threshold( int threshold );
 
-char *debug_fmt( const char *format, ... );
+char *mbedtls_debug_fmt( const char *format, ... );
 
-void debug_print_msg( const ssl_context *ssl, int level,
+void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line, const char *text );
 
-void debug_print_ret( const ssl_context *ssl, int level,
+void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line,
                       const char *text, int ret );
 
-void debug_print_buf( const ssl_context *ssl, int level,
+void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line, const char *text,
                       const unsigned char *buf, size_t len );
 
-#if defined(POLARSSL_BIGNUM_C)
-void debug_print_mpi( const ssl_context *ssl, int level,
+#if defined(MBEDTLS_BIGNUM_C)
+void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line,
-                      const char *text, const mpi *X );
+                      const char *text, const mbedtls_mpi *X );
 #endif
 
-#if defined(POLARSSL_ECP_C)
-void debug_print_ecp( const ssl_context *ssl, int level,
+#if defined(MBEDTLS_ECP_C)
+void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line,
-                      const char *text, const ecp_point *X );
+                      const char *text, const mbedtls_ecp_point *X );
 #endif
 
-#if defined(POLARSSL_X509_CRT_PARSE_C)
-void debug_print_crt( const ssl_context *ssl, int level,
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
                       const char *file, int line,
-                      const char *text, const x509_crt *crt );
+                      const char *text, const mbedtls_x509_crt *crt );
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 3f7236c..bee0921 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_DES_H
-#define POLARSSL_DES_H
+#ifndef MBEDTLS_DES_H
+#define MBEDTLS_DES_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,14 +39,14 @@
 #include <inttypes.h>
 #endif
 
-#define DES_ENCRYPT     1
-#define DES_DECRYPT     0
+#define MBEDTLS_DES_ENCRYPT     1
+#define MBEDTLS_DES_DECRYPT     0
 
-#define POLARSSL_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032  /**< The data input has an invalid length. */
 
-#define DES_KEY_SIZE    8
+#define MBEDTLS_DES_KEY_SIZE    8
 
-#if !defined(POLARSSL_DES_ALT)
+#if !defined(MBEDTLS_DES_ALT)
 // Regular implementation
 //
 
@@ -62,7 +62,7 @@
     int mode;                   /*!<  encrypt/decrypt   */
     uint32_t sk[32];            /*!<  DES subkeys       */
 }
-des_context;
+mbedtls_des_context;
 
 /**
  * \brief          Triple-DES context structure
@@ -72,35 +72,35 @@
     int mode;                   /*!<  encrypt/decrypt   */
     uint32_t sk[96];            /*!<  3DES subkeys      */
 }
-des3_context;
+mbedtls_des3_context;
 
 /**
  * \brief          Initialize DES context
  *
  * \param ctx      DES context to be initialized
  */
-void des_init( des_context *ctx );
+void mbedtls_des_init( mbedtls_des_context *ctx );
 
 /**
  * \brief          Clear DES context
  *
  * \param ctx      DES context to be cleared
  */
-void des_free( des_context *ctx );
+void mbedtls_des_free( mbedtls_des_context *ctx );
 
 /**
  * \brief          Initialize Triple-DES context
  *
  * \param ctx      DES3 context to be initialized
  */
-void des3_init( des3_context *ctx );
+void mbedtls_des3_init( mbedtls_des3_context *ctx );
 
 /**
  * \brief          Clear Triple-DES context
  *
  * \param ctx      DES3 context to be cleared
  */
-void des3_free( des3_context *ctx );
+void mbedtls_des3_free( mbedtls_des3_context *ctx );
 
 /**
  * \brief          Set key parity on the given key to odd.
@@ -110,7 +110,7 @@
  *
  * \param key      8-byte secret key
  */
-void des_key_set_parity( unsigned char key[DES_KEY_SIZE] );
+void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
  * \brief          Check that key parity on the given key is odd.
@@ -122,7 +122,7 @@
  *
  * \return         0 is parity was ok, 1 if parity was not correct.
  */
-int des_key_check_key_parity( const unsigned char key[DES_KEY_SIZE] );
+int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
  * \brief          Check that key is not a weak or semi-weak DES key
@@ -131,7 +131,7 @@
  *
  * \return         0 if no weak key was found, 1 if a weak key was identified.
  */
-int des_key_check_weak( const unsigned char key[DES_KEY_SIZE] );
+int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
  * \brief          DES key schedule (56-bit, encryption)
@@ -141,7 +141,7 @@
  *
  * \return         0
  */
-int des_setkey_enc( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
+int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
  * \brief          DES key schedule (56-bit, decryption)
@@ -151,7 +151,7 @@
  *
  * \return         0
  */
-int des_setkey_dec( des_context *ctx, const unsigned char key[DES_KEY_SIZE] );
+int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
 
 /**
  * \brief          Triple-DES key schedule (112-bit, encryption)
@@ -161,8 +161,8 @@
  *
  * \return         0
  */
-int des3_set2key_enc( des3_context *ctx,
-                      const unsigned char key[DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
 /**
  * \brief          Triple-DES key schedule (112-bit, decryption)
@@ -172,8 +172,8 @@
  *
  * \return         0
  */
-int des3_set2key_dec( des3_context *ctx,
-                      const unsigned char key[DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
 
 /**
  * \brief          Triple-DES key schedule (168-bit, encryption)
@@ -183,8 +183,8 @@
  *
  * \return         0
  */
-int des3_set3key_enc( des3_context *ctx,
-                      const unsigned char key[DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
 /**
  * \brief          Triple-DES key schedule (168-bit, decryption)
@@ -194,8 +194,8 @@
  *
  * \return         0
  */
-int des3_set3key_dec( des3_context *ctx,
-                      const unsigned char key[DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
+                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
 
 /**
  * \brief          DES-ECB block encryption/decryption
@@ -206,11 +206,11 @@
  *
  * \return         0 if successful
  */
-int des_crypt_ecb( des_context *ctx,
+int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
                     const unsigned char input[8],
                     unsigned char output[8] );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
  * \brief          DES-CBC buffer encryption/decryption
  *
@@ -223,19 +223,19 @@
  *                 module instead.
  *
  * \param ctx      DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
  * \param output   buffer holding the output data
  */
-int des_crypt_cbc( des_context *ctx,
+int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
                     int mode,
                     size_t length,
                     unsigned char iv[8],
                     const unsigned char *input,
                     unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 /**
  * \brief          3DES-ECB block encryption/decryption
@@ -246,11 +246,11 @@
  *
  * \return         0 if successful
  */
-int des3_crypt_ecb( des3_context *ctx,
+int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
                      const unsigned char input[8],
                      unsigned char output[8] );
 
-#if defined(POLARSSL_CIPHER_MODE_CBC)
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
  * \brief          3DES-CBC buffer encryption/decryption
  *
@@ -263,29 +263,29 @@
  *                 module instead.
  *
  * \param ctx      3DES context
- * \param mode     DES_ENCRYPT or DES_DECRYPT
+ * \param mode     MBEDTLS_DES_ENCRYPT or MBEDTLS_DES_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
  * \param output   buffer holding the output data
  *
- * \return         0 if successful, or POLARSSL_ERR_DES_INVALID_INPUT_LENGTH
+ * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
  */
-int des3_crypt_cbc( des3_context *ctx,
+int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
                      int mode,
                      size_t length,
                      unsigned char iv[8],
                      const unsigned char *input,
                      unsigned char *output );
-#endif /* POLARSSL_CIPHER_MODE_CBC */
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_DES_ALT */
+#else  /* MBEDTLS_DES_ALT */
 #include "des_alt.h"
-#endif /* POLARSSL_DES_ALT */
+#endif /* MBEDTLS_DES_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -296,7 +296,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int des_self_test( int verbose );
+int mbedtls_des_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 8d64a5f..4d16619 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -21,23 +21,23 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_DHM_H
-#define POLARSSL_DHM_H
+#ifndef MBEDTLS_DHM_H
+#define MBEDTLS_DHM_H
 
 #include "bignum.h"
 
 /*
  * DHM Error codes
  */
-#define POLARSSL_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
-#define POLARSSL_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
-#define POLARSSL_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
-#define POLARSSL_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
-#define POLARSSL_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
-#define POLARSSL_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
-#define POLARSSL_ERR_DHM_MALLOC_FAILED                     -0x3400  /**< Allocation of memory failed. */
-#define POLARSSL_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100  /**< Reading of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180  /**< Making of the DHM parameters failed. */
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200  /**< Reading of the public values failed. */
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280  /**< Making of the public value failed. */
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300  /**< Calculation of the DHM secret failed. */
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380  /**< The ASN.1 data is not formatted correctly. */
+#define MBEDTLS_ERR_DHM_MALLOC_FAILED                     -0x3400  /**< Allocation of memory failed. */
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480  /**< Read/write of file failed. */
 
 /**
  * RFC 2409 defines a number of standardized Diffie-Hellman groups
@@ -56,7 +56,7 @@
  *  RFC 5114 2.1.  1024-bit MODP Group with 160-bit Prime Order Subgroup
  *  RFC 5114 2.2.  2048-bit MODP Group with 224-bit Prime Order Subgroup
  */
-#define POLARSSL_DHM_RFC2409_MODP_1024_P               \
+#define MBEDTLS_DHM_RFC2409_MODP_1024_P               \
     "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
     "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
     "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
@@ -64,9 +64,9 @@
     "EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381" \
     "FFFFFFFFFFFFFFFF"
 
-#define POLARSSL_DHM_RFC2409_MODP_1024_G          "02"
+#define MBEDTLS_DHM_RFC2409_MODP_1024_G          "02"
 
-#define POLARSSL_DHM_RFC3526_MODP_2048_P               \
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P               \
     "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
     "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
     "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
@@ -79,9 +79,9 @@
     "DE2BCBF6955817183995497CEA956AE515D2261898FA0510" \
     "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
 
-#define POLARSSL_DHM_RFC3526_MODP_2048_G          "02"
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G          "02"
 
-#define POLARSSL_DHM_RFC3526_MODP_3072_P               \
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P               \
     "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1" \
     "29024E088A67CC74020BBEA63B139B22514A08798E3404DD" \
     "EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245" \
@@ -99,9 +99,9 @@
     "BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31" \
     "43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
 
-#define POLARSSL_DHM_RFC3526_MODP_3072_G          "02"
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G          "02"
 
-#define POLARSSL_DHM_RFC5114_MODP_1024_P               \
+#define MBEDTLS_DHM_RFC5114_MODP_1024_P               \
     "B10B8F96A080E01DDE92DE5EAE5D54EC52C99FBCFB06A3C6" \
     "9A6A9DCA52D23B616073E28675A23D189838EF1E2EE652C0" \
     "13ECB4AEA906112324975C3CD49B83BFACCBDD7D90C4BD70" \
@@ -109,7 +109,7 @@
     "A151AF5F0DC8B4BD45BF37DF365C1A65E68CFDA76D4DA708" \
     "DF1FB2BC2E4A4371"
 
-#define POLARSSL_DHM_RFC5114_MODP_1024_G               \
+#define MBEDTLS_DHM_RFC5114_MODP_1024_G               \
     "A4D1CBD5C3FD34126765A442EFB99905F8104DD258AC507F" \
     "D6406CFF14266D31266FEA1E5C41564B777E690F5504F213" \
     "160217B4B01B886A5E91547F9E2749F4D7FBD7D3B9A92EE1" \
@@ -117,7 +117,7 @@
     "D662A4D18E73AFA32D779D5918D08BC8858F4DCEF97C2A24" \
     "855E6EEB22B3B2E5"
 
-#define POLARSSL_DHM_RFC5114_MODP_2048_P               \
+#define MBEDTLS_DHM_RFC5114_MODP_2048_P               \
     "AD107E1E9123A9D0D660FAA79559C51FA20D64E5683B9FD1" \
     "B54B1597B61D0A75E6FA141DF95A56DBAF9A3C407BA1DF15" \
     "EB3D688A309C180E1DE6B85A1274A0A66D3F8152AD6AC212" \
@@ -130,7 +130,7 @@
     "C9B53DCF4BA80A29E3FB73C16B8E75B97EF363E2FFA31F71" \
     "CF9DE5384E71B81C0AC4DFFE0C10E64F"
 
-#define POLARSSL_DHM_RFC5114_MODP_2048_G              \
+#define MBEDTLS_DHM_RFC5114_MODP_2048_G              \
     "AC4032EF4F2D9AE39DF30B5C8FFDAC506CDEBE7B89998CAF"\
     "74866A08CFE4FFE3A6824A4E10B9A6F0DD921F01A70C4AFA"\
     "AB739D7700C29F52C57DB17C620A8652BE5E9001A8D66AD7"\
@@ -153,25 +153,25 @@
 typedef struct
 {
     size_t len; /*!<  size(P) in chars  */
-    mpi P;      /*!<  prime modulus     */
-    mpi G;      /*!<  generator         */
-    mpi X;      /*!<  secret value      */
-    mpi GX;     /*!<  self = G^X mod P  */
-    mpi GY;     /*!<  peer = G^Y mod P  */
-    mpi K;      /*!<  key = GY^X mod P  */
-    mpi RP;     /*!<  cached R^2 mod P  */
-    mpi Vi;     /*!<  blinding value    */
-    mpi Vf;     /*!<  un-blinding value */
-    mpi pX;     /*!<  previous X        */
+    mbedtls_mpi P;      /*!<  prime modulus     */
+    mbedtls_mpi G;      /*!<  generator         */
+    mbedtls_mpi X;      /*!<  secret value      */
+    mbedtls_mpi GX;     /*!<  self = G^X mod P  */
+    mbedtls_mpi GY;     /*!<  peer = G^Y mod P  */
+    mbedtls_mpi K;      /*!<  key = GY^X mod P  */
+    mbedtls_mpi RP;     /*!<  cached R^2 mod P  */
+    mbedtls_mpi Vi;     /*!<  blinding value    */
+    mbedtls_mpi Vf;     /*!<  un-blinding value */
+    mbedtls_mpi pX;     /*!<  previous X        */
 }
-dhm_context;
+mbedtls_dhm_context;
 
 /**
  * \brief          Initialize DHM context
  *
  * \param ctx      DHM context to be initialized
  */
-void dhm_init( dhm_context *ctx );
+void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
 
 /**
  * \brief          Parse the ServerKeyExchange parameters
@@ -180,9 +180,9 @@
  * \param p        &(start of input buffer)
  * \param end      end of buffer
  *
- * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
  */
-int dhm_read_params( dhm_context *ctx,
+int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
                      unsigned char **p,
                      const unsigned char *end );
 
@@ -198,11 +198,11 @@
  *
  * \note           This function assumes that ctx->P and ctx->G
  *                 have already been properly set (for example
- *                 using mpi_read_string or mpi_read_binary).
+ *                 using mbedtls_mpi_read_string or mbedtls_mpi_read_binary).
  *
- * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
  */
-int dhm_make_params( dhm_context *ctx, int x_size,
+int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
                      unsigned char *output, size_t *olen,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
@@ -214,9 +214,9 @@
  * \param input    input buffer
  * \param ilen     size of buffer
  *
- * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
  */
-int dhm_read_public( dhm_context *ctx,
+int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
                      const unsigned char *input, size_t ilen );
 
 /**
@@ -229,9 +229,9 @@
  * \param f_rng    RNG function
  * \param p_rng    RNG parameter
  *
- * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
  */
-int dhm_make_public( dhm_context *ctx, int x_size,
+int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
                      unsigned char *output, size_t olen,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
@@ -246,7 +246,7 @@
  * \param f_rng    RNG function, for blinding purposes
  * \param p_rng    RNG parameter
  *
- * \return         0 if successful, or an POLARSSL_ERR_DHM_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_DHM_XXX error code
  *
  * \note           If non-NULL, f_rng is used to blind the input as
  *                 countermeasure against timing attacks. Blinding is
@@ -254,7 +254,7 @@
  *                 re-used and costs nothing otherwise, so it is recommended
  *                 to always pass a non-NULL f_rng argument.
  */
-int dhm_calc_secret( dhm_context *ctx,
+int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
                      unsigned char *output, size_t *olen,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
@@ -264,9 +264,9 @@
  *
  * \param ctx      DHM context to free and clear
  */
-void dhm_free( dhm_context *ctx );
+void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
 
-#if defined(POLARSSL_ASN1_PARSE_C)
+#if defined(MBEDTLS_ASN1_PARSE_C)
 /** \ingroup x509_module */
 /**
  * \brief          Parse DHM parameters
@@ -277,10 +277,10 @@
  *
  * \return         0 if successful, or a specific DHM or PEM error code
  */
-int dhm_parse_dhm( dhm_context *dhm, const unsigned char *dhmin,
+int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
                    size_t dhminlen );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /** \ingroup x509_module */
 /**
  * \brief          Load and parse DHM parameters
@@ -290,16 +290,16 @@
  *
  * \return         0 if successful, or a specific DHM or PEM error code
  */
-int dhm_parse_dhmfile( dhm_context *dhm, const char *path );
-#endif /* POLARSSL_FS_IO */
-#endif /* POLARSSL_ASN1_PARSE_C */
+int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_ASN1_PARSE_C */
 
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int dhm_self_test( int verbose );
+int mbedtls_dhm_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index b0bbde0..ca990c9 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ECDH_H
-#define POLARSSL_ECDH_H
+#ifndef MBEDTLS_ECDH_H
+#define MBEDTLS_ECDH_H
 
 #include "ecp.h"
 
@@ -35,26 +35,26 @@
  */
 typedef enum
 {
-    POLARSSL_ECDH_OURS,
-    POLARSSL_ECDH_THEIRS,
-} ecdh_side;
+    MBEDTLS_ECDH_OURS,
+    MBEDTLS_ECDH_THEIRS,
+} mbedtls_ecdh_side;
 
 /**
  * \brief           ECDH context structure
  */
 typedef struct
 {
-    ecp_group grp;      /*!<  elliptic curve used                           */
-    mpi d;              /*!<  our secret value (private key)                */
-    ecp_point Q;        /*!<  our public value (public key)                 */
-    ecp_point Qp;       /*!<  peer's public value (public key)              */
-    mpi z;              /*!<  shared secret                                 */
+    mbedtls_ecp_group grp;      /*!<  elliptic curve used                           */
+    mbedtls_mpi d;              /*!<  our secret value (private key)                */
+    mbedtls_ecp_point Q;        /*!<  our public value (public key)                 */
+    mbedtls_ecp_point Qp;       /*!<  peer's public value (public key)              */
+    mbedtls_mpi z;              /*!<  shared secret                                 */
     int point_format;   /*!<  format for point export in TLS messages       */
-    ecp_point Vi;       /*!<  blinding value (for later)                    */
-    ecp_point Vf;       /*!<  un-blinding value (for later)                 */
-    mpi _d;             /*!<  previous d (for later)                        */
+    mbedtls_ecp_point Vi;       /*!<  blinding value (for later)                    */
+    mbedtls_ecp_point Vf;       /*!<  un-blinding value (for later)                 */
+    mbedtls_mpi _d;             /*!<  previous d (for later)                        */
 }
-ecdh_context;
+mbedtls_ecdh_context;
 
 /**
  * \brief           Generate a public key.
@@ -67,9 +67,9 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
-int ecdh_gen_public( ecp_group *grp, mpi *d, ecp_point *Q,
+int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
 
@@ -85,14 +85,14 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  *
  * \note            If f_rng is not NULL, it is used to implement
  *                  countermeasures against potential elaborate timing
- *                  attacks, see \c ecp_mul() for details.
+ *                  attacks, see \c mbedtls_ecp_mul() for details.
  */
-int ecdh_compute_shared( ecp_group *grp, mpi *z,
-                         const ecp_point *Q, const mpi *d,
+int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
+                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
                          int (*f_rng)(void *, unsigned char *, size_t),
                          void *p_rng );
 
@@ -101,14 +101,14 @@
  *
  * \param ctx       Context to initialize
  */
-void ecdh_init( ecdh_context *ctx );
+void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
 
 /**
  * \brief           Free context
  *
  * \param ctx       Context to free
  */
-void ecdh_free( ecdh_context *ctx );
+void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
 
 /**
  * \brief           Generate a public key and a TLS ServerKeyExchange payload.
@@ -122,11 +122,11 @@
  * \param p_rng     RNG parameter
  *
  * \note            This function assumes that ctx->grp has already been
- *                  properly set (for example using ecp_use_known_dp).
+ *                  properly set (for example using mbedtls_ecp_use_known_dp).
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_make_params( ecdh_context *ctx, size_t *olen,
+int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
                       unsigned char *buf, size_t blen,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng );
@@ -139,9 +139,9 @@
  * \param buf       pointer to start of input buffer
  * \param end       one past end of buffer
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_read_params( ecdh_context *ctx,
+int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
                       const unsigned char **buf, const unsigned char *end );
 
 /**
@@ -154,10 +154,10 @@
  * \param key       EC key to use
  * \param side      Is it our key (1) or the peer's key (0) ?
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_get_params( ecdh_context *ctx, const ecp_keypair *key,
-                     ecdh_side side );
+int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx, const mbedtls_ecp_keypair *key,
+                     mbedtls_ecdh_side side );
 
 /**
  * \brief           Generate a public key and a TLS ClientKeyExchange payload.
@@ -170,9 +170,9 @@
  * \param f_rng     RNG function
  * \param p_rng     RNG parameter
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_make_public( ecdh_context *ctx, size_t *olen,
+int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
                       unsigned char *buf, size_t blen,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng );
@@ -185,9 +185,9 @@
  * \param buf       start of input buffer
  * \param blen      length of input buffer
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_read_public( ecdh_context *ctx,
+int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
                       const unsigned char *buf, size_t blen );
 
 /**
@@ -198,12 +198,12 @@
  * \param olen      number of bytes written
  * \param buf       destination buffer
  * \param blen      buffer length
- * \param f_rng     RNG function, see notes for \c ecdh_compute_shared()
+ * \param f_rng     RNG function, see notes for \c mbedtls_ecdh_compute_shared()
  * \param p_rng     RNG parameter
  *
- * \return          0 if successful, or an POLARSSL_ERR_ECP_XXX error code
+ * \return          0 if successful, or an MBEDTLS_ERR_ECP_XXX error code
  */
-int ecdh_calc_secret( ecdh_context *ctx, size_t *olen,
+int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
                       unsigned char *buf, size_t blen,
                       int (*f_rng)(void *, unsigned char *, size_t),
                       void *p_rng );
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index d22e243..82921b3 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ECDSA_H
-#define POLARSSL_ECDSA_H
+#ifndef MBEDTLS_ECDSA_H
+#define MBEDTLS_ECDSA_H
 
 #include "ecp.h"
 #include "md.h"
@@ -41,16 +41,16 @@
  * (assuming ECP_MAX_BYTES is less than 126 for r and s,
  * and less than 124 (total len <= 255) for the sequence)
  */
-#if POLARSSL_ECP_MAX_BYTES > 124
-#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix POLARSSL_ECDSA_MAX_LEN"
+#if MBEDTLS_ECP_MAX_BYTES > 124
+#error "MBEDTLS_ECP_MAX_BYTES bigger than expected, please fix MBEDTLS_ECDSA_MAX_LEN"
 #endif
 /** Maximum size of an ECDSA signature in bytes */
-#define POLARSSL_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
+#define MBEDTLS_ECDSA_MAX_LEN  ( 3 + 2 * ( 3 + MBEDTLS_ECP_MAX_BYTES ) )
 
 /**
  * \brief           ECDSA context structure
  */
-typedef ecp_keypair ecdsa_context;
+typedef mbedtls_ecp_keypair mbedtls_ecdsa_context;
 
 #ifdef __cplusplus
 extern "C" {
@@ -71,13 +71,13 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
-int ecdsa_sign( ecp_group *grp, mpi *r, mpi *s,
-                const mpi *d, const unsigned char *buf, size_t blen,
+int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /**
  * \brief           Compute ECDSA signature of a previously hashed message,
  *                  deterministic version (RFC 6979).
@@ -91,12 +91,12 @@
  * \param md_alg    MD algorithm used to hash the message
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
-int ecdsa_sign_det( ecp_group *grp, mpi *r, mpi *s,
-                    const mpi *d, const unsigned char *buf, size_t blen,
-                    md_type_t md_alg );
-#endif /* POLARSSL_ECDSA_DETERMINISTIC */
+int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
+                    const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
+                    mbedtls_md_type_t md_alg );
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
 /**
  * \brief           Verify ECDSA signature of a previously hashed message
@@ -109,12 +109,12 @@
  * \param s         Second integer of the signature
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
-int ecdsa_verify( ecp_group *grp,
+int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
                   const unsigned char *buf, size_t blen,
-                  const ecp_point *Q, const mpi *r, const mpi *s);
+                  const mbedtls_ecp_point *Q, const mbedtls_mpi *r, const mbedtls_mpi *s);
 
 /**
  * \brief           Compute ECDSA signature and write it to buffer,
@@ -122,7 +122,7 @@
  *                  (Not thread-safe to use same context in multiple threads)
  *
  * \note            The deterministice version (RFC 6979) is used if
- *                  POLARSSL_ECDSA_DETERMINISTIC is defined.
+ *                  MBEDTLS_ECDSA_DETERMINISTIC is defined.
  *
  * \param ctx       ECDSA context
  * \param md_alg    Algorithm that was used to hash the message
@@ -135,24 +135,24 @@
  *
  * \note            The "sig" buffer must be at least as large as twice the
  *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
- *                  curve is used). POLARSSL_ECDSA_MAX_LEN is always safe.
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX, POLARSSL_ERR_MPI_XXX or
- *                  POLARSSL_ERR_ASN1_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
  */
-int ecdsa_write_signature( ecdsa_context *ctx, md_type_t md_alg,
+int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx, mbedtls_md_type_t md_alg,
                            const unsigned char *hash, size_t hlen,
                            unsigned char *sig, size_t *slen,
                            int (*f_rng)(void *, unsigned char *, size_t),
                            void *p_rng );
 
-#if defined(POLARSSL_ECDSA_DETERMINISTIC)
-#if ! defined(POLARSSL_DEPRECATED_REMOVED)
-#if defined(POLARSSL_DEPRECATED_WARNING)
-#define DEPRECATED    __attribute__((deprecated))
+#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
 #else
-#define DEPRECATED
+#define MBEDTLS_DEPRECATED
 #endif
 /**
  * \brief           Compute ECDSA signature and write it to buffer,
@@ -160,7 +160,7 @@
  *                  Deterministic version, RFC 6979.
  *                  (Not thread-safe to use same context in multiple threads)
  *
- * \deprecated      Superseded by ecdsa_write_signature() in 2.0.0
+ * \deprecated      Superseded by mbedtls_ecdsa_write_signature() in 2.0.0
  *
  * \param ctx       ECDSA context
  * \param hash      Message hash
@@ -171,19 +171,19 @@
  *
  * \note            The "sig" buffer must be at least as large as twice the
  *                  size of the curve used, plus 9 (eg. 73 bytes if a 256-bit
- *                  curve is used). POLARSSL_ECDSA_MAX_LEN is always safe.
+ *                  curve is used). MBEDTLS_ECDSA_MAX_LEN is always safe.
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX, POLARSSL_ERR_MPI_XXX or
- *                  POLARSSL_ERR_ASN1_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX, MBEDTLS_ERR_MPI_XXX or
+ *                  MBEDTLS_ERR_ASN1_XXX error code
  */
-int ecdsa_write_signature_det( ecdsa_context *ctx,
+int mbedtls_ecdsa_write_signature_det( mbedtls_ecdsa_context *ctx,
                                const unsigned char *hash, size_t hlen,
                                unsigned char *sig, size_t *slen,
-                               md_type_t md_alg ) DEPRECATED;
-#undef DEPRECATED
-#endif /* POLARSSL_DEPRECATED_REMOVED */
-#endif /* POLARSSL_ECDSA_DETERMINISTIC */
+                               mbedtls_md_type_t md_alg ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
+#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
 /**
  * \brief           Read and verify an ECDSA signature
@@ -195,12 +195,12 @@
  * \param slen      Size of sig
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
- *                  POLARSSL_ERR_ECP_SIG_LEN_MISMATCH if the signature is
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if signature is invalid,
+ *                  MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH if the signature is
  *                  valid but its actual length is less than siglen,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX error code
  */
-int ecdsa_read_signature( ecdsa_context *ctx,
+int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
                           const unsigned char *hash, size_t hlen,
                           const unsigned char *sig, size_t slen );
 
@@ -209,13 +209,13 @@
  *
  * \param ctx       ECDSA context in which the keypair should be stored
  * \param gid       Group (elliptic curve) to use. One of the various
- *                  POLARSSL_ECP_DP_XXX macros depending on configuration.
+ *                  MBEDTLS_ECP_DP_XXX macros depending on configuration.
  * \param f_rng     RNG function
  * \param p_rng     RNG parameter
  *
- * \return          0 on success, or a POLARSSL_ERR_ECP_XXX code.
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
  */
-int ecdsa_genkey( ecdsa_context *ctx, ecp_group_id gid,
+int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
                   int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
 /**
@@ -224,23 +224,23 @@
  * \param ctx       ECDSA context to set
  * \param key       EC key to use
  *
- * \return          0 on success, or a POLARSSL_ERR_ECP_XXX code.
+ * \return          0 on success, or a MBEDTLS_ERR_ECP_XXX code.
  */
-int ecdsa_from_keypair( ecdsa_context *ctx, const ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx, const mbedtls_ecp_keypair *key );
 
 /**
  * \brief           Initialize context
  *
  * \param ctx       Context to initialize
  */
-void ecdsa_init( ecdsa_context *ctx );
+void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
 
 /**
  * \brief           Free context
  *
  * \param ctx       Context to free
  */
-void ecdsa_free( ecdsa_context *ctx );
+void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index eef445f..6eac393 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -21,22 +21,22 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ECP_H
-#define POLARSSL_ECP_H
+#ifndef MBEDTLS_ECP_H
+#define MBEDTLS_ECP_H
 
 #include "bignum.h"
 
 /*
  * ECP error codes
  */
-#define POLARSSL_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
-#define POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
-#define POLARSSL_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
-#define POLARSSL_ERR_ECP_MALLOC_FAILED                     -0x4D80  /**< Memory allocation failed. */
-#define POLARSSL_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
-#define POLARSSL_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
-#define POLARSSL_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00  /**< The buffer is too small to write to. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80  /**< Requested curve not available. */
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00  /**< The signature is not valid. */
+#define MBEDTLS_ERR_ECP_MALLOC_FAILED                     -0x4D80  /**< Memory allocation failed. */
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00  /**< Generation of random value, such as (ephemeral) key, failed. */
+#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80  /**< Invalid private or public key. */
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00  /**< Signature is valid but shorter than the user-supplied length. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -49,45 +49,45 @@
  *
  * \warning This library does not support validation of arbitrary domain
  * parameters. Therefore, only well-known domain parameters from trusted
- * sources should be used. See ecp_use_known_dp().
+ * sources should be used. See mbedtls_ecp_use_known_dp().
  */
 typedef enum
 {
-    POLARSSL_ECP_DP_NONE = 0,
-    POLARSSL_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
-    POLARSSL_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
-    POLARSSL_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
-    POLARSSL_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
-    POLARSSL_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
-    POLARSSL_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
-    POLARSSL_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
-    POLARSSL_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
-    POLARSSL_ECP_DP_M221,           /*!< (not implemented yet)    */
-    POLARSSL_ECP_DP_M255,           /*!< Curve25519               */
-    POLARSSL_ECP_DP_M383,           /*!< (not implemented yet)    */
-    POLARSSL_ECP_DP_M511,           /*!< (not implemented yet)    */
-    POLARSSL_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
-    POLARSSL_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
-    POLARSSL_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
-} ecp_group_id;
+    MBEDTLS_ECP_DP_NONE = 0,
+    MBEDTLS_ECP_DP_SECP192R1,      /*!< 192-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP224R1,      /*!< 224-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP256R1,      /*!< 256-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP384R1,      /*!< 384-bits NIST curve  */
+    MBEDTLS_ECP_DP_SECP521R1,      /*!< 521-bits NIST curve  */
+    MBEDTLS_ECP_DP_BP256R1,        /*!< 256-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP384R1,        /*!< 384-bits Brainpool curve */
+    MBEDTLS_ECP_DP_BP512R1,        /*!< 512-bits Brainpool curve */
+    MBEDTLS_ECP_DP_M221,           /*!< (not implemented yet)    */
+    MBEDTLS_ECP_DP_M255,           /*!< Curve25519               */
+    MBEDTLS_ECP_DP_M383,           /*!< (not implemented yet)    */
+    MBEDTLS_ECP_DP_M511,           /*!< (not implemented yet)    */
+    MBEDTLS_ECP_DP_SECP192K1,      /*!< 192-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP224K1,      /*!< 224-bits "Koblitz" curve */
+    MBEDTLS_ECP_DP_SECP256K1,      /*!< 256-bits "Koblitz" curve */
+} mbedtls_ecp_group_id;
 
 /**
  * Number of supported curves (plus one for NONE).
  *
  * (Montgomery curves excluded for now.)
  */
-#define POLARSSL_ECP_DP_MAX     12
+#define MBEDTLS_ECP_DP_MAX     12
 
 /**
  * Curve information for use by other modules
  */
 typedef struct
 {
-    ecp_group_id grp_id;    /*!< Internal identifier        */
+    mbedtls_ecp_group_id grp_id;    /*!< Internal identifier        */
     uint16_t tls_id;        /*!< TLS NamedCurve identifier  */
     uint16_t size;          /*!< Curve size in bits         */
     const char *name;       /*!< Human-friendly name        */
-} ecp_curve_info;
+} mbedtls_ecp_curve_info;
 
 /**
  * \brief           ECP point structure (jacobian coordinates)
@@ -100,11 +100,11 @@
  */
 typedef struct
 {
-    mpi X;          /*!<  the point's X coordinate  */
-    mpi Y;          /*!<  the point's Y coordinate  */
-    mpi Z;          /*!<  the point's Z coordinate  */
+    mbedtls_mpi X;          /*!<  the point's X coordinate  */
+    mbedtls_mpi Y;          /*!<  the point's Y coordinate  */
+    mbedtls_mpi Z;          /*!<  the point's Z coordinate  */
 }
-ecp_point;
+mbedtls_ecp_point;
 
 /**
  * \brief           ECP group structure
@@ -117,14 +117,14 @@
  * cardinal is denoted by N.
  *
  * In the case of Short Weierstrass curves, our code requires that N is an odd
- * prime. (Use odd in ecp_mul() and prime in ecdsa_sign() for blinding.)
+ * prime. (Use odd in mbedtls_ecp_mul() and prime in mbedtls_ecdsa_sign() for blinding.)
  *
  * In the case of Montgomery curves, we don't store A but (A + 2) / 4 which is
  * the quantity actually used in the formulas. Also, nbits is not the size of N
  * but the required size for private keys.
  *
  * If modp is NULL, reduction modulo P is done using a generic algorithm.
- * Otherwise, it must point to a function that takes an mpi in the range
+ * Otherwise, it must point to a function that takes an mbedtls_mpi in the range
  * 0..2^(2*pbits)-1 and transforms it in-place in an integer of little more
  * than pbits, so that the integer may be efficiently brought in the 0..P-1
  * range by a few additions or substractions. It must return 0 on success and
@@ -132,38 +132,38 @@
  */
 typedef struct
 {
-    ecp_group_id id;    /*!<  internal group identifier                     */
-    mpi P;              /*!<  prime modulus of the base field               */
-    mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
-    mpi B;              /*!<  1. B in the equation, or 2. unused            */
-    ecp_point G;        /*!<  generator of the (sub)group used              */
-    mpi N;              /*!<  1. the order of G, or 2. unused               */
+    mbedtls_ecp_group_id id;    /*!<  internal group identifier                     */
+    mbedtls_mpi P;              /*!<  prime modulus of the base field               */
+    mbedtls_mpi A;              /*!<  1. A in the equation, or 2. (A + 2) / 4       */
+    mbedtls_mpi B;              /*!<  1. B in the equation, or 2. unused            */
+    mbedtls_ecp_point G;        /*!<  generator of the (sub)group used              */
+    mbedtls_mpi N;              /*!<  1. the order of G, or 2. unused               */
     size_t pbits;       /*!<  number of bits in P                           */
     size_t nbits;       /*!<  number of bits in 1. P, or 2. private keys    */
     unsigned int h;     /*!<  internal: 1 if the constants are static       */
-    int (*modp)(mpi *); /*!<  function for fast reduction mod P             */
-    int (*t_pre)(ecp_point *, void *);  /*!< unused                         */
-    int (*t_post)(ecp_point *, void *); /*!< unused                         */
+    int (*modp)(mbedtls_mpi *); /*!<  function for fast reduction mod P             */
+    int (*t_pre)(mbedtls_ecp_point *, void *);  /*!< unused                         */
+    int (*t_post)(mbedtls_ecp_point *, void *); /*!< unused                         */
     void *t_data;                       /*!< unused                         */
-    ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
+    mbedtls_ecp_point *T;       /*!<  pre-computed points for ecp_mul_comb()        */
     size_t T_size;      /*!<  number for pre-computed points                */
 }
-ecp_group;
+mbedtls_ecp_group;
 
 /**
  * \brief           ECP key pair structure
  *
  * A generic key pair that could be used for ECDSA, fixed ECDH, etc.
  *
- * \note Members purposefully in the same order as struc ecdsa_context.
+ * \note Members purposefully in the same order as struc mbedtls_ecdsa_context.
  */
 typedef struct
 {
-    ecp_group grp;      /*!<  Elliptic curve and base point     */
-    mpi d;              /*!<  our secret value                  */
-    ecp_point Q;        /*!<  our public value                  */
+    mbedtls_ecp_group grp;      /*!<  Elliptic curve and base point     */
+    mbedtls_mpi d;              /*!<  our secret value                  */
+    mbedtls_ecp_point Q;        /*!<  our public value                  */
 }
-ecp_keypair;
+mbedtls_ecp_keypair;
 
 /**
  * \name SECTION: Module settings
@@ -173,23 +173,23 @@
  * \{
  */
 
-#if !defined(POLARSSL_ECP_MAX_BITS)
+#if !defined(MBEDTLS_ECP_MAX_BITS)
 /**
  * Maximum size of the groups (that is, of N and P)
  */
-#define POLARSSL_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
+#define MBEDTLS_ECP_MAX_BITS     521   /**< Maximum bit size of groups */
 #endif
 
-#define POLARSSL_ECP_MAX_BYTES    ( ( POLARSSL_ECP_MAX_BITS + 7 ) / 8 )
-#define POLARSSL_ECP_MAX_PT_LEN   ( 2 * POLARSSL_ECP_MAX_BYTES + 1 )
+#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
+#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
 
-#if !defined(POLARSSL_ECP_WINDOW_SIZE)
+#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
  * Default: 6.
  * Minimum value: 2. Maximum value: 7.
  *
- * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
+ * Result is an array of at most ( 1 << ( MBEDTLS_ECP_WINDOW_SIZE - 1 ) )
  * points used for point multiplication. This value is directly tied to EC
  * peak memory usage, so decreasing it by one should roughly cut memory usage
  * by two (if large curves are in use).
@@ -204,10 +204,10 @@
  *      224       475     475     453     398     342
  *      192       640     640     633     587     476
  */
-#define POLARSSL_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
-#endif /* POLARSSL_ECP_WINDOW_SIZE */
+#define MBEDTLS_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+#endif /* MBEDTLS_ECP_WINDOW_SIZE */
 
-#if !defined(POLARSSL_ECP_FIXED_POINT_OPTIM)
+#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
 /*
  * Trade memory for speed on fixed-point multiplication.
  *
@@ -219,21 +219,21 @@
  *
  * Change this value to 0 to reduce peak memory usage.
  */
-#define POLARSSL_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
-#endif /* POLARSSL_ECP_FIXED_POINT_OPTIM */
+#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
+#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
 /* \} name SECTION: Module settings */
 
 /*
  * Point formats, from RFC 4492's enum ECPointFormat
  */
-#define POLARSSL_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
-#define POLARSSL_ECP_PF_COMPRESSED      1   /**< Compressed point format */
+#define MBEDTLS_ECP_PF_UNCOMPRESSED    0   /**< Uncompressed point format */
+#define MBEDTLS_ECP_PF_COMPRESSED      1   /**< Compressed point format */
 
 /*
  * Some other constants from RFC 4492
  */
-#define POLARSSL_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
+#define MBEDTLS_ECP_TLS_NAMED_CURVE    3   /**< ECCurveType's named_curve */
 
 /**
  * \brief           Get the list of supported curves in order of preferrence
@@ -241,34 +241,34 @@
  *
  * \return          A statically allocated array, the last entry is 0.
  */
-const ecp_curve_info *ecp_curve_list( void );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
 
 /**
  * \brief           Get the list of supported curves in order of preferrence
  *                  (grp_id only)
  *
  * \return          A statically allocated array,
- *                  terminated with POLARSSL_ECP_DP_NONE.
+ *                  terminated with MBEDTLS_ECP_DP_NONE.
  */
-const ecp_group_id *ecp_grp_id_list( void );
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
 
 /**
  * \brief           Get curve information from an internal group identifier
  *
- * \param grp_id    A POLARSSL_ECP_DP_XXX value
+ * \param grp_id    A MBEDTLS_ECP_DP_XXX value
  *
  * \return          The associated curve information or NULL
  */
-const ecp_curve_info *ecp_curve_info_from_grp_id( ecp_group_id grp_id );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
 
 /**
  * \brief           Get curve information from a TLS NamedCurve value
  *
- * \param tls_id    A POLARSSL_ECP_DP_XXX value
+ * \param tls_id    A MBEDTLS_ECP_DP_XXX value
  *
  * \return          The associated curve information or NULL
  */
-const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
 
 /**
  * \brief           Get curve information from a human-readable name
@@ -277,37 +277,37 @@
  *
  * \return          The associated curve information or NULL
  */
-const ecp_curve_info *ecp_curve_info_from_name( const char *name );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
 
 /**
  * \brief           Initialize a point (as zero)
  */
-void ecp_point_init( ecp_point *pt );
+void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
 
 /**
  * \brief           Initialize a group (to something meaningless)
  */
-void ecp_group_init( ecp_group *grp );
+void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
 
 /**
  * \brief           Initialize a key pair (as an invalid one)
  */
-void ecp_keypair_init( ecp_keypair *key );
+void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
 
 /**
  * \brief           Free the components of a point
  */
-void ecp_point_free( ecp_point *pt );
+void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
 
 /**
  * \brief           Free the components of an ECP group
  */
-void ecp_group_free( ecp_group *grp );
+void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
 
 /**
  * \brief           Free the components of a key pair
  */
-void ecp_keypair_free( ecp_keypair *key );
+void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
 
 /**
  * \brief           Copy the contents of point Q into P
@@ -316,9 +316,9 @@
  * \param Q         Source point
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int ecp_copy( ecp_point *P, const ecp_point *Q );
+int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
 
 /**
  * \brief           Copy the contents of a group object
@@ -327,9 +327,9 @@
  * \param src       Source group
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int ecp_group_copy( ecp_group *dst, const ecp_group *src );
+int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst, const mbedtls_ecp_group *src );
 
 /**
  * \brief           Set a point to zero
@@ -337,9 +337,9 @@
  * \param pt        Destination point
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  */
-int ecp_set_zero( ecp_point *pt );
+int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
 
 /**
  * \brief           Tell if a point is zero
@@ -348,7 +348,7 @@
  *
  * \return          1 if point is zero, 0 otherwise
  */
-int ecp_is_zero( ecp_point *pt );
+int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
 
 /**
  * \brief           Import a non-zero point from two ASCII strings
@@ -358,9 +358,9 @@
  * \param x         First affine coordinate as a null-terminated string
  * \param y         Second affine coordinate as a null-terminated string
  *
- * \return          0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
  */
-int ecp_point_read_string( ecp_point *P, int radix,
+int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
                            const char *x, const char *y );
 
 /**
@@ -368,16 +368,16 @@
  *
  * \param grp       Group to which the point should belong
  * \param P         Point to export
- * \param format    Point format, should be a POLARSSL_ECP_PF_XXX macro
+ * \param format    Point format, should be a MBEDTLS_ECP_PF_XXX macro
  * \param olen      Length of the actual output
  * \param buf       Output buffer
  * \param buflen    Length of the output buffer
  *
  * \return          0 if successful,
- *                  or POLARSSL_ERR_ECP_BAD_INPUT_DATA
- *                  or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
  */
-int ecp_point_write_binary( const ecp_group *grp, const ecp_point *P,
+int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *P,
                             int format, size_t *olen,
                             unsigned char *buf, size_t buflen );
 
@@ -390,16 +390,16 @@
  * \param ilen      Actual length of input
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
- *                  POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE if the point format
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid,
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed,
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the point format
  *                  is not implemented.
  *
  * \note            This function does NOT check that the point actually
- *                  belongs to the given group, see ecp_check_pubkey() for
+ *                  belongs to the given group, see mbedtls_ecp_check_pubkey() for
  *                  that.
  */
-int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
+int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P,
                            const unsigned char *buf, size_t ilen );
 
 /**
@@ -413,10 +413,10 @@
  * \note            buf is updated to point right after the ECPoint on exit
  *
  * \return          O if successful,
- *                  POLARSSL_ERR_MPI_XXX if initialization failed
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
  */
-int ecp_tls_read_point( const ecp_group *grp, ecp_point *pt,
+int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp, mbedtls_ecp_point *pt,
                         const unsigned char **buf, size_t len );
 
 /**
@@ -430,10 +430,10 @@
  * \param blen      Buffer length
  *
  * \return          0 if successful,
- *                  or POLARSSL_ERR_ECP_BAD_INPUT_DATA
- *                  or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ *                  or MBEDTLS_ERR_ECP_BAD_INPUT_DATA
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
  */
-int ecp_tls_write_point( const ecp_group *grp, const ecp_point *pt,
+int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt,
                          int format, size_t *olen,
                          unsigned char *buf, size_t blen );
 
@@ -448,11 +448,11 @@
  * \param gy        The generator's Y coordinate
  * \param n         The generator's order
  *
- * \return          0 if successful, or a POLARSSL_ERR_MPI_XXX error code
+ * \return          0 if successful, or a MBEDTLS_ERR_MPI_XXX error code
  *
  * \note            Sets all fields except modp.
  */
-int ecp_group_read_string( ecp_group *grp, int radix,
+int mbedtls_ecp_group_read_string( mbedtls_ecp_group *grp, int radix,
                            const char *p, const char *b,
                            const char *gx, const char *gy, const char *n);
 
@@ -463,13 +463,13 @@
  * \param index     Index in the list of well-known domain parameters
  *
  * \return          O if successful,
- *                  POLARSSL_ERR_MPI_XXX if initialization failed
- *                  POLARSSL_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE for unkownn groups
  *
  * \note            Index should be a value of RFC 4492's enum NamdeCurve,
- *                  possibly in the form of a POLARSSL_ECP_DP_XXX macro.
+ *                  possibly in the form of a MBEDTLS_ECP_DP_XXX macro.
  */
-int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
+int mbedtls_ecp_use_known_dp( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
 
 /**
  * \brief           Set a group from a TLS ECParameters record
@@ -481,10 +481,10 @@
  * \note            buf is updated to point right after ECParameters on exit
  *
  * \return          O if successful,
- *                  POLARSSL_ERR_MPI_XXX if initialization failed
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
+ *                  MBEDTLS_ERR_MPI_XXX if initialization failed
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid
  */
-int ecp_tls_read_group( ecp_group *grp, const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp, const unsigned char **buf, size_t len );
 
 /**
  * \brief           Write the TLS ECParameters record for a group
@@ -495,9 +495,9 @@
  * \param blen      Buffer length
  *
  * \return          0 if successful,
- *                  or POLARSSL_ERR_ECP_BUFFER_TOO_SMALL
+ *                  or MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL
  */
-int ecp_tls_write_group( const ecp_group *grp, size_t *olen,
+int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp, size_t *olen,
                          unsigned char *buf, size_t blen );
 
 /**
@@ -509,13 +509,13 @@
  * \param Q         Right-hand point
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  *
  * \note            This function does not support Montgomery curves, such as
  *                  Curve25519.
  */
-int ecp_add( const ecp_group *grp, ecp_point *R,
-             const ecp_point *P, const ecp_point *Q );
+int mbedtls_ecp_add( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
 
 /**
  * \brief           Subtraction: R = P - Q
@@ -526,13 +526,13 @@
  * \param Q         Right-hand point
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  *
  * \note            This function does not support Montgomery curves, such as
  *                  Curve25519.
  */
-int ecp_sub( const ecp_group *grp, ecp_point *R,
-             const ecp_point *P, const ecp_point *Q );
+int mbedtls_ecp_sub( const mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
 
 /**
  * \brief           Multiplication by an integer: R = m * P
@@ -546,9 +546,9 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  POLARSSL_ERR_ECP_INVALID_KEY if m is not a valid privkey
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY if m is not a valid privkey
  *                  or P is not a valid pubkey,
- *                  POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
+ *                  MBEDTLS_ERR_MPI_MALLOC_FAILED if memory allocation failed
  *
  * \note            In order to prevent timing attacks, this function
  *                  executes the exact same sequence of (base field)
@@ -560,8 +560,8 @@
  *                  targeting these results. It is recommended to always
  *                  provide a non-NULL f_rng (the overhead is negligible).
  */
-int ecp_mul( ecp_group *grp, ecp_point *R,
-             const mpi *m, const ecp_point *P,
+int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
+             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
 /**
@@ -571,7 +571,7 @@
  * \param pt        Point to check
  *
  * \return          0 if point is a valid public key,
- *                  POLARSSL_ERR_ECP_INVALID_KEY otherwise.
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
  *
  * \note            This function only checks the point is non-zero, has valid
  *                  coordinates and lies on the curve, but not that it is
@@ -581,26 +581,26 @@
  *                  particular, it is useless for the NIST groups which all
  *                  have a cofactor of 1.
  *
- * \note            Uses bare components rather than an ecp_keypair structure
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
  *                  in order to ease use with other structures such as
- *                  ecdh_context of ecdsa_context.
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
  */
-int ecp_check_pubkey( const ecp_group *grp, const ecp_point *pt );
+int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp, const mbedtls_ecp_point *pt );
 
 /**
- * \brief           Check that an mpi is a valid private key for this curve
+ * \brief           Check that an mbedtls_mpi is a valid private key for this curve
  *
  * \param grp       Group used
  * \param d         Integer to check
  *
  * \return          0 if point is a valid private key,
- *                  POLARSSL_ERR_ECP_INVALID_KEY otherwise.
+ *                  MBEDTLS_ERR_ECP_INVALID_KEY otherwise.
  *
- * \note            Uses bare components rather than an ecp_keypair structure
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
  *                  in order to ease use with other structures such as
- *                  ecdh_context of ecdsa_context.
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
  */
-int ecp_check_privkey( const ecp_group *grp, const mpi *d );
+int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp, const mbedtls_mpi *d );
 
 /**
  * \brief           Generate a keypair
@@ -612,13 +612,13 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  *
- * \note            Uses bare components rather than an ecp_keypair structure
+ * \note            Uses bare components rather than an mbedtls_ecp_keypair structure
  *                  in order to ease use with other structures such as
- *                  ecdh_context of ecdsa_context.
+ *                  mbedtls_ecdh_context of mbedtls_ecdsa_context.
  */
-int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
+int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
                      int (*f_rng)(void *, unsigned char *, size_t),
                      void *p_rng );
 
@@ -631,9 +631,9 @@
  * \param p_rng     RNG parameter
  *
  * \return          0 if successful,
- *                  or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ *                  or a MBEDTLS_ERR_ECP_XXX or MBEDTLS_MPI_XXX error code
  */
-int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
+int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
 
 /**
@@ -643,18 +643,18 @@
  * \param prv       Keypair structure holding a private (plus public) key
  *
  * \return          0 if successfull (keys are valid and match), or
- *                  POLARSSL_ERR_ECP_BAD_INPUT_DATA, or
- *                  a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code.
+ *                  MBEDTLS_ERR_ECP_BAD_INPUT_DATA, or
+ *                  a MBEDTLS_ERR_ECP_XXX or MBEDTLS_ERR_MPI_XXX code.
  */
-int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv );
+int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
 
-#if defined(POLARSSL_SELF_TEST)
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int ecp_self_test( int verbose );
+int mbedtls_ecp_self_test( int verbose );
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index aa23a03..039664b 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -21,39 +21,39 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ENTROPY_H
-#define POLARSSL_ENTROPY_H
+#ifndef MBEDTLS_ENTROPY_H
+#define MBEDTLS_ENTROPY_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if defined(POLARSSL_SHA512_C) && !defined(POLARSSL_ENTROPY_FORCE_SHA256)
+#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
 #include "sha512.h"
-#define POLARSSL_ENTROPY_SHA512_ACCUMULATOR
+#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
 #else
-#if defined(POLARSSL_SHA256_C)
-#define POLARSSL_ENTROPY_SHA256_ACCUMULATOR
+#if defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
 #include "sha256.h"
 #endif
 #endif
 
-#if defined(POLARSSL_THREADING_C)
+#if defined(MBEDTLS_THREADING_C)
 #include "threading.h"
 #endif
 
-#if defined(POLARSSL_HAVEGE_C)
+#if defined(MBEDTLS_HAVEGE_C)
 #include "havege.h"
 #endif
 
-#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
-#define POLARSSL_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
-#define POLARSSL_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
-#define POLARSSL_ERR_ENTROPY_FILE_IO_ERROR                 -0x0058  /**< Read/write error in file. */
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C  /**< Critical entropy source failure. */
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E  /**< No more sources can be added. */
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040  /**< No sources have been added to poll. */
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x0058  /**< Read/write error in file. */
 
 /**
  * \name SECTION: Module settings
@@ -63,24 +63,24 @@
  * \{
  */
 
-#if !defined(ENTROPY_MAX_SOURCES)
-#define ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
+#if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
+#define MBEDTLS_ENTROPY_MAX_SOURCES     20      /**< Maximum number of sources supported */
 #endif
 
-#if !defined(ENTROPY_MAX_GATHER)
-#define ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
+#if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
+#define MBEDTLS_ENTROPY_MAX_GATHER      128     /**< Maximum amount requested from entropy sources */
 #endif
 
 /* \} name SECTION: Module settings */
 
-#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
-#define ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      64      /**< Block size of entropy accumulator (SHA-512) */
 #else
-#define ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
+#define MBEDTLS_ENTROPY_BLOCK_SIZE      32      /**< Block size of entropy accumulator (SHA-256) */
 #endif
 
-#define ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
-#define ENTROPY_SOURCE_MANUAL   ENTROPY_MAX_SOURCES
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024    /**< Maximum size of seed we read from seed file */
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
 
 #ifdef __cplusplus
 extern "C" {
@@ -95,9 +95,9 @@
  * \param olen      The actual amount of bytes put into the buffer (Can be 0)
  *
  * \return          0 if no critical failures occurred,
- *                  POLARSSL_ERR_ENTROPY_SOURCE_FAILED otherwise
+ *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
  */
-typedef int (*f_source_ptr)(void *data, unsigned char *output, size_t len,
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
                             size_t *olen);
 
 /**
@@ -105,90 +105,90 @@
  */
 typedef struct
 {
-    f_source_ptr    f_source;   /**< The entropy source callback */
+    mbedtls_entropy_f_source_ptr    f_source;   /**< The entropy source callback */
     void *          p_source;   /**< The callback data pointer */
     size_t          size;       /**< Amount received */
     size_t          threshold;  /**< Minimum level required before release */
 }
-source_state;
+mbedtls_entropy_source_state;
 
 /**
  * \brief           Entropy context structure
  */
 typedef struct
 {
-#if defined(POLARSSL_ENTROPY_SHA512_ACCUMULATOR)
-    sha512_context  accumulator;
+#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
+    mbedtls_sha512_context  accumulator;
 #else
-    sha256_context  accumulator;
+    mbedtls_sha256_context  accumulator;
 #endif
     int             source_count;
-    source_state    source[ENTROPY_MAX_SOURCES];
-#if defined(POLARSSL_HAVEGE_C)
-    havege_state    havege_data;
+    mbedtls_entropy_source_state    source[MBEDTLS_ENTROPY_MAX_SOURCES];
+#if defined(MBEDTLS_HAVEGE_C)
+    mbedtls_havege_state    havege_data;
 #endif
-#if defined(POLARSSL_THREADING_C)
-    threading_mutex_t mutex;    /*!< mutex                  */
+#if defined(MBEDTLS_THREADING_C)
+    mbedtls_threading_mutex_t mutex;    /*!< mutex                  */
 #endif
 }
-entropy_context;
+mbedtls_entropy_context;
 
 /**
  * \brief           Initialize the context
  *
  * \param ctx       Entropy context to initialize
  */
-void entropy_init( entropy_context *ctx );
+void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
 
 /**
  * \brief           Free the data in the context
  *
  * \param ctx       Entropy context to free
  */
-void entropy_free( entropy_context *ctx );
+void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
 
 /**
  * \brief           Adds an entropy source to poll
- *                  (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
  *
  * \param ctx       Entropy context
  * \param f_source  Entropy function
  * \param p_source  Function data
  * \param threshold Minimum required from source before entropy is released
- *                  ( with entropy_func() )
+ *                  ( with mbedtls_entropy_func() )
  *
- * \return          0 if successful or POLARSSL_ERR_ENTROPY_MAX_SOURCES
+ * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
  */
-int entropy_add_source( entropy_context *ctx,
-                        f_source_ptr f_source, void *p_source,
+int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
+                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
                         size_t threshold );
 
 /**
  * \brief           Trigger an extra gather poll for the accumulator
- *                  (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
  *
  * \param ctx       Entropy context
  *
- * \return          0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int entropy_gather( entropy_context *ctx );
+int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
 
 /**
  * \brief           Retrieve entropy from the accumulator
- *                  (Maximum length: ENTROPY_BLOCK_SIZE)
- *                  (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *                  (Maximum length: MBEDTLS_ENTROPY_BLOCK_SIZE)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
  *
  * \param data      Entropy context
  * \param output    Buffer to fill
- * \param len       Number of bytes desired, must be at most ENTROPY_BLOCK_SIZE
+ * \param len       Number of bytes desired, must be at most MBEDTLS_ENTROPY_BLOCK_SIZE
  *
- * \return          0 if successful, or POLARSSL_ERR_ENTROPY_SOURCE_FAILED
+ * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int entropy_func( void *data, unsigned char *output, size_t len );
+int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
 
 /**
  * \brief           Add data to the accumulator manually
- *                  (Thread-safe if POLARSSL_THREADING_C is enabled)
+ *                  (Thread-safe if MBEDTLS_THREADING_C is enabled)
  *
  * \param ctx       Entropy context
  * \param data      Data to add
@@ -196,10 +196,10 @@
  *
  * \return          0 if successful
  */
-int entropy_update_manual( entropy_context *ctx,
+int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
                            const unsigned char *data, size_t len );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /**
  * \brief               Write a seed file
  *
@@ -207,34 +207,34 @@
  * \param path          Name of the file
  *
  * \return              0 if successful,
- *                      POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error, or
- *                      POLARSSL_ERR_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int entropy_write_seed_file( entropy_context *ctx, const char *path );
+int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
 
 /**
  * \brief               Read and update a seed file. Seed is added to this
- *                      instance. No more than ENTROPY_MAX_SEED_SIZE bytes are
+ *                      instance. No more than MBEDTLS_ENTROPY_MAX_SEED_SIZE bytes are
  *                      read from the seed file. The rest is ignored.
  *
  * \param ctx           Entropy context
  * \param path          Name of the file
  *
  * \return              0 if successful,
- *                      POLARSSL_ERR_ENTROPY_FILE_IO_ERROR on file error,
- *                      POLARSSL_ERR_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
+ *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int entropy_update_seed_file( entropy_context *ctx, const char *path );
-#endif /* POLARSSL_FS_IO */
+int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
 
-#if defined(POLARSSL_SELF_TEST)
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int entropy_self_test( int verbose );
-#endif /* POLARSSL_SELF_TEST */
+int mbedtls_entropy_self_test( int verbose );
+#endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index 94b5a6e..34746f9 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ENTROPY_POLL_H
-#define POLARSSL_ENTROPY_POLL_H
+#ifndef MBEDTLS_ENTROPY_POLL_H
+#define MBEDTLS_ENTROPY_POLL_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,33 +39,33 @@
 /*
  * Default thresholds for built-in sources
  */
-#define ENTROPY_MIN_PLATFORM    128     /**< Minimum for platform source    */
-#define ENTROPY_MIN_HAVEGE      128     /**< Minimum for HAVEGE             */
-#define ENTROPY_MIN_HARDCLOCK    32     /**< Minimum for hardclock()        */
+#define MBEDTLS_ENTROPY_MIN_PLATFORM    128     /**< Minimum for platform source    */
+#define MBEDTLS_ENTROPY_MIN_HAVEGE      128     /**< Minimum for HAVEGE             */
+#define MBEDTLS_ENTROPY_MIN_HARDCLOCK    32     /**< Minimum for mbedtls_timing_hardclock()        */
 
-#if !defined(POLARSSL_NO_PLATFORM_ENTROPY)
+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
 /**
  * \brief           Platform-specific entropy poll callback
  */
-int platform_entropy_poll( void *data,
+int mbedtls_platform_entropy_poll( void *data,
                            unsigned char *output, size_t len, size_t *olen );
 #endif
 
-#if defined(POLARSSL_HAVEGE_C)
+#if defined(MBEDTLS_HAVEGE_C)
 /**
  * \brief           HAVEGE based entropy poll callback
  *
  * Requires an HAVEGE state as its data pointer.
  */
-int havege_poll( void *data,
+int mbedtls_havege_poll( void *data,
                  unsigned char *output, size_t len, size_t *olen );
 #endif
 
-#if defined(POLARSSL_TIMING_C)
+#if defined(MBEDTLS_TIMING_C)
 /**
- * \brief           hardclock-based entropy poll callback
+ * \brief           mbedtls_timing_hardclock-based entropy poll callback
  */
-int hardclock_poll( void *data,
+int mbedtls_hardclock_poll( void *data,
                     unsigned char *output, size_t len, size_t *olen );
 #endif
 
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index c6cd948..365c4cf 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_ERROR_H
-#define POLARSSL_ERROR_H
+#ifndef MBEDTLS_ERROR_H
+#define MBEDTLS_ERROR_H
 
 #include <stddef.h>
 
@@ -107,7 +107,7 @@
  * \param buffer    buffer to place representation in
  * \param buflen    length of the buffer
  */
-void polarssl_strerror( int errnum, char *buffer, size_t buflen );
+void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 5a94722..b193e66 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_GCM_H
-#define POLARSSL_GCM_H
+#ifndef MBEDTLS_GCM_H
+#define MBEDTLS_GCM_H
 
 #include "cipher.h"
 
@@ -34,11 +34,11 @@
 #include <stdint.h>
 #endif
 
-#define GCM_ENCRYPT     1
-#define GCM_DECRYPT     0
+#define MBEDTLS_GCM_ENCRYPT     1
+#define MBEDTLS_GCM_DECRYPT     0
 
-#define POLARSSL_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
-#define POLARSSL_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012  /**< Authenticated decryption failed. */
+#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014  /**< Bad input parameters to function. */
 
 #ifdef __cplusplus
 extern "C" {
@@ -48,7 +48,7 @@
  * \brief          GCM context structure
  */
 typedef struct {
-    cipher_context_t cipher_ctx;/*!< cipher context used */
+    mbedtls_cipher_context_t cipher_ctx;/*!< cipher context used */
     uint64_t HL[16];            /*!< Precalculated HTable */
     uint64_t HH[16];            /*!< Precalculated HTable */
     uint64_t len;               /*!< Total data length */
@@ -58,7 +58,7 @@
     unsigned char buf[16];      /*!< buf working value */
     int mode;                   /*!< Encrypt or Decrypt */
 }
-gcm_context;
+mbedtls_gcm_context;
 
 /**
  * \brief           GCM initialization (encryption)
@@ -70,7 +70,7 @@
  *
  * \return          0 if successful, or a cipher specific error code
  */
-int gcm_init( gcm_context *ctx, cipher_id_t cipher, const unsigned char *key,
+int mbedtls_gcm_init( mbedtls_gcm_context *ctx, mbedtls_cipher_id_t cipher, const unsigned char *key,
               unsigned int keysize );
 
 /**
@@ -82,7 +82,7 @@
  *       behind the input buffer.
  *
  * \param ctx       GCM context
- * \param mode      GCM_ENCRYPT or GCM_DECRYPT
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
  * \param length    length of the input data
  * \param iv        initialization vector
  * \param iv_len    length of IV
@@ -95,7 +95,7 @@
  *
  * \return         0 if successful
  */
-int gcm_crypt_and_tag( gcm_context *ctx,
+int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
                        int mode,
                        size_t length,
                        const unsigned char *iv,
@@ -126,9 +126,9 @@
  * \param output    buffer for holding the output data
  *
  * \return         0 if successful and authenticated,
- *                 POLARSSL_ERR_GCM_AUTH_FAILED if tag does not match
+ *                 MBEDTLS_ERR_GCM_AUTH_FAILED if tag does not match
  */
-int gcm_auth_decrypt( gcm_context *ctx,
+int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
                       size_t length,
                       const unsigned char *iv,
                       size_t iv_len,
@@ -143,7 +143,7 @@
  * \brief           Generic GCM stream start function
  *
  * \param ctx       GCM context
- * \param mode      GCM_ENCRYPT or GCM_DECRYPT
+ * \param mode      MBEDTLS_GCM_ENCRYPT or MBEDTLS_GCM_DECRYPT
  * \param iv        initialization vector
  * \param iv_len    length of IV
  * \param add       additional data (or NULL if length is 0)
@@ -151,7 +151,7 @@
  *
  * \return         0 if successful
  */
-int gcm_starts( gcm_context *ctx,
+int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
                 int mode,
                 const unsigned char *iv,
                 size_t iv_len,
@@ -161,7 +161,7 @@
 /**
  * \brief           Generic GCM update function. Encrypts/decrypts using the
  *                  given GCM context. Expects input to be a multiple of 16
- *                  bytes! Only the last call before gcm_finish() can be less
+ *                  bytes! Only the last call before mbedtls_gcm_finish() can be less
  *                  than 16 bytes!
  *
  * \note On decryption, the output buffer cannot be the same as input buffer.
@@ -173,9 +173,9 @@
  * \param input     buffer holding the input data
  * \param output    buffer for holding the output data
  *
- * \return         0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
+ * \return         0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
  */
-int gcm_update( gcm_context *ctx,
+int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
                 size_t length,
                 const unsigned char *input,
                 unsigned char *output );
@@ -189,9 +189,9 @@
  * \param tag       buffer for holding the tag (may be NULL if tag_len is 0)
  * \param tag_len   length of the tag to generate
  *
- * \return          0 if successful or POLARSSL_ERR_GCM_BAD_INPUT
+ * \return          0 if successful or MBEDTLS_ERR_GCM_BAD_INPUT
  */
-int gcm_finish( gcm_context *ctx,
+int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
                 unsigned char *tag,
                 size_t tag_len );
 
@@ -200,14 +200,14 @@
  *
  * \param ctx       GCM context to free
  */
-void gcm_free( gcm_context *ctx );
+void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
 
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int gcm_self_test( int verbose );
+int mbedtls_gcm_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/havege.h b/include/mbedtls/havege.h
index 825a1da..76538e9 100644
--- a/include/mbedtls/havege.h
+++ b/include/mbedtls/havege.h
@@ -21,12 +21,12 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_HAVEGE_H
-#define POLARSSL_HAVEGE_H
+#ifndef MBEDTLS_HAVEGE_H
+#define MBEDTLS_HAVEGE_H
 
 #include <stddef.h>
 
-#define COLLECT_SIZE 1024
+#define MBEDTLS_HAVEGE_COLLECT_SIZE 1024
 
 #ifdef __cplusplus
 extern "C" {
@@ -38,24 +38,24 @@
 typedef struct
 {
     int PT1, PT2, offset[2];
-    int pool[COLLECT_SIZE];
+    int pool[MBEDTLS_HAVEGE_COLLECT_SIZE];
     int WALK[8192];
 }
-havege_state;
+mbedtls_havege_state;
 
 /**
  * \brief          HAVEGE initialization
  *
  * \param hs       HAVEGE state to be initialized
  */
-void havege_init( havege_state *hs );
+void mbedtls_havege_init( mbedtls_havege_state *hs );
 
 /**
  * \brief          Clear HAVEGE state
  *
  * \param hs       HAVEGE state to be cleared
  */
-void havege_free( havege_state *hs );
+void mbedtls_havege_free( mbedtls_havege_state *hs );
 
 /**
  * \brief          HAVEGE rand function
@@ -66,7 +66,7 @@
  *
  * \return         0
  */
-int havege_random( void *p_rng, unsigned char *output, size_t len );
+int mbedtls_havege_random( void *p_rng, unsigned char *output, size_t len );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 0fe7b03..e1244bb 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -21,18 +21,18 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_HMAC_DRBG_H
-#define POLARSSL_HMAC_DRBG_H
+#ifndef MBEDTLS_HMAC_DRBG_H
+#define MBEDTLS_HMAC_DRBG_H
 
 #include "md.h"
 
 /*
  * Error codes
  */
-#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
-#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
-#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
-#define POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003  /**< Too many random requested in single call. */
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005  /**< Input too large (Entropy + additional). */
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007  /**< Read/write error in file. */
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009  /**< The entropy source failed. */
 
 /**
  * \name SECTION: Module settings
@@ -42,26 +42,26 @@
  * \{
  */
 
-#if !defined(POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
-#define POLARSSL_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
+#if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
+#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000   /**< Interval before reseed is performed by default */
 #endif
 
-#if !defined(POLARSSL_HMAC_DRBG_MAX_INPUT)
-#define POLARSSL_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256     /**< Maximum number of additional input bytes */
 #endif
 
-#if !defined(POLARSSL_HMAC_DRBG_MAX_REQUEST)
-#define POLARSSL_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
+#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024    /**< Maximum number of requested bytes per call */
 #endif
 
-#if !defined(POLARSSL_HMAC_DRBG_MAX_SEED_INPUT)
-#define POLARSSL_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
+#if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
+#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384     /**< Maximum size of (re)seed buffer */
 #endif
 
 /* \} name SECTION: Module settings */
 
-#define POLARSSL_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
-#define POLARSSL_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
+#define MBEDTLS_HMAC_DRBG_PR_OFF   0   /**< No prediction resistance       */
+#define MBEDTLS_HMAC_DRBG_PR_ON    1   /**< Prediction resistance enabled  */
 
 #ifdef __cplusplus
 extern "C" {
@@ -74,8 +74,8 @@
 {
     /* Working state: the key K is not stored explicitely,
      * but is implied by the HMAC context */
-    md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
-    unsigned char V[POLARSSL_MD_MAX_SIZE];  /*!< V in the spec          */
+    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
+    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
     int reseed_counter;                     /*!< reseed counter         */
 
     /* Administrative state */
@@ -87,7 +87,7 @@
     /* Callbacks */
     int (*f_entropy)(void *, unsigned char *, size_t); /*!< entropy function */
     void *p_entropy;            /*!< context for the entropy function        */
-} hmac_drbg_context;
+} mbedtls_hmac_drbg_context;
 
 /**
  * \brief               HMAC_DRBG initialisation
@@ -108,12 +108,12 @@
  *                      Note that SHA-256 is just as efficient as SHA-224.
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_MD_BAD_INPUT_DATA, or
- *                      POLARSSL_ERR_MD_ALLOC_FAILED, or
- *                      POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED.
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED.
  */
-int hmac_drbg_init( hmac_drbg_context *ctx,
-                    const md_info_t * md_info,
+int mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx,
+                    const mbedtls_md_info_t * md_info,
                     int (*f_entropy)(void *, unsigned char *, size_t),
                     void *p_entropy,
                     const unsigned char *custom,
@@ -129,11 +129,11 @@
  * \param data_len      Length of data in bytes
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_MD_BAD_INPUT_DATA, or
- *                      POLARSSL_ERR_MD_ALLOC_FAILED.
+ *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
  */
-int hmac_drbg_init_buf( hmac_drbg_context *ctx,
-                        const md_info_t * md_info,
+int mbedtls_hmac_drbg_init_buf( mbedtls_hmac_drbg_context *ctx,
+                        const mbedtls_md_info_t * md_info,
                         const unsigned char *data, size_t data_len );
 
 /**
@@ -143,30 +143,30 @@
  *       Only use this if you have ample supply of good entropy!
  *
  * \param ctx           HMAC_DRBG context
- * \param resistance    POLARSSL_HMAC_DRBG_PR_ON or POLARSSL_HMAC_DRBG_PR_OFF
+ * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
  */
-void hmac_drbg_set_prediction_resistance( hmac_drbg_context *ctx,
+void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
                                           int resistance );
 
 /**
  * \brief               Set the amount of entropy grabbed on each reseed
  *                      (Default: given by the security strength, which
- *                      depends on the hash used, see \c hmac_drbg_init() )
+ *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
  *
  * \param ctx           HMAC_DRBG context
  * \param len           Amount of entropy to grab, in bytes
  */
-void hmac_drbg_set_entropy_len( hmac_drbg_context *ctx,
+void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
                                 size_t len );
 
 /**
  * \brief               Set the reseed interval
- *                      (Default: POLARSSL_HMAC_DRBG_RESEED_INTERVAL)
+ *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
  *
  * \param ctx           HMAC_DRBG context
  * \param interval      Reseed interval
  */
-void hmac_drbg_set_reseed_interval( hmac_drbg_context *ctx,
+void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
                                     int interval );
 
 /**
@@ -179,7 +179,7 @@
  * \note                Additional data is optional, pass NULL and 0 as second
  *                      third argument if no additional data is being used.
  */
-void hmac_drbg_update( hmac_drbg_context *ctx,
+void mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
                        const unsigned char *additional, size_t add_len );
 
 /**
@@ -190,9 +190,9 @@
  * \param len           Length of additional data
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
  */
-int hmac_drbg_reseed( hmac_drbg_context *ctx,
+int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
                       const unsigned char *additional, size_t len );
 
 /**
@@ -207,11 +207,11 @@
  * \param add_len       Length of additional data (can be 0)
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
- *                      POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
  */
-int hmac_drbg_random_with_add( void *p_rng,
+int mbedtls_hmac_drbg_random_with_add( void *p_rng,
                                unsigned char *output, size_t output_len,
                                const unsigned char *additional,
                                size_t add_len );
@@ -226,19 +226,19 @@
  * \param out_len       Length of the buffer
  *
  * \return              0 if successful, or
- *                      POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
- *                      POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
  */
-int hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
 
 /**
  * \brief               Free an HMAC_DRBG context
  *
  * \param ctx           HMAC_DRBG context to free.
  */
-void hmac_drbg_free( hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /**
  * \brief               Write a seed file
  *
@@ -246,9 +246,9 @@
  * \param path          Name of the file
  *
  * \return              0 if successful, 1 on file error, or
- *                      POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
  */
-int hmac_drbg_write_seed_file( hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
 
 /**
  * \brief               Read and update a seed file. Seed is added to this
@@ -258,20 +258,20 @@
  * \param path          Name of the file
  *
  * \return              0 if successful, 1 on file error,
- *                      POLARSSL_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
- *                      POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
  */
-int hmac_drbg_update_seed_file( hmac_drbg_context *ctx, const char *path );
-#endif /* POLARSSL_FS_IO */
+int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
 
 
-#if defined(POLARSSL_SELF_TEST)
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief               Checkup routine
  *
  * \return              0 if successful, or 1 if the test failed
  */
-int hmac_drbg_self_test( int verbose );
+int mbedtls_hmac_drbg_self_test( int verbose );
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index 74534f5..f72dba1 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -1,5 +1,5 @@
 /**
- * \file md.h
+ * \file mbedtls_md.h
  *
  * \brief Generic message digest wrapper
  *
@@ -23,8 +23,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MD_H
-#define POLARSSL_MD_H
+#ifndef MBEDTLS_MD_H
+#define MBEDTLS_MD_H
 
 #include <stddef.h>
 
@@ -36,52 +36,52 @@
 #endif /* __ARMCC_VERSION */
 #endif /*_MSC_VER */
 
-#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
-#define POLARSSL_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
-#define POLARSSL_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080  /**< The selected feature is not available. */
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200  /**< Opening or reading of file failed. */
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 typedef enum {
-    POLARSSL_MD_NONE=0,
-    POLARSSL_MD_MD2,
-    POLARSSL_MD_MD4,
-    POLARSSL_MD_MD5,
-    POLARSSL_MD_SHA1,
-    POLARSSL_MD_SHA224,
-    POLARSSL_MD_SHA256,
-    POLARSSL_MD_SHA384,
-    POLARSSL_MD_SHA512,
-    POLARSSL_MD_RIPEMD160,
-} md_type_t;
+    MBEDTLS_MD_NONE=0,
+    MBEDTLS_MD_MD2,
+    MBEDTLS_MD_MD4,
+    MBEDTLS_MD_MD5,
+    MBEDTLS_MD_SHA1,
+    MBEDTLS_MD_SHA224,
+    MBEDTLS_MD_SHA256,
+    MBEDTLS_MD_SHA384,
+    MBEDTLS_MD_SHA512,
+    MBEDTLS_MD_RIPEMD160,
+} mbedtls_md_type_t;
 
-#if defined(POLARSSL_SHA512_C)
-#define POLARSSL_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#if defined(MBEDTLS_SHA512_C)
+#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
 #else
-#define POLARSSL_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
 #endif
 
 /**
  * Opaque struct defined in md_wrap.h
  */
-typedef struct _md_info_t md_info_t;
+typedef struct mbedtls_md_info_t mbedtls_md_info_t;
 
 /**
  * Generic message digest context.
  */
 typedef struct {
     /** Information about the associated message digest */
-    const md_info_t *md_info;
+    const mbedtls_md_info_t *md_info;
 
     /** Digest-specific context */
     void *md_ctx;
 
     /** HMAC part of the context */
     void *hmac_ctx;
-} md_context_t;
+} mbedtls_md_context_t;
 
 /**
  * \brief Returns the list of digests supported by the generic digest module.
@@ -89,7 +89,7 @@
  * \return          a statically allocated array of digests, the last entry
  *                  is 0.
  */
-const int *md_list( void );
+const int *mbedtls_md_list( void );
 
 /**
  * \brief           Returns the message digest information associated with the
@@ -100,7 +100,7 @@
  * \return          The message digest information associated with md_name or
  *                  NULL if not found.
  */
-const md_info_t *md_info_from_string( const char *md_name );
+const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
 
 /**
  * \brief           Returns the message digest information associated with the
@@ -111,50 +111,50 @@
  * \return          The message digest information associated with md_type or
  *                  NULL if not found.
  */
-const md_info_t *md_info_from_type( md_type_t md_type );
+const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
 
 /**
  * \brief           Initialize a md_context (as NONE)
  *                  This should always be called first.
- *                  Prepares the context for md_setup() or md_free().
+ *                  Prepares the context for mbedtls_md_setup() or mbedtls_md_free().
  */
-void md_init( md_context_t *ctx );
+void mbedtls_md_init( mbedtls_md_context_t *ctx );
 
 /**
  * \brief           Free and clear the internal structures of ctx.
- *                  Can be called at any time after md_init().
- *                  Mandatory once md_setup() has been called.
+ *                  Can be called at any time after mbedtls_md_init().
+ *                  Mandatory once mbedtls_md_setup() has been called.
  */
-void md_free( md_context_t *ctx );
+void mbedtls_md_free( mbedtls_md_context_t *ctx );
 
-#if ! defined(POLARSSL_DEPRECATED_REMOVED)
-#if defined(POLARSSL_DEPRECATED_WARNING)
-#define DEPRECATED    __attribute__((deprecated))
+#if ! defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED    __attribute__((deprecated))
 #else
-#define DEPRECATED
+#define MBEDTLS_DEPRECATED
 #endif
 /**
  * \brief           Select MD to use and allocate internal structures.
- *                  Should be called after md_init() or md_free().
- *                  Makes it necessary to call md_free() later.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
  *
- * \deprecated      Superseded by md_setup() in 2.0.0
+ * \deprecated      Superseded by mbedtls_md_setup() in 2.0.0
  *
  * \param ctx       Context to set up.
  * \param md_info   Message digest to use.
  *
  * \returns         \c 0 on success,
- *                  \c POLARSSL_ERR_MD_BAD_INPUT_DATA on parameter failure,
- *                  \c POLARSSL_ERR_MD_ALLOC_FAILED memory allocation failure.
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
  */
-int md_init_ctx( md_context_t *ctx, const md_info_t *md_info ) DEPRECATED;
-#undef DEPRECATED
-#endif /* POLARSSL_DEPRECATED_REMOVED */
+int mbedtls_md_init_ctx( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info ) MBEDTLS_DEPRECATED;
+#undef MBEDTLS_DEPRECATED
+#endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 /**
  * \brief           Select MD to use and allocate internal structures.
- *                  Should be called after md_init() or md_free().
- *                  Makes it necessary to call md_free() later.
+ *                  Should be called after mbedtls_md_init() or mbedtls_md_free().
+ *                  Makes it necessary to call mbedtls_md_free() later.
  *
  * \param ctx       Context to set up.
  * \param md_info   Message digest to use.
@@ -162,10 +162,10 @@
  *                  non-zero is HMAC is going to be used with this context.
  *
  * \returns         \c 0 on success,
- *                  \c POLARSSL_ERR_MD_BAD_INPUT_DATA on parameter failure,
- *                  \c POLARSSL_ERR_MD_ALLOC_FAILED memory allocation failure.
+ *                  \c MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter failure,
+ *                  \c MBEDTLS_ERR_MD_ALLOC_FAILED memory allocation failure.
  */
-int md_setup( md_context_t *ctx, const md_info_t *md_info, int hmac );
+int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
 
 /**
  * \brief           Returns the size of the message digest output.
@@ -174,7 +174,7 @@
  *
  * \return          size of the message digest output.
  */
-unsigned char md_get_size( const md_info_t *md_info );
+unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
 
 /**
  * \brief           Returns the type of the message digest output.
@@ -183,7 +183,7 @@
  *
  * \return          type of the message digest output.
  */
-md_type_t md_get_type( const md_info_t *md_info );
+mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
 
 /**
  * \brief           Returns the name of the message digest output.
@@ -192,46 +192,46 @@
  *
  * \return          name of the message digest output.
  */
-const char *md_get_name( const md_info_t *md_info );
+const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
 
 /**
  * \brief           Prepare the context to digest a new message.
- *                  Generally called after md_setup() or md_finish().
- *                  Followed by md_update().
+ *                  Generally called after mbedtls_md_setup() or mbedtls_md_finish().
+ *                  Followed by mbedtls_md_update().
  *
  * \param ctx       generic message digest context.
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_starts( md_context_t *ctx );
+int mbedtls_md_starts( mbedtls_md_context_t *ctx );
 
 /**
  * \brief           Generic message digest process buffer
- *                  Called between md_starts() and md_finish().
+ *                  Called between mbedtls_md_starts() and mbedtls_md_finish().
  *                  May be called repeatedly.
  *
  * \param ctx       Generic message digest context
  * \param input     buffer holding the  datal
  * \param ilen      length of the input data
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_update( md_context_t *ctx, const unsigned char *input, size_t ilen );
+int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief           Generic message digest final digest
- *                  Called after md_update().
- *                  Usually followed by md_free() or md_starts().
+ *                  Called after mbedtls_md_update().
+ *                  Usually followed by mbedtls_md_free() or mbedtls_md_starts().
  *
  * \param ctx       Generic message digest context
  * \param output    Generic message digest checksum result
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_finish( md_context_t *ctx, unsigned char *output );
+int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
 
 /**
  * \brief          Output = message_digest( input buffer )
@@ -241,10 +241,10 @@
  * \param ilen     length of the input data
  * \param output   Generic message digest checksum result
  *
- * \returns        0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                 verification fails.
  */
-int md( const md_info_t *md_info, const unsigned char *input, size_t ilen,
+int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
         unsigned char *output );
 
 /**
@@ -255,66 +255,66 @@
  * \param output   generic message digest checksum result
  *
  * \return         0 if successful,
- *                 POLARSSL_ERR_MD_FILE_IO_ERROR if file input failed,
- *                 POLARSSL_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
+ *                 MBEDTLS_ERR_MD_FILE_IO_ERROR if file input failed,
+ *                 MBEDTLS_ERR_MD_BAD_INPUT_DATA if md_info was NULL.
  */
-int md_file( const md_info_t *md_info, const char *path,
+int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
              unsigned char *output );
 
 /**
  * \brief           Set HMAC key and prepare to authenticate a new message.
- *                  Usually called after md_setup() or md_hmac_finish().
+ *                  Usually called after mbedtls_md_setup() or mbedtls_md_hmac_finish().
  *
  * \param ctx       HMAC context
  * \param key       HMAC secret key
  * \param keylen    length of the HMAC key
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_hmac_starts( md_context_t *ctx, const unsigned char *key,
+int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
                     size_t keylen );
 
 /**
  * \brief           Generic HMAC process buffer.
- *                  Called between md_hmac_starts() or md_hmac_reset()
- *                  and md_hmac_finish().
+ *                  Called between mbedtls_md_hmac_starts() or mbedtls_md_hmac_reset()
+ *                  and mbedtls_md_hmac_finish().
  *                  May be called repeatedly.
  *
  * \param ctx       HMAC context
  * \param input     buffer holding the  data
  * \param ilen      length of the input data
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_hmac_update( md_context_t *ctx, const unsigned char *input,
+int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
                     size_t ilen );
 
 /**
  * \brief           Output HMAC.
- *                  Called after md_hmac_update().
- *                  Usually followed my md_hmac_reset(), md_hmac_starts(),
- *                  or md_free().
+ *                  Called after mbedtls_md_hmac_update().
+ *                  Usually followed my mbedtls_md_hmac_reset(), mbedtls_md_hmac_starts(),
+ *                  or mbedtls_md_free().
  *
  * \param ctx       HMAC context
  * \param output    Generic HMAC checksum result
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_hmac_finish( md_context_t *ctx, unsigned char *output);
+int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
 
 /**
  * \brief           Prepare to authenticate a new message with the same key.
- *                  Called after md_hmac_finish() and before md_hmac_update().
+ *                  Called after mbedtls_md_hmac_finish() and before mbedtls_md_hmac_update().
  *
  * \param ctx       HMAC context to be reset
  *
- * \returns         0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns         0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                  verification fails.
  */
-int md_hmac_reset( md_context_t *ctx );
+int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
 
 /**
  * \brief          Output = Generic_HMAC( hmac key, input buffer )
@@ -326,18 +326,18 @@
  * \param ilen     length of the input data
  * \param output   Generic HMAC-result
  *
- * \returns        0 on success, POLARSSL_ERR_MD_BAD_INPUT_DATA if parameter
+ * \returns        0 on success, MBEDTLS_ERR_MD_BAD_INPUT_DATA if parameter
  *                 verification fails.
  */
-int md_hmac( const md_info_t *md_info, const unsigned char *key, size_t keylen,
+int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
                 const unsigned char *input, size_t ilen,
                 unsigned char *output );
 
 /* Internal use */
-int md_process( md_context_t *ctx, const unsigned char *data );
+int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_MD_H */
+#endif /* MBEDTLS_MD_H */
diff --git a/include/mbedtls/md2.h b/include/mbedtls/md2.h
index af400db..7c1cfc5 100644
--- a/include/mbedtls/md2.h
+++ b/include/mbedtls/md2.h
@@ -1,5 +1,5 @@
 /**
- * \file md2.h
+ * \file mbedtls_md2.h
  *
  * \brief MD2 message digest algorithm (hash function)
  *
@@ -21,20 +21,20 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MD2_H
-#define POLARSSL_MD2_H
+#ifndef MBEDTLS_MD2_H
+#define MBEDTLS_MD2_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#define POLARSSL_ERR_MD2_FILE_IO_ERROR                 -0x0070  /**< Read/write error in file. */
+#define MBEDTLS_ERR_MD2_FILE_IO_ERROR                 -0x0070  /**< Read/write error in file. */
 
-#if !defined(POLARSSL_MD2_ALT)
+#if !defined(MBEDTLS_MD2_ALT)
 // Regular implementation
 //
 
@@ -52,28 +52,28 @@
     unsigned char buffer[16];   /*!< data block being processed */
     size_t left;                /*!< amount of data in buffer   */
 }
-md2_context;
+mbedtls_md2_context;
 
 /**
  * \brief          Initialize MD2 context
  *
  * \param ctx      MD2 context to be initialized
  */
-void md2_init( md2_context *ctx );
+void mbedtls_md2_init( mbedtls_md2_context *ctx );
 
 /**
  * \brief          Clear MD2 context
  *
  * \param ctx      MD2 context to be cleared
  */
-void md2_free( md2_context *ctx );
+void mbedtls_md2_free( mbedtls_md2_context *ctx );
 
 /**
  * \brief          MD2 context setup
  *
  * \param ctx      context to be initialized
  */
-void md2_starts( md2_context *ctx );
+void mbedtls_md2_starts( mbedtls_md2_context *ctx );
 
 /**
  * \brief          MD2 process buffer
@@ -82,7 +82,7 @@
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md2_update( md2_context *ctx, const unsigned char *input, size_t ilen );
+void mbedtls_md2_update( mbedtls_md2_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD2 final digest
@@ -90,15 +90,15 @@
  * \param ctx      MD2 context
  * \param output   MD2 checksum result
  */
-void md2_finish( md2_context *ctx, unsigned char output[16] );
+void mbedtls_md2_finish( mbedtls_md2_context *ctx, unsigned char output[16] );
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_MD2_ALT */
+#else  /* MBEDTLS_MD2_ALT */
 #include "md2_alt.h"
-#endif /* POLARSSL_MD2_ALT */
+#endif /* MBEDTLS_MD2_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -111,7 +111,7 @@
  * \param ilen     length of the input data
  * \param output   MD2 checksum result
  */
-void md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
+void mbedtls_md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD2( file contents )
@@ -119,22 +119,22 @@
  * \param path     input file name
  * \param output   MD2 checksum result
  *
- * \return         0 if successful, or POLARSSL_ERR_MD2_FILE_IO_ERROR
+ * \return         0 if successful, or MBEDTLS_ERR_MD2_FILE_IO_ERROR
  */
-int md2_file( const char *path, unsigned char output[16] );
+int mbedtls_md2_file( const char *path, unsigned char output[16] );
 
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int md2_self_test( int verbose );
+int mbedtls_md2_self_test( int verbose );
 
 /* Internal use */
-void md2_process( md2_context *ctx );
+void mbedtls_md2_process( mbedtls_md2_context *ctx );
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* md2.h */
+#endif /* mbedtls_md2.h */
diff --git a/include/mbedtls/md4.h b/include/mbedtls/md4.h
index 30b904c..d54b4c7 100644
--- a/include/mbedtls/md4.h
+++ b/include/mbedtls/md4.h
@@ -1,5 +1,5 @@
 /**
- * \file md4.h
+ * \file mbedtls_md4.h
  *
  * \brief MD4 message digest algorithm (hash function)
  *
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MD4_H
-#define POLARSSL_MD4_H
+#ifndef MBEDTLS_MD4_H
+#define MBEDTLS_MD4_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,9 +39,9 @@
 #include <inttypes.h>
 #endif
 
-#define POLARSSL_ERR_MD4_FILE_IO_ERROR                 -0x0072  /**< Read/write error in file. */
+#define MBEDTLS_ERR_MD4_FILE_IO_ERROR                 -0x0072  /**< Read/write error in file. */
 
-#if !defined(POLARSSL_MD4_ALT)
+#if !defined(MBEDTLS_MD4_ALT)
 // Regular implementation
 //
 
@@ -58,28 +58,28 @@
     uint32_t state[4];          /*!< intermediate digest state  */
     unsigned char buffer[64];   /*!< data block being processed */
 }
-md4_context;
+mbedtls_md4_context;
 
 /**
  * \brief          Initialize MD4 context
  *
  * \param ctx      MD4 context to be initialized
  */
-void md4_init( md4_context *ctx );
+void mbedtls_md4_init( mbedtls_md4_context *ctx );
 
 /**
  * \brief          Clear MD4 context
  *
  * \param ctx      MD4 context to be cleared
  */
-void md4_free( md4_context *ctx );
+void mbedtls_md4_free( mbedtls_md4_context *ctx );
 
 /**
  * \brief          MD4 context setup
  *
  * \param ctx      context to be initialized
  */
-void md4_starts( md4_context *ctx );
+void mbedtls_md4_starts( mbedtls_md4_context *ctx );
 
 /**
  * \brief          MD4 process buffer
@@ -88,7 +88,7 @@
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md4_update( md4_context *ctx, const unsigned char *input, size_t ilen );
+void mbedtls_md4_update( mbedtls_md4_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD4 final digest
@@ -96,15 +96,15 @@
  * \param ctx      MD4 context
  * \param output   MD4 checksum result
  */
-void md4_finish( md4_context *ctx, unsigned char output[16] );
+void mbedtls_md4_finish( mbedtls_md4_context *ctx, unsigned char output[16] );
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_MD4_ALT */
+#else  /* MBEDTLS_MD4_ALT */
 #include "md4_alt.h"
-#endif /* POLARSSL_MD4_ALT */
+#endif /* MBEDTLS_MD4_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -117,7 +117,7 @@
  * \param ilen     length of the input data
  * \param output   MD4 checksum result
  */
-void md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
+void mbedtls_md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD4( file contents )
@@ -125,22 +125,22 @@
  * \param path     input file name
  * \param output   MD4 checksum result
  *
- * \return         0 if successful, or POLARSSL_ERR_MD4_FILE_IO_ERROR
+ * \return         0 if successful, or MBEDTLS_ERR_MD4_FILE_IO_ERROR
  */
-int md4_file( const char *path, unsigned char output[16] );
+int mbedtls_md4_file( const char *path, unsigned char output[16] );
 
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int md4_self_test( int verbose );
+int mbedtls_md4_self_test( int verbose );
 
 /* Internal use */
-void md4_process( md4_context *ctx, const unsigned char data[64] );
+void mbedtls_md4_process( mbedtls_md4_context *ctx, const unsigned char data[64] );
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* md4.h */
+#endif /* mbedtls_md4.h */
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index aa649ea..aeed279 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -1,5 +1,5 @@
 /**
- * \file md5.h
+ * \file mbedtls_md5.h
  *
  * \brief MD5 message digest algorithm (hash function)
  *
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MD5_H
-#define POLARSSL_MD5_H
+#ifndef MBEDTLS_MD5_H
+#define MBEDTLS_MD5_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -39,9 +39,9 @@
 #include <inttypes.h>
 #endif
 
-#define POLARSSL_ERR_MD5_FILE_IO_ERROR                 -0x0074  /**< Read/write error in file. */
+#define MBEDTLS_ERR_MD5_FILE_IO_ERROR                 -0x0074  /**< Read/write error in file. */
 
-#if !defined(POLARSSL_MD5_ALT)
+#if !defined(MBEDTLS_MD5_ALT)
 // Regular implementation
 //
 
@@ -58,28 +58,28 @@
     uint32_t state[4];          /*!< intermediate digest state  */
     unsigned char buffer[64];   /*!< data block being processed */
 }
-md5_context;
+mbedtls_md5_context;
 
 /**
  * \brief          Initialize MD5 context
  *
  * \param ctx      MD5 context to be initialized
  */
-void md5_init( md5_context *ctx );
+void mbedtls_md5_init( mbedtls_md5_context *ctx );
 
 /**
  * \brief          Clear MD5 context
  *
  * \param ctx      MD5 context to be cleared
  */
-void md5_free( md5_context *ctx );
+void mbedtls_md5_free( mbedtls_md5_context *ctx );
 
 /**
  * \brief          MD5 context setup
  *
  * \param ctx      context to be initialized
  */
-void md5_starts( md5_context *ctx );
+void mbedtls_md5_starts( mbedtls_md5_context *ctx );
 
 /**
  * \brief          MD5 process buffer
@@ -88,7 +88,7 @@
  * \param input    buffer holding the  data
  * \param ilen     length of the input data
  */
-void md5_update( md5_context *ctx, const unsigned char *input, size_t ilen );
+void mbedtls_md5_update( mbedtls_md5_context *ctx, const unsigned char *input, size_t ilen );
 
 /**
  * \brief          MD5 final digest
@@ -96,18 +96,18 @@
  * \param ctx      MD5 context
  * \param output   MD5 checksum result
  */
-void md5_finish( md5_context *ctx, unsigned char output[16] );
+void mbedtls_md5_finish( mbedtls_md5_context *ctx, unsigned char output[16] );
 
 /* Internal use */
-void md5_process( md5_context *ctx, const unsigned char data[64] );
+void mbedtls_md5_process( mbedtls_md5_context *ctx, const unsigned char data[64] );
 
 #ifdef __cplusplus
 }
 #endif
 
-#else  /* POLARSSL_MD5_ALT */
+#else  /* MBEDTLS_MD5_ALT */
 #include "md5_alt.h"
-#endif /* POLARSSL_MD5_ALT */
+#endif /* MBEDTLS_MD5_ALT */
 
 #ifdef __cplusplus
 extern "C" {
@@ -120,7 +120,7 @@
  * \param ilen     length of the input data
  * \param output   MD5 checksum result
  */
-void md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
+void mbedtls_md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
 
 /**
  * \brief          Output = MD5( file contents )
@@ -128,19 +128,19 @@
  * \param path     input file name
  * \param output   MD5 checksum result
  *
- * \return         0 if successful, or POLARSSL_ERR_MD5_FILE_IO_ERROR
+ * \return         0 if successful, or MBEDTLS_ERR_MD5_FILE_IO_ERROR
  */
-int md5_file( const char *path, unsigned char output[16] );
+int mbedtls_md5_file( const char *path, unsigned char output[16] );
 
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int md5_self_test( int verbose );
+int mbedtls_md5_self_test( int verbose );
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* md5.h */
+#endif /* mbedtls_md5.h */
diff --git a/include/mbedtls/md_wrap.h b/include/mbedtls/md_wrap.h
index 94d9145..219d0fa 100644
--- a/include/mbedtls/md_wrap.h
+++ b/include/mbedtls/md_wrap.h
@@ -25,13 +25,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MD_WRAP_H
-#define POLARSSL_MD_WRAP_H
+#ifndef MBEDTLS_MD_WRAP_H
+#define MBEDTLS_MD_WRAP_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "md.h"
@@ -44,10 +44,10 @@
  * Message digest information.
  * Allows message digest functions to be called in a generic way.
  */
-struct _md_info_t
+struct mbedtls_md_info_t
 {
     /** Digest identifier */
-    md_type_t type;
+    mbedtls_md_type_t type;
 
     /** Name of the message digest */
     const char * name;
@@ -84,32 +84,32 @@
     void (*process_func)( void *ctx, const unsigned char *input );
 };
 
-#if defined(POLARSSL_MD2_C)
-extern const md_info_t md2_info;
+#if defined(MBEDTLS_MD2_C)
+extern const mbedtls_md_info_t mbedtls_md2_info;
 #endif
-#if defined(POLARSSL_MD4_C)
-extern const md_info_t md4_info;
+#if defined(MBEDTLS_MD4_C)
+extern const mbedtls_md_info_t mbedtls_md4_info;
 #endif
-#if defined(POLARSSL_MD5_C)
-extern const md_info_t md5_info;
+#if defined(MBEDTLS_MD5_C)
+extern const mbedtls_md_info_t mbedtls_md5_info;
 #endif
-#if defined(POLARSSL_RIPEMD160_C)
-extern const md_info_t ripemd160_info;
+#if defined(MBEDTLS_RIPEMD160_C)
+extern const mbedtls_md_info_t mbedtls_ripemd160_info;
 #endif
-#if defined(POLARSSL_SHA1_C)
-extern const md_info_t sha1_info;
+#if defined(MBEDTLS_SHA1_C)
+extern const mbedtls_md_info_t mbedtls_sha1_info;
 #endif
-#if defined(POLARSSL_SHA256_C)
-extern const md_info_t sha224_info;
-extern const md_info_t sha256_info;
+#if defined(MBEDTLS_SHA256_C)
+extern const mbedtls_md_info_t mbedtls_sha224_info;
+extern const mbedtls_md_info_t mbedtls_sha256_info;
 #endif
-#if defined(POLARSSL_SHA512_C)
-extern const md_info_t sha384_info;
-extern const md_info_t sha512_info;
+#if defined(MBEDTLS_SHA512_C)
+extern const mbedtls_md_info_t mbedtls_sha384_info;
+extern const mbedtls_md_info_t mbedtls_sha512_info;
 #endif
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_MD_WRAP_H */
+#endif /* MBEDTLS_MD_WRAP_H */
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 128c6f3..23f0500 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_MEMORY_BUFFER_ALLOC_H
-#define POLARSSL_MEMORY_BUFFER_ALLOC_H
+#ifndef MBEDTLS_MEMORY_BUFFER_ALLOC_H
+#define MBEDTLS_MEMORY_BUFFER_ALLOC_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
@@ -40,16 +40,16 @@
  * \{
  */
 
-#if !defined(POLARSSL_MEMORY_ALIGN_MULTIPLE)
-#define POLARSSL_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
+#if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
+#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4 /**< Align on multiples of this value */
 #endif
 
 /* \} name SECTION: Module settings */
 
-#define MEMORY_VERIFY_NONE         0
-#define MEMORY_VERIFY_ALLOC        (1 << 0)
-#define MEMORY_VERIFY_FREE         (1 << 1)
-#define MEMORY_VERIFY_ALWAYS       (MEMORY_VERIFY_ALLOC | MEMORY_VERIFY_FREE)
+#define MBEDTLS_MEMORY_VERIFY_NONE         0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
 
 #ifdef __cplusplus
 extern "C" {
@@ -59,10 +59,10 @@
  * \brief   Initialize use of stack-based memory allocator.
  *          The stack-based allocator does memory management inside the
  *          presented buffer and does not call malloc() and free().
- *          It sets the global polarssl_malloc() and polarssl_free() pointers
+ *          It sets the global mbedtls_malloc() and mbedtls_free() pointers
  *          to its own functions.
- *          (Provided polarssl_malloc() and polarssl_free() are thread-safe if
- *           POLARSSL_THREADING_C is defined)
+ *          (Provided mbedtls_malloc() and mbedtls_free() are thread-safe if
+ *           MBEDTLS_THREADING_C is defined)
  *
  * \note    This code is not optimized and provides a straight-forward
  *          implementation of a stack-based memory allocator.
@@ -72,31 +72,31 @@
  *
  * \return              0 if successful
  */
-int memory_buffer_alloc_init( unsigned char *buf, size_t len );
+int mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
 
 /**
  * \brief   Free the mutex for thread-safety and clear remaining memory
  */
-void memory_buffer_alloc_free( void );
+void mbedtls_memory_buffer_alloc_free( void );
 
 /**
  * \brief   Determine when the allocator should automatically verify the state
  *          of the entire chain of headers / meta-data.
- *          (Default: MEMORY_VERIFY_NONE)
+ *          (Default: MBEDTLS_MEMORY_VERIFY_NONE)
  *
- * \param verify    One of MEMORY_VERIFY_NONE, MEMORY_VERIFY_ALLOC,
- *                  MEMORY_VERIFY_FREE or MEMORY_VERIFY_ALWAYS
+ * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
+ *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
  */
-void memory_buffer_set_verify( int verify );
+void mbedtls_memory_buffer_set_verify( int verify );
 
-#if defined(POLARSSL_MEMORY_DEBUG)
+#if defined(MBEDTLS_MEMORY_DEBUG)
 /**
  * \brief   Print out the status of the allocated memory (primarily for use
  *          after a program should have de-allocated all memory)
  *          Prints out a list of 'still allocated' blocks and their stack
- *          trace if POLARSSL_MEMORY_BACKTRACE is defined.
+ *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
  */
-void memory_buffer_alloc_status( void );
+void mbedtls_memory_buffer_alloc_status( void );
 
 /**
  * \brief   Get the peak heap usage so far
@@ -104,12 +104,12 @@
  * \param max_used      Peak number of bytes reauested by the application
  * \param max_blocks    Peak number of blocks reauested by the application
  */
-void memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
 
 /**
  * \brief   Reset peak statistics
  */
-void memory_buffer_alloc_max_reset( void );
+void mbedtls_memory_buffer_alloc_max_reset( void );
 
 /**
  * \brief   Get the current heap usage
@@ -117,29 +117,29 @@
  * \param cur_used      Number of bytes reauested by the application
  * \param cur_blocks    Number of blocks reauested by the application
  */
-void memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
-#endif /* POLARSSL_MEMORY_DEBUG */
+void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+#endif /* MBEDTLS_MEMORY_DEBUG */
 
 /**
  * \brief   Verifies that all headers in the memory buffer are correct
  *          and contain sane values. Helps debug buffer-overflow errors.
  *
- *          Prints out first failure if POLARSSL_MEMORY_DEBUG is defined.
- *          Prints out full header information if POLARSSL_MEMORY_DEBUG
+ *          Prints out first failure if MBEDTLS_MEMORY_DEBUG is defined.
+ *          Prints out full header information if MBEDTLS_MEMORY_DEBUG
  *          is defined. (Includes stack trace information for each block if
- *          POLARSSL_MEMORY_BACKTRACE is defined as well).
+ *          MBEDTLS_MEMORY_BACKTRACE is defined as well).
  *
  * \returns             0 if verified, 1 otherwise
  */
-int memory_buffer_alloc_verify( void );
+int mbedtls_memory_buffer_alloc_verify( void );
 
-#if defined(POLARSSL_SELF_TEST)
+#if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief          Checkup routine
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int memory_buffer_alloc_self_test( int verbose );
+int mbedtls_memory_buffer_alloc_self_test( int verbose );
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/net.h b/include/mbedtls/net.h
index 088662e..f632958 100644
--- a/include/mbedtls/net.h
+++ b/include/mbedtls/net.h
@@ -21,43 +21,43 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_NET_H
-#define POLARSSL_NET_H
+#ifndef MBEDTLS_NET_H
+#define MBEDTLS_NET_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include <stddef.h>
 
-#if defined(POLARSSL_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME)
 #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
 #include <basetsd.h>
 typedef UINT32 uint32_t;
 #else
 #include <inttypes.h>
 #endif
-#endif /* POLARSSL_HAVE_TIME */
+#endif /* MBEDTLS_HAVE_TIME */
 
-#define POLARSSL_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
-#define POLARSSL_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
-#define POLARSSL_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
-#define POLARSSL_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
-#define POLARSSL_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
-#define POLARSSL_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
-#define POLARSSL_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
-#define POLARSSL_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
-#define POLARSSL_ERR_NET_WANT_READ                         -0x0052  /**< Connection requires a read call. */
-#define POLARSSL_ERR_NET_WANT_WRITE                        -0x0054  /**< Connection requires a write call. */
-#define POLARSSL_ERR_NET_UNKNOWN_HOST                      -0x0056  /**< Failed to get an IP address for the given hostname. */
-#define POLARSSL_ERR_NET_TIMEOUT                           -0x0011  /**< The operation timed out. */
+#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042  /**< Failed to open a socket. */
+#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044  /**< The connection to the given server / port failed. */
+#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046  /**< Binding of the socket failed. */
+#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048  /**< Could not listen on the socket. */
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A  /**< Could not accept the incoming connection. */
+#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C  /**< Reading information from the socket failed. */
+#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E  /**< Sending information through the socket failed. */
+#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050  /**< Connection was reset by peer. */
+#define MBEDTLS_ERR_NET_WANT_READ                         -0x0052  /**< Connection requires a read call. */
+#define MBEDTLS_ERR_NET_WANT_WRITE                        -0x0054  /**< Connection requires a write call. */
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0056  /**< Failed to get an IP address for the given hostname. */
+#define MBEDTLS_ERR_NET_TIMEOUT                           -0x0011  /**< The operation timed out. */
 
-#define POLARSSL_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
+#define MBEDTLS_NET_LISTEN_BACKLOG         10 /**< The backlog that listen() should use. */
 
-#define NET_PROTO_TCP 0 /**< The TCP transport protocol */
-#define NET_PROTO_UDP 1 /**< The UDP transport protocol */
+#define MBEDTLS_NET_PROTO_TCP 0 /**< The TCP transport protocol */
+#define MBEDTLS_NET_PROTO_UDP 1 /**< The UDP transport protocol */
 
 #ifdef __cplusplus
 extern "C" {
@@ -69,16 +69,16 @@
  * \param fd       Socket to use
  * \param host     Host to connect to
  * \param port     Port to connect to
- * \param proto    Protocol: NET_PROTO_TCP or NET_PROTO_UDP
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
  *
  * \return         0 if successful, or one of:
- *                      POLARSSL_ERR_NET_SOCKET_FAILED,
- *                      POLARSSL_ERR_NET_UNKNOWN_HOST,
- *                      POLARSSL_ERR_NET_CONNECT_FAILED
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_UNKNOWN_HOST,
+ *                      MBEDTLS_ERR_NET_CONNECT_FAILED
  *
  * \note           Sets the socket in connected mode even with UDP.
  */
-int net_connect( int *fd, const char *host, int port, int proto );
+int mbedtls_net_connect( int *fd, const char *host, int port, int proto );
 
 /**
  * \brief          Create a receiving socket on bind_ip:port in the chosen
@@ -87,17 +87,17 @@
  * \param fd       Socket to use
  * \param bind_ip  IP to bind to, can be NULL
  * \param port     Port number to use
- * \param proto    Protocol: NET_PROTO_TCP or NET_PROTO_UDP
+ * \param proto    Protocol: MBEDTLS_NET_PROTO_TCP or MBEDTLS_NET_PROTO_UDP
  *
  * \return         0 if successful, or one of:
- *                      POLARSSL_ERR_NET_SOCKET_FAILED,
- *                      POLARSSL_ERR_NET_BIND_FAILED,
- *                      POLARSSL_ERR_NET_LISTEN_FAILED
+ *                      MBEDTLS_ERR_NET_SOCKET_FAILED,
+ *                      MBEDTLS_ERR_NET_BIND_FAILED,
+ *                      MBEDTLS_ERR_NET_LISTEN_FAILED
  *
  * \note           Regardless of the protocol, opens the sockets and binds it.
  *                 In addition, make the socket listening if protocol is TCP.
  */
-int net_bind( int *fd, const char *bind_ip, int port, int proto );
+int mbedtls_net_bind( int *fd, const char *bind_ip, int port, int proto );
 
 /**
  * \brief           Accept a connection from a remote client
@@ -107,15 +107,15 @@
  * \param client_ip Will contain the client IP address
  *                  Must be at least 4 bytes, or 16 if IPv6 is supported
  *
- * \return          0 if successful, POLARSSL_ERR_NET_ACCEPT_FAILED, or
- *                  POLARSSL_ERR_NET_WANT_READ is bind_fd was set to
+ * \return          0 if successful, MBEDTLS_ERR_NET_ACCEPT_FAILED, or
+ *                  MBEDTLS_ERR_NET_WANT_READ is bind_fd was set to
  *                  non-blocking and accept() is blocking.
  *
  * \note            With UDP, connects the bind_fd to the client and just copy
  *                  its descriptor to client_fd. New clients will not be able
  *                  to connect until you close the socket and bind a new one.
  */
-int net_accept( int bind_fd, int *client_fd, void *client_ip );
+int mbedtls_net_accept( int bind_fd, int *client_fd, void *client_ip );
 
 /**
  * \brief          Set the socket blocking
@@ -124,7 +124,7 @@
  *
  * \return         0 if successful, or a non-zero error code
  */
-int net_set_block( int fd );
+int mbedtls_net_set_block( int fd );
 
 /**
  * \brief          Set the socket non-blocking
@@ -133,9 +133,9 @@
  *
  * \return         0 if successful, or a non-zero error code
  */
-int net_set_nonblock( int fd );
+int mbedtls_net_set_nonblock( int fd );
 
-#if defined(POLARSSL_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME)
 /**
  * \brief          Portable usleep helper
  *
@@ -144,7 +144,7 @@
  * \note           Real amount of time slept will not be less than
  *                 select()'s timeout granularity (typically, 10ms).
  */
-void net_usleep( unsigned long usec );
+void mbedtls_net_usleep( unsigned long usec );
 #endif
 
 /**
@@ -156,10 +156,10 @@
  * \param len      Maximum length of the buffer
  *
  * \return         This function returns the number of bytes received,
- *                 or a non-zero error code; POLARSSL_ERR_NET_WANT_READ
+ *                 or a non-zero error code; MBEDTLS_ERR_NET_WANT_READ
  *                 indicates read() is blocking.
  */
-int net_recv( void *ctx, unsigned char *buf, size_t len );
+int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
 
 /**
  * \brief          Write at most 'len' characters. If no error occurs,
@@ -170,12 +170,12 @@
  * \param len      The length of the buffer
  *
  * \return         This function returns the number of bytes sent,
- *                 or a non-zero error code; POLARSSL_ERR_NET_WANT_WRITE
+ *                 or a non-zero error code; MBEDTLS_ERR_NET_WANT_WRITE
  *                 indicates write() is blocking.
  */
-int net_send( void *ctx, const unsigned char *buf, size_t len );
+int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
 
-#if defined(POLARSSL_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME)
 /**
  * \brief          Read at most 'len' characters, blocking for at most
  *                 'timeout' seconds. If no error occurs, the actual amount
@@ -188,24 +188,24 @@
  *
  * \return         This function returns the number of bytes received,
  *                 or a non-zero error code:
- *                 POLARSSL_ERR_NET_TIMEOUT if the operation timed out,
- *                 POLARSSL_ERR_NET_WANT_READ if interrupted by a signal.
+ *                 MBEDTLS_ERR_NET_TIMEOUT if the operation timed out,
+ *                 MBEDTLS_ERR_NET_WANT_READ if interrupted by a signal.
  *
  * \note           This function will block (until data becomes available or
  *                 timeout is reached) even if the socket is set to
  *                 non-blocking. Handling timeouts with non-blocking reads
  *                 requires a different strategy.
  */
-int net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
                       uint32_t timeout );
-#endif /* POLARSSL_HAVE_TIME */
+#endif /* MBEDTLS_HAVE_TIME */
 
 /**
  * \brief          Gracefully shutdown the connection
  *
  * \param fd       The socket to close
  */
-void net_close( int fd );
+void mbedtls_net_close( int fd );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 11330f2..02921c4 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_OID_H
-#define POLARSSL_OID_H
+#ifndef MBEDTLS_OID_H
+#define MBEDTLS_OID_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "asn1.h"
@@ -35,238 +35,238 @@
 
 #include <stddef.h>
 
-#if defined(POLARSSL_CIPHER_C)
+#if defined(MBEDTLS_CIPHER_C)
 #include "cipher.h"
 #endif
 
-#if defined(POLARSSL_MD_C)
+#if defined(MBEDTLS_MD_C)
 #include "md.h"
 #endif
 
-#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 #include "x509.h"
 #endif
 
-#define POLARSSL_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
-#define POLARSSL_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
+#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E  /**< OID is not found. */
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B  /**< output buffer is too small */
 
 /*
  * Top level OID tuples
  */
-#define OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
-#define OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
-#define OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
-#define OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
 
 /*
  * ISO Member bodies OID parts
  */
-#define OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
-#define OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
-#define OID_RSA_COMPANY                 OID_ISO_MEMBER_BODIES OID_COUNTRY_US \
-                                        OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
-#define OID_ANSI_X9_62                  OID_ISO_MEMBER_BODIES OID_COUNTRY_US \
-                                        OID_ORG_ANSI_X9_62
+#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+                                        MBEDTLS_OID_ORG_ANSI_X9_62
 
 /*
  * ISO Identified organization OID parts
  */
-#define OID_ORG_DOD                     "\x06"          /* {dod(6)} */
-#define OID_ORG_OIW                     "\x0e"
-#define OID_OIW_SECSIG                  OID_ORG_OIW "\x03"
-#define OID_OIW_SECSIG_ALG              OID_OIW_SECSIG "\x02"
-#define OID_OIW_SECSIG_SHA1             OID_OIW_SECSIG_ALG "\x1a"
-#define OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
-#define OID_CERTICOM                    OID_ISO_IDENTIFIED_ORG OID_ORG_CERTICOM
-#define OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
-#define OID_TELETRUST                   OID_ISO_IDENTIFIED_ORG OID_ORG_TELETRUST
+#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW                     "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
 
 /*
  * ISO ITU OID parts
  */
-#define OID_ORGANIZATION                "\x01"          /* {organization(1)} */
-#define OID_ISO_ITU_US_ORG              OID_ISO_ITU_COUNTRY OID_COUNTRY_US OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
 
-#define OID_ORG_GOV                     "\x65"          /* {gov(101)} */
-#define OID_GOV                         OID_ISO_ITU_US_ORG OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
+#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
 
-#define OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
-#define OID_NETSCAPE                    OID_ISO_ITU_US_ORG OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
 
 /* ISO arc for standard certificate and CRL extensions */
-#define OID_ID_CE                       OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
 
 /**
  * Private Internet Extensions
  * { iso(1) identified-organization(3) dod(6) internet(1)
  *                      security(5) mechanisms(5) pkix(7) }
  */
-#define OID_PKIX                        OID_ISO_IDENTIFIED_ORG OID_ORG_DOD "\x01\x05\x05\x07"
+#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01\x05\x05\x07"
 
 /*
  * Arc for standard naming attributes
  */
-#define OID_AT                          OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define OID_AT_CN                       OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define OID_AT_SUR_NAME                 OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define OID_AT_SERIAL_NUMBER            OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define OID_AT_COUNTRY                  OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define OID_AT_LOCALITY                 OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define OID_AT_STATE                    OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define OID_AT_ORGANIZATION             OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define OID_AT_ORG_UNIT                 OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define OID_AT_TITLE                    OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define OID_AT_POSTAL_ADDRESS           OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define OID_AT_POSTAL_CODE              OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define OID_AT_GIVEN_NAME               OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define OID_AT_INITIALS                 OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define OID_AT_GENERATION_QUALIFIER     OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define OID_AT_UNIQUE_IDENTIFIER        OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define OID_AT_DN_QUALIFIER             OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define OID_AT_PSEUDONYM                OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
-#define OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
 
 /*
  * OIDs for standard certificate extensions
  */
-#define OID_AUTHORITY_KEY_IDENTIFIER    OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
-#define OID_SUBJECT_KEY_IDENTIFIER      OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
-#define OID_KEY_USAGE                   OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
-#define OID_CERTIFICATE_POLICIES        OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
-#define OID_POLICY_MAPPINGS             OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
-#define OID_SUBJECT_ALT_NAME            OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
-#define OID_ISSUER_ALT_NAME             OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
-#define OID_SUBJECT_DIRECTORY_ATTRS     OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
-#define OID_BASIC_CONSTRAINTS           OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
-#define OID_NAME_CONSTRAINTS            OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
-#define OID_POLICY_CONSTRAINTS          OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
-#define OID_EXTENDED_KEY_USAGE          OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define OID_CRL_DISTRIBUTION_POINTS     OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
-#define OID_INIHIBIT_ANYPOLICY          OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
-#define OID_FRESHEST_CRL                OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
 
 /*
  * Netscape certificate extensions
  */
-#define OID_NS_CERT                 OID_NETSCAPE "\x01"
-#define OID_NS_CERT_TYPE            OID_NS_CERT  "\x01"
-#define OID_NS_BASE_URL             OID_NS_CERT  "\x02"
-#define OID_NS_REVOCATION_URL       OID_NS_CERT  "\x03"
-#define OID_NS_CA_REVOCATION_URL    OID_NS_CERT  "\x04"
-#define OID_NS_RENEWAL_URL          OID_NS_CERT  "\x07"
-#define OID_NS_CA_POLICY_URL        OID_NS_CERT  "\x08"
-#define OID_NS_SSL_SERVER_NAME      OID_NS_CERT  "\x0C"
-#define OID_NS_COMMENT              OID_NS_CERT  "\x0D"
-#define OID_NS_DATA_TYPE            OID_NETSCAPE "\x02"
-#define OID_NS_CERT_SEQUENCE        OID_NS_DATA_TYPE "\x05"
+#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
+#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
+#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
 
 /*
  * OIDs for CRL extensions
  */
-#define OID_PRIVATE_KEY_USAGE_PERIOD    OID_ID_CE "\x10"
-#define OID_CRL_NUMBER                  OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
 
 /*
  * X.509 v3 Extended key usage OIDs
  */
-#define OID_ANY_EXTENDED_KEY_USAGE      OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
 
-#define OID_KP                          OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define OID_SERVER_AUTH                 OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define OID_CLIENT_AUTH                 OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define OID_CODE_SIGNING                OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define OID_EMAIL_PROTECTION            OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define OID_TIME_STAMPING               OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define OID_OCSP_SIGNING                OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
 
 /*
  * PKCS definition OIDs
  */
 
-#define OID_PKCS                OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define OID_PKCS1               OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define OID_PKCS5               OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define OID_PKCS9               OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define OID_PKCS12              OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
 
 /*
  * PKCS#1 OIDs
  */
-#define OID_PKCS1_RSA           OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define OID_PKCS1_MD2           OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
-#define OID_PKCS1_MD4           OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
-#define OID_PKCS1_MD5           OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define OID_PKCS1_SHA1          OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define OID_PKCS1_SHA224        OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define OID_PKCS1_SHA256        OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define OID_PKCS1_SHA384        OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define OID_PKCS1_SHA512        OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD2           MBEDTLS_OID_PKCS1 "\x02" /**< md2WithRSAEncryption ::= { pkcs-1 2 } */
+#define MBEDTLS_OID_PKCS1_MD4           MBEDTLS_OID_PKCS1 "\x03" /**< md4WithRSAEncryption ::= { pkcs-1 3 } */
+#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
 
-#define OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
 
-#define OID_PKCS9_EMAIL         OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
 
 /* RFC 4055 */
-#define OID_RSASSA_PSS          OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define OID_MGF1                OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
 
 /*
  * Digest algorithms
  */
-#define OID_DIGEST_ALG_MD2              OID_RSA_COMPANY "\x02\x02" /**< id-md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
-#define OID_DIGEST_ALG_MD4              OID_RSA_COMPANY "\x02\x04" /**< id-md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
-#define OID_DIGEST_ALG_MD5              OID_RSA_COMPANY "\x02\x05" /**< id-md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define OID_DIGEST_ALG_SHA1             OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_SHA1 /**< id-sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define OID_DIGEST_ALG_SHA224           OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define OID_DIGEST_ALG_SHA256           OID_GOV "\x03\x04\x02\x01" /**< id-sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD2              MBEDTLS_OID_RSA_COMPANY "\x02\x02" /**< id-mbedtls_md2 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD4              MBEDTLS_OID_RSA_COMPANY "\x02\x04" /**< id-mbedtls_md4 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_GOV "\x03\x04\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_GOV "\x03\x04\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
 
-#define OID_DIGEST_ALG_SHA384           OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_GOV "\x03\x04\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
 
-#define OID_DIGEST_ALG_SHA512           OID_GOV "\x03\x04\x02\x03" /**< id-sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_GOV "\x03\x04\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
 
-#define OID_HMAC_SHA1                   OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
 
 /*
  * Encryption algorithms
  */
-#define OID_DES_CBC                     OID_ISO_IDENTIFIED_ORG OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define OID_DES_EDE3_CBC                OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
 
 /*
  * PKCS#5 OIDs
  */
-#define OID_PKCS5_PBKDF2                OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define OID_PKCS5_PBES2                 OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define OID_PKCS5_PBMAC1                OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
 
 /*
  * PKCS#5 PBES1 algorithms
  */
-#define OID_PKCS5_PBE_MD2_DES_CBC       OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
-#define OID_PKCS5_PBE_MD2_RC2_CBC       OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
-#define OID_PKCS5_PBE_MD5_DES_CBC       OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define OID_PKCS5_PBE_MD5_RC2_CBC       OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define OID_PKCS5_PBE_SHA1_DES_CBC      OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define OID_PKCS5_PBE_SHA1_RC2_CBC      OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_DES_CBC       MBEDTLS_OID_PKCS5 "\x01" /**< pbeWithMD2AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 1} */
+#define MBEDTLS_OID_PKCS5_PBE_MD2_RC2_CBC       MBEDTLS_OID_PKCS5 "\x04" /**< pbeWithMD2AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 4} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
 
 /*
  * PKCS#8 OIDs
  */
-#define OID_PKCS9_CSR_EXT_REQ           OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
 
 /*
  * PKCS#12 PBE OIDs
  */
-#define OID_PKCS12_PBE                      OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
 
-#define OID_PKCS12_PBE_SHA1_RC4_128         OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
-#define OID_PKCS12_PBE_SHA1_RC4_40          OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
-#define OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define OID_PKCS12_PBE_SHA1_RC2_128_CBC     OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define OID_PKCS12_PBE_SHA1_RC2_40_CBC      OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_128         MBEDTLS_OID_PKCS12_PBE "\x01" /**< pbeWithSHAAnd128BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 1} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC4_40          MBEDTLS_OID_PKCS12_PBE "\x02" /**< pbeWithSHAAnd40BitRC4 OBJECT IDENTIFIER ::= {pkcs-12PbeIds 2} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
 
 /*
  * EC key algorithms from RFC 5480
@@ -274,12 +274,12 @@
 
 /* id-ecPublicKey OBJECT IDENTIFIER ::= {
  *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define OID_EC_ALG_UNRESTRICTED         OID_ANSI_X9_62 "\x02\01"
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
 
 /*   id-ecDH OBJECT IDENTIFIER ::= {
  *     iso(1) identified-organization(3) certicom(132)
  *     schemes(1) ecdh(12) } */
-#define OID_EC_ALG_ECDH                 OID_CERTICOM "\x01\x0c"
+#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
 
 /*
  * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
@@ -287,35 +287,35 @@
 
 /* secp192r1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define OID_EC_GRP_SECP192R1        OID_ANSI_X9_62 "\x03\x01\x01"
+#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
 
 /* secp224r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define OID_EC_GRP_SECP224R1        OID_CERTICOM "\x00\x21"
+#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
 
 /* secp256r1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define OID_EC_GRP_SECP256R1        OID_ANSI_X9_62 "\x03\x01\x07"
+#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
 
 /* secp384r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define OID_EC_GRP_SECP384R1        OID_CERTICOM "\x00\x22"
+#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
 
 /* secp521r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define OID_EC_GRP_SECP521R1        OID_CERTICOM "\x00\x23"
+#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
 
 /* secp192k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define OID_EC_GRP_SECP192K1        OID_CERTICOM "\x00\x1f"
+#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
 
 /* secp224k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define OID_EC_GRP_SECP224K1        OID_CERTICOM "\x00\x20"
+#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
 
 /* secp256k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define OID_EC_GRP_SECP256K1        OID_CERTICOM "\x00\x0a"
+#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
 
 /* RFC 5639 4.1
  * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
@@ -323,16 +323,16 @@
  * algorithm(3) ecSign(2) 8}
  * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
  * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define OID_EC_BRAINPOOL_V1         OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
 
 /* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define OID_EC_GRP_BP256R1          OID_EC_BRAINPOOL_V1 "\x07"
+#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
 
 /* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define OID_EC_GRP_BP384R1          OID_EC_BRAINPOOL_V1 "\x0B"
+#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
 
 /* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define OID_EC_GRP_BP512R1          OID_EC_BRAINPOOL_V1 "\x0D"
+#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
 
 /*
  * SEC1 C.1
@@ -340,38 +340,38 @@
  * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
  * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
  */
-#define OID_ANSI_X9_62_FIELD_TYPE   OID_ANSI_X9_62 "\x01"
-#define OID_ANSI_X9_62_PRIME_FIELD  OID_ANSI_X9_62_FIELD_TYPE "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
 
 /*
  * ECDSA signature identifiers, from RFC 5480
  */
-#define OID_ANSI_X9_62_SIG          OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define OID_ANSI_X9_62_SIG_SHA2     OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
 
 /* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define OID_ECDSA_SHA1              OID_ANSI_X9_62_SIG "\x01"
+#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
 
 /* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 1 } */
-#define OID_ECDSA_SHA224            OID_ANSI_X9_62_SIG_SHA2 "\x01"
+#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
 
 /* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 2 } */
-#define OID_ECDSA_SHA256            OID_ANSI_X9_62_SIG_SHA2 "\x02"
+#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
 
 /* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 3 } */
-#define OID_ECDSA_SHA384            OID_ANSI_X9_62_SIG_SHA2 "\x03"
+#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
 
 /* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 4 } */
-#define OID_ECDSA_SHA512            OID_ANSI_X9_62_SIG_SHA2 "\x04"
+#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
 
 #ifdef __cplusplus
 extern "C" {
@@ -385,7 +385,7 @@
     size_t asn1_len;                /*!< length of asn1                 */
     const char *name;               /*!< official name (e.g. from RFC)  */
     const char *description;        /*!< human friendly description     */
-} oid_descriptor_t;
+} mbedtls_oid_descriptor_t;
 
 /**
  * \brief           Translate an ASN.1 OID into its numeric representation
@@ -396,20 +396,20 @@
  * \param oid       OID to translate
  *
  * \return          Length of the string written (excluding final NULL) or
- *                  POLARSSL_ERR_OID_BUF_TOO_SMALL in case of error
+ *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
  */
-int oid_get_numeric_string( char *buf, size_t size, const asn1_buf *oid );
+int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
 
-#if defined(POLARSSL_X509_USE_C) || defined(POLARSSL_X509_CREATE_C)
+#if defined(MBEDTLS_X509_USE_C) || defined(MBEDTLS_X509_CREATE_C)
 /**
  * \brief          Translate an X.509 extension OID into local values
  *
  * \param oid      OID to use
  * \param ext_type place to store the extension type
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_x509_ext_type( const asn1_buf *oid, int *ext_type );
+int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
 #endif
 
 /**
@@ -419,9 +419,9 @@
  * \param oid      OID to use
  * \param short_name    place to store the string pointer
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_attr_short_name( const asn1_buf *oid, const char **short_name );
+int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
 
 /**
  * \brief          Translate PublicKeyAlgorithm OID into pk_type
@@ -429,9 +429,9 @@
  * \param oid      OID to use
  * \param pk_alg   place to store public key algorithm
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_pk_alg( const asn1_buf *oid, pk_type_t *pk_alg );
+int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
 
 /**
  * \brief          Translate pk_type into PublicKeyAlgorithm OID
@@ -440,21 +440,21 @@
  * \param oid      place to store ASN.1 OID string pointer
  * \param olen     length of the OID
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_oid_by_pk_alg( pk_type_t pk_alg,
+int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
                            const char **oid, size_t *olen );
 
-#if defined(POLARSSL_ECP_C)
+#if defined(MBEDTLS_ECP_C)
 /**
  * \brief          Translate NamedCurve OID into an EC group identifier
  *
  * \param oid      OID to use
  * \param grp_id   place to store group id
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_ec_grp( const asn1_buf *oid, ecp_group_id *grp_id );
+int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
 
 /**
  * \brief          Translate EC group identifier into NamedCurve OID
@@ -463,13 +463,13 @@
  * \param oid      place to store ASN.1 OID string pointer
  * \param olen     length of the OID
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_oid_by_ec_grp( ecp_group_id grp_id,
+int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
                            const char **oid, size_t *olen );
-#endif /* POLARSSL_ECP_C */
+#endif /* MBEDTLS_ECP_C */
 
-#if defined(POLARSSL_MD_C)
+#if defined(MBEDTLS_MD_C)
 /**
  * \brief          Translate SignatureAlgorithm OID into md_type and pk_type
  *
@@ -477,10 +477,10 @@
  * \param md_alg   place to store message digest algorithm
  * \param pk_alg   place to store public key algorithm
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_sig_alg( const asn1_buf *oid,
-                     md_type_t *md_alg, pk_type_t *pk_alg );
+int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
+                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
 
 /**
  * \brief          Translate SignatureAlgorithm OID into description
@@ -488,9 +488,9 @@
  * \param oid      OID to use
  * \param desc     place to store string pointer
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_sig_alg_desc( const asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
 
 /**
  * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
@@ -500,9 +500,9 @@
  * \param oid      place to store ASN.1 OID string pointer
  * \param olen     length of the OID
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_oid_by_sig_alg( pk_type_t pk_alg, md_type_t md_alg,
+int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
                             const char **oid, size_t *olen );
 
 /**
@@ -511,10 +511,10 @@
  * \param oid      OID to use
  * \param md_alg   place to store message digest algorithm
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_md_alg( const asn1_buf *oid, md_type_t *md_alg );
-#endif /* POLARSSL_MD_C */
+int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+#endif /* MBEDTLS_MD_C */
 
 /**
  * \brief          Translate Extended Key Usage OID into description
@@ -522,9 +522,9 @@
  * \param oid      OID to use
  * \param desc     place to store string pointer
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_extended_key_usage( const asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
 
 /**
  * \brief          Translate md_type into hash algorithm OID
@@ -533,23 +533,23 @@
  * \param oid      place to store ASN.1 OID string pointer
  * \param olen     length of the OID
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_oid_by_md( md_type_t md_alg, const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
 
-#if defined(POLARSSL_CIPHER_C)
+#if defined(MBEDTLS_CIPHER_C)
 /**
  * \brief          Translate encryption algorithm OID into cipher_type
  *
  * \param oid           OID to use
  * \param cipher_alg    place to store cipher algorithm
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_cipher_alg( const asn1_buf *oid, cipher_type_t *cipher_alg );
-#endif /* POLARSSL_CIPHER_C */
+int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_CIPHER_C */
 
-#if defined(POLARSSL_PKCS12_C)
+#if defined(MBEDTLS_PKCS12_C)
 /**
  * \brief          Translate PKCS#12 PBE algorithm OID into md_type and
  *                 cipher_type
@@ -558,11 +558,11 @@
  * \param md_alg        place to store message digest algorithm
  * \param cipher_alg    place to store cipher algorithm
  *
- * \return         0 if successful, or POLARSSL_ERR_OID_NOT_FOUND
+ * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int oid_get_pkcs12_pbe_alg( const asn1_buf *oid, md_type_t *md_alg,
-                            cipher_type_t *cipher_alg );
-#endif /* POLARSSL_PKCS12_C */
+int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
+                            mbedtls_cipher_type_t *cipher_alg );
+#endif /* MBEDTLS_PKCS12_C */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/padlock.h b/include/mbedtls/padlock.h
index 55a0395..4d3134c 100644
--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
@@ -22,17 +22,17 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PADLOCK_H
-#define POLARSSL_PADLOCK_H
+#ifndef MBEDTLS_PADLOCK_H
+#define MBEDTLS_PADLOCK_H
 
 #include "aes.h"
 
-#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
+#define MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED               -0x0030  /**< Input data should be aligned. */
 
-#if defined(POLARSSL_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && defined(__i386__)
 
-#ifndef POLARSSL_HAVE_X86
-#define POLARSSL_HAVE_X86
+#ifndef MBEDTLS_HAVE_X86
+#define MBEDTLS_HAVE_X86
 #endif
 
 #if defined(_MSC_VER) && !defined(EFIX64) && !defined(EFI32)
@@ -42,12 +42,12 @@
 #include <inttypes.h>
 #endif
 
-#define PADLOCK_RNG 0x000C
-#define PADLOCK_ACE 0x00C0
-#define PADLOCK_PHE 0x0C00
-#define PADLOCK_PMM 0x3000
+#define MBEDTLS_PADLOCK_RNG 0x000C
+#define MBEDTLS_PADLOCK_ACE 0x00C0
+#define MBEDTLS_PADLOCK_PHE 0x0C00
+#define MBEDTLS_PADLOCK_PMM 0x3000
 
-#define PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
+#define MBEDTLS_PADLOCK_ALIGN16(x) (uint32_t *) (16 + ((int32_t) x & ~15))
 
 #ifdef __cplusplus
 extern "C" {
@@ -60,19 +60,19 @@
  *
  * \return         1 if CPU has support for the feature, 0 otherwise
  */
-int padlock_supports( int feature );
+int mbedtls_padlock_supports( int feature );
 
 /**
  * \brief          PadLock AES-ECB block en(de)cryption
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param input    16-byte input block
  * \param output   16-byte output block
  *
  * \return         0 if success, 1 if operation failed
  */
-int padlock_xcryptecb( aes_context *ctx,
+int mbedtls_padlock_xcryptecb( mbedtls_aes_context *ctx,
                        int mode,
                        const unsigned char input[16],
                        unsigned char output[16] );
@@ -81,7 +81,7 @@
  * \brief          PadLock AES-CBC buffer en(de)cryption
  *
  * \param ctx      AES context
- * \param mode     AES_ENCRYPT or AES_DECRYPT
+ * \param mode     MBEDTLS_AES_ENCRYPT or MBEDTLS_AES_DECRYPT
  * \param length   length of the input data
  * \param iv       initialization vector (updated after use)
  * \param input    buffer holding the input data
@@ -89,7 +89,7 @@
  *
  * \return         0 if success, 1 if operation failed
  */
-int padlock_xcryptcbc( aes_context *ctx,
+int mbedtls_padlock_xcryptcbc( mbedtls_aes_context *ctx,
                        int mode,
                        size_t length,
                        unsigned char iv[16],
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index b47e0e9..ef94529 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PEM_H
-#define POLARSSL_PEM_H
+#ifndef MBEDTLS_PEM_H
+#define MBEDTLS_PEM_H
 
 #include <stddef.h>
 
@@ -32,22 +32,22 @@
  * PEM data.
  * \{
  */
-#define POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
-#define POLARSSL_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
-#define POLARSSL_ERR_PEM_MALLOC_FAILED                     -0x1180  /**< Failed to allocate memory. */
-#define POLARSSL_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
-#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
-#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
-#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
-#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
-#define POLARSSL_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080  /**< No PEM header or footer found. */
+#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100  /**< PEM string is not as expected. */
+#define MBEDTLS_ERR_PEM_MALLOC_FAILED                     -0x1180  /**< Failed to allocate memory. */
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200  /**< RSA IV is not in hex-format. */
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280  /**< Unsupported key encryption algorithm. */
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400  /**< Unavailable feature, e.g. hashing/encryption combination. */
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480  /**< Bad input parameters to function. */
 /* \} name */
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-#if defined(POLARSSL_PEM_PARSE_C)
+#if defined(MBEDTLS_PEM_PARSE_C)
 /**
  * \brief       PEM context structure
  */
@@ -57,14 +57,14 @@
     size_t buflen;          /*!< length of the buffer                */
     unsigned char *info;    /*!< buffer for extra header information */
 }
-pem_context;
+mbedtls_pem_context;
 
 /**
  * \brief       PEM context setup
  *
  * \param ctx   context to be initialized
  */
-void pem_init( pem_context *ctx );
+void mbedtls_pem_init( mbedtls_pem_context *ctx );
 
 /**
  * \brief       Read a buffer for PEM information and store the resulting
@@ -78,8 +78,8 @@
  * \param pwdlen    length of password
  * \param use_len   destination for total length used (set after header is
  *                  correctly read, so unless you get
- *                  POLARSSL_ERR_PEM_BAD_INPUT_DATA or
- *                  POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
+ *                  MBEDTLS_ERR_PEM_BAD_INPUT_DATA or
+ *                  MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT, use_len is
  *                  the length to skip)
  *
  * \note            Attempts to check password correctness by verifying if
@@ -88,7 +88,7 @@
  *
  * \return          0 on success, or a specific PEM error code
  */
-int pem_read_buffer( pem_context *ctx, const char *header, const char *footer,
+int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
                      const unsigned char *data,
                      const unsigned char *pwd,
                      size_t pwdlen, size_t *use_len );
@@ -98,10 +98,10 @@
  *
  * \param ctx   context to be freed
  */
-void pem_free( pem_context *ctx );
-#endif /* POLARSSL_PEM_PARSE_C */
+void mbedtls_pem_free( mbedtls_pem_context *ctx );
+#endif /* MBEDTLS_PEM_PARSE_C */
 
-#if defined(POLARSSL_PEM_WRITE_C)
+#if defined(MBEDTLS_PEM_WRITE_C)
 /**
  * \brief           Write a buffer of PEM information from a DER encoded
  *                  buffer.
@@ -115,13 +115,13 @@
  * \param olen      total length written / required (if buf_len is not enough)
  *
  * \return          0 on success, or a specific PEM or BASE64 error code. On
- *                  POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
+ *                  MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL olen is the required
  *                  size.
  */
-int pem_write_buffer( const char *header, const char *footer,
+int mbedtls_pem_write_buffer( const char *header, const char *footer,
                       const unsigned char *der_data, size_t der_len,
                       unsigned char *buf, size_t buf_len, size_t *olen );
-#endif /* POLARSSL_PEM_WRITE_C */
+#endif /* MBEDTLS_PEM_WRITE_C */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 903f9e4..069df64 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -22,64 +22,64 @@
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#ifndef POLARSSL_PK_H
-#define POLARSSL_PK_H
+#ifndef MBEDTLS_PK_H
+#define MBEDTLS_PK_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "md.h"
 
-#if defined(POLARSSL_RSA_C)
+#if defined(MBEDTLS_RSA_C)
 #include "rsa.h"
 #endif
 
-#if defined(POLARSSL_ECP_C)
+#if defined(MBEDTLS_ECP_C)
 #include "ecp.h"
 #endif
 
-#if defined(POLARSSL_ECDSA_C)
+#if defined(MBEDTLS_ECDSA_C)
 #include "ecdsa.h"
 #endif
 
-#define POLARSSL_ERR_PK_MALLOC_FAILED       -0x2F80  /**< Memory alloation failed. */
-#define POLARSSL_ERR_PK_TYPE_MISMATCH       -0x2F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define POLARSSL_ERR_PK_BAD_INPUT_DATA      -0x2E80  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_PK_FILE_IO_ERROR       -0x2E00  /**< Read/write of file failed. */
-#define POLARSSL_ERR_PK_KEY_INVALID_VERSION -0x2D80  /**< Unsupported key version */
-#define POLARSSL_ERR_PK_KEY_INVALID_FORMAT  -0x2D00  /**< Invalid key tag or value. */
-#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG      -0x2C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
-#define POLARSSL_ERR_PK_PASSWORD_REQUIRED   -0x2C00  /**< Private key password can't be empty. */
-#define POLARSSL_ERR_PK_PASSWORD_MISMATCH   -0x2B80  /**< Given private key password does not allow for correct decryption. */
-#define POLARSSL_ERR_PK_INVALID_PUBKEY      -0x2B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define POLARSSL_ERR_PK_INVALID_ALG         -0x2A80  /**< The algorithm tag or value is invalid. */
-#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
-#define POLARSSL_ERR_PK_FEATURE_UNAVAILABLE -0x2980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
-#define POLARSSL_ERR_PK_SIG_LEN_MISMATCH    -0x2000  /**< The signature is valid but its length is less than expected. */
+#define MBEDTLS_ERR_PK_MALLOC_FAILED       -0x2F80  /**< Memory alloation failed. */
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x2F00  /**< Type mismatch, eg attempt to encrypt with an ECDSA key */
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x2E80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x2E00  /**< Read/write of file failed. */
+#define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x2D80  /**< Unsupported key version */
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x2D00  /**< Invalid key tag or value. */
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x2C80  /**< Key algorithm is unsupported (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x2C00  /**< Private key password can't be empty. */
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x2B80  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x2B00  /**< The pubkey tag or value is invalid (only RSA and EC are supported). */
+#define MBEDTLS_ERR_PK_INVALID_ALG         -0x2A80  /**< The algorithm tag or value is invalid. */
+#define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x2A00  /**< Elliptic curve is unsupported (only NIST curves are supported). */
+#define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x2980  /**< Unavailable feature, e.g. RSA disabled for RSA key. */
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x2000  /**< The signature is valid but its length is less than expected. */
 
 
-#if defined(POLARSSL_RSA_C)
+#if defined(MBEDTLS_RSA_C)
 /**
  * Quick access to an RSA context inside a PK context.
  *
  * \warning You must make sure the PK context actually holds an RSA context
  * before using this macro!
  */
-#define pk_rsa( pk )        ( (rsa_context *) (pk).pk_ctx )
-#endif /* POLARSSL_RSA_C */
+#define mbedtls_pk_rsa( pk )        ( (mbedtls_rsa_context *) (pk).pk_ctx )
+#endif /* MBEDTLS_RSA_C */
 
-#if defined(POLARSSL_ECP_C)
+#if defined(MBEDTLS_ECP_C)
 /**
  * Quick access to an EC context inside a PK context.
  *
  * \warning You must make sure the PK context actually holds an EC context
  * before using this macro!
  */
-#define pk_ec( pk )         ( (ecp_keypair *) (pk).pk_ctx )
-#endif /* POLARSSL_ECP_C */
+#define mbedtls_pk_ec( pk )         ( (mbedtls_ecp_keypair *) (pk).pk_ctx )
+#endif /* MBEDTLS_ECP_C */
 
 
 #ifdef __cplusplus
@@ -90,76 +90,76 @@
  * \brief          Public key types
  */
 typedef enum {
-    POLARSSL_PK_NONE=0,
-    POLARSSL_PK_RSA,
-    POLARSSL_PK_ECKEY,
-    POLARSSL_PK_ECKEY_DH,
-    POLARSSL_PK_ECDSA,
-    POLARSSL_PK_RSA_ALT,
-    POLARSSL_PK_RSASSA_PSS,
-} pk_type_t;
+    MBEDTLS_PK_NONE=0,
+    MBEDTLS_PK_RSA,
+    MBEDTLS_PK_ECKEY,
+    MBEDTLS_PK_ECKEY_DH,
+    MBEDTLS_PK_ECDSA,
+    MBEDTLS_PK_RSA_ALT,
+    MBEDTLS_PK_RSASSA_PSS,
+} mbedtls_pk_type_t;
 
 /**
  * \brief           Options for RSASSA-PSS signature verification.
- *                  See \c rsa_rsassa_pss_verify_ext()
+ *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
  */
 typedef struct
 {
-    md_type_t mgf1_hash_id;
+    mbedtls_md_type_t mgf1_hash_id;
     int expected_salt_len;
 
-} pk_rsassa_pss_options;
+} mbedtls_pk_rsassa_pss_options;
 
 /**
  * \brief           Types for interfacing with the debug module
  */
 typedef enum
 {
-    POLARSSL_PK_DEBUG_NONE = 0,
-    POLARSSL_PK_DEBUG_MPI,
-    POLARSSL_PK_DEBUG_ECP,
-} pk_debug_type;
+    MBEDTLS_PK_DEBUG_NONE = 0,
+    MBEDTLS_PK_DEBUG_MPI,
+    MBEDTLS_PK_DEBUG_ECP,
+} mbedtls_pk_debug_type;
 
 /**
  * \brief           Item to send to the debug module
  */
 typedef struct
 {
-    pk_debug_type type;
+    mbedtls_pk_debug_type type;
     const char *name;
     void *value;
-} pk_debug_item;
+} mbedtls_pk_debug_item;
 
 /** Maximum number of item send for debugging, plus 1 */
-#define POLARSSL_PK_DEBUG_MAX_ITEMS 3
+#define MBEDTLS_PK_DEBUG_MAX_ITEMS 3
 
 /**
  * \brief           Public key information and operations
  */
-typedef struct _pk_info_t pk_info_t;
+typedef struct mbedtls_pk_info_t mbedtls_pk_info_t;
 
 /**
  * \brief           Public key container
  */
 typedef struct
 {
-    const pk_info_t *   pk_info;    /**< Public key informations        */
+    const mbedtls_pk_info_t *   pk_info;    /**< Public key informations        */
     void *              pk_ctx;     /**< Underlying public key context  */
-} pk_context;
+} mbedtls_pk_context;
 
-#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Types for RSA-alt abstraction
  */
-typedef int (*pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, int mode, size_t *olen,
                     const unsigned char *input, unsigned char *output,
                     size_t output_max_len );
-typedef int (*pk_rsa_alt_sign_func)( void *ctx,
+typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
                     int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                    int mode, md_type_t md_alg, unsigned int hashlen,
+                    int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
                     const unsigned char *hash, unsigned char *sig );
-typedef size_t (*pk_rsa_alt_key_len_func)( void *ctx );
-#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 
 /**
  * \brief           Return information associated with the given PK type
@@ -168,17 +168,17 @@
  *
  * \return          The PK info associated with the type or NULL if not found.
  */
-const pk_info_t *pk_info_from_type( pk_type_t pk_type );
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
 
 /**
- * \brief           Initialize a pk_context (as NONE)
+ * \brief           Initialize a mbedtls_pk_context (as NONE)
  */
-void pk_init( pk_context *ctx );
+void mbedtls_pk_init( mbedtls_pk_context *ctx );
 
 /**
- * \brief           Free a pk_context
+ * \brief           Free a mbedtls_pk_context
  */
-void pk_free( pk_context *ctx );
+void mbedtls_pk_free( mbedtls_pk_context *ctx );
 
 /**
  * \brief           Initialize a PK context with the information given
@@ -188,15 +188,15 @@
  * \param info      Information to use
  *
  * \return          0 on success,
- *                  POLARSSL_ERR_PK_BAD_INPUT_DATA on invalid input,
- *                  POLARSSL_ERR_PK_MALLOC_FAILED on allocation failure.
+ *                  MBEDTLS_ERR_PK_BAD_INPUT_DATA on invalid input,
+ *                  MBEDTLS_ERR_PK_MALLOC_FAILED on allocation failure.
  *
  * \note            For contexts holding an RSA-alt key, use
- *                  \c pk_init_ctx_rsa_alt() instead.
+ *                  \c mbedtls_pk_init_ctx_rsa_alt() instead.
  */
-int pk_init_ctx( pk_context *ctx, const pk_info_t *info );
+int mbedtls_pk_init_ctx( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
 
-#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /**
  * \brief           Initialize an RSA-alt context
  *
@@ -206,16 +206,16 @@
  * \param sign_func     Signing function
  * \param key_len_func  Function returning key length in bytes
  *
- * \return          0 on success, or POLARSSL_ERR_PK_BAD_INPUT_DATA if the
+ * \return          0 on success, or MBEDTLS_ERR_PK_BAD_INPUT_DATA if the
  *                  context wasn't already initialized as RSA_ALT.
  *
- * \note            This function replaces \c pk_init_ctx() for RSA-alt.
+ * \note            This function replaces \c mbedtls_pk_init_ctx() for RSA-alt.
  */
-int pk_init_ctx_rsa_alt( pk_context *ctx, void * key,
-                         pk_rsa_alt_decrypt_func decrypt_func,
-                         pk_rsa_alt_sign_func sign_func,
-                         pk_rsa_alt_key_len_func key_len_func );
-#endif /* POLARSSL_PK_RSA_ALT_SUPPORT */
+int mbedtls_pk_init_ctx_rsa_alt( mbedtls_pk_context *ctx, void * key,
+                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                         mbedtls_pk_rsa_alt_sign_func sign_func,
+                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+#endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 
 /**
  * \brief           Get the size in bits of the underlying key
@@ -224,7 +224,7 @@
  *
  * \return          Key size in bits, or 0 on error
  */
-size_t pk_get_size( const pk_context *ctx );
+size_t mbedtls_pk_get_size( const mbedtls_pk_context *ctx );
 
 /**
  * \brief           Get the length in bytes of the underlying key
@@ -232,9 +232,9 @@
  *
  * \return          Key length in bytes, or 0 on error
  */
-static inline size_t pk_get_len( const pk_context *ctx )
+static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
 {
-    return( ( pk_get_size( ctx ) + 7 ) / 8 );
+    return( ( mbedtls_pk_get_size( ctx ) + 7 ) / 8 );
 }
 
 /**
@@ -246,7 +246,7 @@
  * \return          0 if context can't do the operations,
  *                  1 otherwise.
  */
-int pk_can_do( const pk_context *ctx, pk_type_t type );
+int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
 
 /**
  * \brief           Verify signature (including padding if relevant).
@@ -259,20 +259,20 @@
  * \param sig_len   Signature length
  *
  * \return          0 on success (signature is valid),
- *                  POLARSSL_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
  *                  valid but its actual length is less than sig_len,
  *                  or a specific error code.
  *
  * \note            For RSA keys, the default padding type is PKCS#1 v1.5.
- *                  Use \c pk_verify_ext( POLARSSL_PK_RSASSA_PSS, ... )
+ *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
  *                  to verify RSASSA_PSS signatures.
  *
  * \note            If hash_len is 0, then the length associated with md_alg
  *                  is used instead, or an error returned if it is invalid.
  *
- * \note            md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
  */
-int pk_verify( pk_context *ctx, md_type_t md_alg,
+int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
                const unsigned char *hash, size_t hash_len,
                const unsigned char *sig, size_t sig_len );
 
@@ -290,23 +290,23 @@
  * \param sig_len   Signature length
  *
  * \return          0 on success (signature is valid),
- *                  POLARSSL_ERR_PK_TYPE_MISMATCH if the PK context can't be
+ *                  MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
  *                  used for this type of signatures,
- *                  POLARSSL_ERR_PK_SIG_LEN_MISMATCH if the signature is
+ *                  MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if the signature is
  *                  valid but its actual length is less than sig_len,
  *                  or a specific error code.
  *
  * \note            If hash_len is 0, then the length associated with md_alg
  *                  is used instead, or an error returned if it is invalid.
  *
- * \note            md_alg may be POLARSSL_MD_NONE, only if hash_len != 0
+ * \note            md_alg may be MBEDTLS_MD_NONE, only if hash_len != 0
  *
- * \note            If type is POLARSSL_PK_RSASSA_PSS, then options must point
- *                  to a pk_rsassa_pss_options structure,
+ * \note            If type is MBEDTLS_PK_RSASSA_PSS, then options must point
+ *                  to a mbedtls_pk_rsassa_pss_options structure,
  *                  otherwise it must be NULL.
  */
-int pk_verify_ext( pk_type_t type, const void *options,
-                   pk_context *ctx, md_type_t md_alg,
+int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
+                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
                    const unsigned char *hash, size_t hash_len,
                    const unsigned char *sig, size_t sig_len );
 
@@ -331,10 +331,10 @@
  * \note            If hash_len is 0, then the length associated with md_alg
  *                  is used instead, or an error returned if it is invalid.
  *
- * \note            For RSA, md_alg may be POLARSSL_MD_NONE if hash_len != 0.
- *                  For ECDSA, md_alg may never be POLARSSL_MD_NONE.
+ * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
+ *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
  */
-int pk_sign( pk_context *ctx, md_type_t md_alg,
+int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
              const unsigned char *hash, size_t hash_len,
              unsigned char *sig, size_t *sig_len,
              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@@ -355,7 +355,7 @@
  *
  * \return          0 on success, or a specific error code.
  */
-int pk_decrypt( pk_context *ctx,
+int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
                 const unsigned char *input, size_t ilen,
                 unsigned char *output, size_t *olen, size_t osize,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@@ -376,7 +376,7 @@
  *
  * \return          0 on success, or a specific error code.
  */
-int pk_encrypt( pk_context *ctx,
+int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
                 const unsigned char *input, size_t ilen,
                 unsigned char *output, size_t *olen, size_t osize,
                 int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
@@ -387,9 +387,9 @@
  * \param pub       Context holding a public key.
  * \param prv       Context holding a private (and public) key.
  *
- * \return          0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
  */
-int pk_check_pair( const pk_context *pub, const pk_context *prv );
+int mbedtls_pk_check_pair( const mbedtls_pk_context *pub, const mbedtls_pk_context *prv );
 
 /**
  * \brief           Export debug information
@@ -397,9 +397,9 @@
  * \param ctx       Context to use
  * \param items     Place to write debug items
  *
- * \return          0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
+ * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
  */
-int pk_debug( const pk_context *ctx, pk_debug_item *items );
+int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
 
 /**
  * \brief           Access the type name
@@ -408,18 +408,18 @@
  *
  * \return          Type name on success, or "invalid PK"
  */
-const char * pk_get_name( const pk_context *ctx );
+const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
 
 /**
  * \brief           Get the key type
  *
  * \param ctx       Context to use
  *
- * \return          Type on success, or POLARSSL_PK_NONE
+ * \return          Type on success, or MBEDTLS_PK_NONE
  */
-pk_type_t pk_get_type( const pk_context *ctx );
+mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
 
-#if defined(POLARSSL_PK_PARSE_C)
+#if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
 /**
  * \brief           Parse a private key
@@ -431,14 +431,14 @@
  * \param pwdlen    size of the password
  *
  * \note            On entry, ctx must be empty, either freshly initialised
- *                  with pk_init() or reset with pk_free(). If you need a
- *                  specific key type, check the result with pk_can_do().
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
  *
  * \note            The key is also checked for correctness.
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int pk_parse_key( pk_context *ctx,
+int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
                   const unsigned char *key, size_t keylen,
                   const unsigned char *pwd, size_t pwdlen );
 
@@ -451,17 +451,17 @@
  * \param keylen    size of the buffer
  *
  * \note            On entry, ctx must be empty, either freshly initialised
- *                  with pk_init() or reset with pk_free(). If you need a
- *                  specific key type, check the result with pk_can_do().
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
  *
  * \note            The key is also checked for correctness.
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int pk_parse_public_key( pk_context *ctx,
+int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
                          const unsigned char *key, size_t keylen );
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 /** \ingroup pk_module */
 /**
  * \brief           Load and parse a private key
@@ -471,14 +471,14 @@
  * \param password  password to decrypt the file (can be NULL)
  *
  * \note            On entry, ctx must be empty, either freshly initialised
- *                  with pk_init() or reset with pk_free(). If you need a
- *                  specific key type, check the result with pk_can_do().
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
  *
  * \note            The key is also checked for correctness.
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int pk_parse_keyfile( pk_context *ctx,
+int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
                       const char *path, const char *password );
 
 /** \ingroup pk_module */
@@ -489,18 +489,18 @@
  * \param path      filename to read the private key from
  *
  * \note            On entry, ctx must be empty, either freshly initialised
- *                  with pk_init() or reset with pk_free(). If you need a
- *                  specific key type, check the result with pk_can_do().
+ *                  with mbedtls_pk_init() or reset with mbedtls_pk_free(). If you need a
+ *                  specific key type, check the result with mbedtls_pk_can_do().
  *
  * \note            The key is also checked for correctness.
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int pk_parse_public_keyfile( pk_context *ctx, const char *path );
-#endif /* POLARSSL_FS_IO */
-#endif /* POLARSSL_PK_PARSE_C */
+int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
+#endif /* MBEDTLS_FS_IO */
+#endif /* MBEDTLS_PK_PARSE_C */
 
-#if defined(POLARSSL_PK_WRITE_C)
+#if defined(MBEDTLS_PK_WRITE_C)
 /**
  * \brief           Write a private key to a PKCS#1 or SEC1 DER structure
  *                  Note: data is written at the end of the buffer! Use the
@@ -514,7 +514,7 @@
  * \return          length of data written if successful, or a specific
  *                  error code
  */
-int pk_write_key_der( pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 
 /**
  * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
@@ -529,9 +529,9 @@
  * \return          length of data written if successful, or a specific
  *                  error code
  */
-int pk_write_pubkey_der( pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_der( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 
-#if defined(POLARSSL_PEM_WRITE_C)
+#if defined(MBEDTLS_PEM_WRITE_C)
 /**
  * \brief           Write a public key to a PEM string
  *
@@ -541,7 +541,7 @@
  *
  * \return          0 successful, or a specific error code
  */
-int pk_write_pubkey_pem( pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
 
 /**
  * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
@@ -552,16 +552,16 @@
  *
  * \return          0 successful, or a specific error code
  */
-int pk_write_key_pem( pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* POLARSSL_PEM_WRITE_C */
-#endif /* POLARSSL_PK_WRITE_C */
+int mbedtls_pk_write_key_pem( mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+#endif /* MBEDTLS_PEM_WRITE_C */
+#endif /* MBEDTLS_PK_WRITE_C */
 
 /*
  * WARNING: Low-level functions. You probably do not want to use these unless
  *          you are certain you do ;)
  */
 
-#if defined(POLARSSL_PK_PARSE_C)
+#if defined(MBEDTLS_PK_PARSE_C)
 /**
  * \brief           Parse a SubjectPublicKeyInfo DER structure
  *
@@ -571,11 +571,11 @@
  *
  * \return          0 if successful, or a specific PK error code
  */
-int pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        pk_context *pk );
-#endif /* POLARSSL_PK_PARSE_C */
+int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
+                        mbedtls_pk_context *pk );
+#endif /* MBEDTLS_PK_PARSE_C */
 
-#if defined(POLARSSL_PK_WRITE_C)
+#if defined(MBEDTLS_PK_WRITE_C)
 /**
  * \brief           Write a subjectPublicKey to ASN.1 data
  *                  Note: function works backwards in data buffer
@@ -586,20 +586,20 @@
  *
  * \return          the length written or a negative error code
  */
-int pk_write_pubkey( unsigned char **p, unsigned char *start,
-                     const pk_context *key );
-#endif /* POLARSSL_PK_WRITE_C */
+int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
+                     const mbedtls_pk_context *key );
+#endif /* MBEDTLS_PK_WRITE_C */
 
 /*
  * Internal module functions. You probably do not want to use these unless you
  * know you do.
  */
-#if defined(POLARSSL_FS_IO)
-int pk_load_file( const char *path, unsigned char **buf, size_t *n );
+#if defined(MBEDTLS_FS_IO)
+int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
 #endif
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_PK_H */
+#endif /* MBEDTLS_PK_H */
diff --git a/include/mbedtls/pk_wrap.h b/include/mbedtls/pk_wrap.h
index 7eb4f72..ce91984 100644
--- a/include/mbedtls/pk_wrap.h
+++ b/include/mbedtls/pk_wrap.h
@@ -22,21 +22,21 @@
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-#ifndef POLARSSL_PK_WRAP_H
-#define POLARSSL_PK_WRAP_H
+#ifndef MBEDTLS_PK_WRAP_H
+#define MBEDTLS_PK_WRAP_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #include "pk.h"
 
-struct _pk_info_t
+struct mbedtls_pk_info_t
 {
     /** Public key type */
-    pk_type_t type;
+    mbedtls_pk_type_t type;
 
     /** Type name */
     const char *name;
@@ -45,15 +45,15 @@
     size_t (*get_size)( const void * );
 
     /** Tell if the context implements this type (e.g. ECKEY can do ECDSA) */
-    int (*can_do)( pk_type_t type );
+    int (*can_do)( mbedtls_pk_type_t type );
 
     /** Verify signature */
-    int (*verify_func)( void *ctx, md_type_t md_alg,
+    int (*verify_func)( void *ctx, mbedtls_md_type_t md_alg,
                         const unsigned char *hash, size_t hash_len,
                         const unsigned char *sig, size_t sig_len );
 
     /** Make signature */
-    int (*sign_func)( void *ctx, md_type_t md_alg,
+    int (*sign_func)( void *ctx, mbedtls_md_type_t md_alg,
                       const unsigned char *hash, size_t hash_len,
                       unsigned char *sig, size_t *sig_len,
                       int (*f_rng)(void *, unsigned char *, size_t),
@@ -81,35 +81,35 @@
     void (*ctx_free_func)( void *ctx );
 
     /** Interface with the debug module */
-    void (*debug_func)( const void *ctx, pk_debug_item *items );
+    void (*debug_func)( const void *ctx, mbedtls_pk_debug_item *items );
 
 };
-#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
 /* Container for RSA-alt */
 typedef struct
 {
     void *key;
-    pk_rsa_alt_decrypt_func decrypt_func;
-    pk_rsa_alt_sign_func sign_func;
-    pk_rsa_alt_key_len_func key_len_func;
-} rsa_alt_context;
+    mbedtls_pk_rsa_alt_decrypt_func decrypt_func;
+    mbedtls_pk_rsa_alt_sign_func sign_func;
+    mbedtls_pk_rsa_alt_key_len_func key_len_func;
+} mbedtls_rsa_alt_context;
 #endif
 
-#if defined(POLARSSL_RSA_C)
-extern const pk_info_t rsa_info;
+#if defined(MBEDTLS_RSA_C)
+extern const mbedtls_pk_info_t mbedtls_rsa_info;
 #endif
 
-#if defined(POLARSSL_ECP_C)
-extern const pk_info_t eckey_info;
-extern const pk_info_t eckeydh_info;
+#if defined(MBEDTLS_ECP_C)
+extern const mbedtls_pk_info_t mbedtls_eckey_info;
+extern const mbedtls_pk_info_t mbedtls_eckeydh_info;
 #endif
 
-#if defined(POLARSSL_ECDSA_C)
-extern const pk_info_t ecdsa_info;
+#if defined(MBEDTLS_ECDSA_C)
+extern const mbedtls_pk_info_t mbedtls_ecdsa_info;
 #endif
 
-#if defined(POLARSSL_PK_RSA_ALT_SUPPORT)
-extern const pk_info_t rsa_alt_info;
+#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
+extern const mbedtls_pk_info_t mbedtls_rsa_alt_info;
 #endif
 
-#endif /* POLARSSL_PK_WRAP_H */
+#endif /* MBEDTLS_PK_WRAP_H */
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index 1d64f0c..a6bda05 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -23,16 +23,16 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PKCS11_H
-#define POLARSSL_PKCS11_H
+#ifndef MBEDTLS_PKCS11_H
+#define MBEDTLS_PKCS11_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(POLARSSL_PKCS11_C)
+#if defined(MBEDTLS_PKCS11_C)
 
 #include "x509_crt.h"
 
@@ -56,7 +56,7 @@
 typedef struct {
         pkcs11h_certificate_t pkcs11h_cert;
         int len;
-} pkcs11_context;
+} mbedtls_pkcs11_context;
 
 /**
  * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
@@ -66,11 +66,11 @@
  *
  * \return              0 on success.
  */
-int pkcs11_x509_cert_init( x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
+int mbedtls_pkcs11_x509_cert_init( mbedtls_x509_crt *cert, pkcs11h_certificate_t pkcs11h_cert );
 
 /**
- * Initialise a pkcs11_context, storing the given certificate. Note that the
- * pkcs11_context will take over control of the certificate, freeing it when
+ * Initialise a mbedtls_pkcs11_context, storing the given certificate. Note that the
+ * mbedtls_pkcs11_context will take over control of the certificate, freeing it when
  * done.
  *
  * \param priv_key      Private key structure to fill.
@@ -78,7 +78,7 @@
  *
  * \return              0 on success
  */
-int pkcs11_priv_key_init( pkcs11_context *priv_key,
+int mbedtls_pkcs11_priv_key_init( mbedtls_pkcs11_context *priv_key,
         pkcs11h_certificate_t pkcs11_cert );
 
 /**
@@ -87,26 +87,26 @@
  *
  * \param priv_key      Private key structure to cleanup
  */
-void pkcs11_priv_key_free( pkcs11_context *priv_key );
+void mbedtls_pkcs11_priv_key_free( mbedtls_pkcs11_context *priv_key );
 
 /**
  * \brief          Do an RSA private key decrypt, then remove the message
  *                 padding
  *
  * \param ctx      PKCS #11 context
- * \param mode     must be RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
  * \param input    buffer holding the encrypted data
  * \param output   buffer that will hold the plaintext
  * \param olen     will contain the plaintext length
  * \param output_max_len    maximum length of the output buffer
  *
- * \return         0 if successful, or an POLARSSL_ERR_RSA_XXX error code
+ * \return         0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
  *
  * \note           The output buffer must be as large as the size
  *                 of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise
  *                 an error is thrown.
  */
-int pkcs11_decrypt( pkcs11_context *ctx,
+int mbedtls_pkcs11_decrypt( mbedtls_pkcs11_context *ctx,
                        int mode, size_t *olen,
                        const unsigned char *input,
                        unsigned char *output,
@@ -116,21 +116,21 @@
  * \brief          Do a private RSA to sign a message digest
  *
  * \param ctx      PKCS #11 context
- * \param mode     must be RSA_PRIVATE, for compatibility with rsa.c's signature
- * \param md_alg   a POLARSSL_MD_XXX (use POLARSSL_MD_NONE for signing raw data)
- * \param hashlen  message digest length (for POLARSSL_MD_NONE only)
+ * \param mode     must be MBEDTLS_RSA_PRIVATE, for compatibility with rsa.c's signature
+ * \param md_alg   a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data)
+ * \param hashlen  message digest length (for MBEDTLS_MD_NONE only)
  * \param hash     buffer holding the message digest
  * \param sig      buffer that will hold the ciphertext
  *
  * \return         0 if the signing operation was successful,
- *                 or an POLARSSL_ERR_RSA_XXX error code
+ *                 or an MBEDTLS_ERR_RSA_XXX error code
  *
  * \note           The "sig" buffer must be as large as the size
  *                 of ctx->N (eg. 128 bytes if RSA-1024 is used).
  */
-int pkcs11_sign( pkcs11_context *ctx,
+int mbedtls_pkcs11_sign( mbedtls_pkcs11_context *ctx,
                     int mode,
-                    md_type_t md_alg,
+                    mbedtls_md_type_t md_alg,
                     unsigned int hashlen,
                     const unsigned char *hash,
                     unsigned char *sig );
@@ -138,34 +138,34 @@
 /**
  * SSL/TLS wrappers for PKCS#11 functions
  */
-static inline int ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
+static inline int mbedtls_ssl_pkcs11_decrypt( void *ctx, int mode, size_t *olen,
                         const unsigned char *input, unsigned char *output,
                         size_t output_max_len )
 {
-    return pkcs11_decrypt( (pkcs11_context *) ctx, mode, olen, input, output,
+    return mbedtls_pkcs11_decrypt( (mbedtls_pkcs11_context *) ctx, mode, olen, input, output,
                            output_max_len );
 }
 
-static inline int ssl_pkcs11_sign( void *ctx,
+static inline int mbedtls_ssl_pkcs11_sign( void *ctx,
                      int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                     int mode, md_type_t md_alg, unsigned int hashlen,
+                     int mode, mbedtls_md_type_t md_alg, unsigned int hashlen,
                      const unsigned char *hash, unsigned char *sig )
 {
     ((void) f_rng);
     ((void) p_rng);
-    return pkcs11_sign( (pkcs11_context *) ctx, mode, md_alg,
+    return mbedtls_pkcs11_sign( (mbedtls_pkcs11_context *) ctx, mode, md_alg,
                         hashlen, hash, sig );
 }
 
-static inline size_t ssl_pkcs11_key_len( void *ctx )
+static inline size_t mbedtls_ssl_pkcs11_key_len( void *ctx )
 {
-    return ( (pkcs11_context *) ctx )->len;
+    return ( (mbedtls_pkcs11_context *) ctx )->len;
 }
 
 #ifdef __cplusplus
 }
 #endif
 
-#endif /* POLARSSL_PKCS11_C */
+#endif /* MBEDTLS_PKCS11_C */
 
-#endif /* POLARSSL_PKCS11_H */
+#endif /* MBEDTLS_PKCS11_H */
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index cc09aa5..c5085da 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -21,8 +21,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PKCS12_H
-#define POLARSSL_PKCS12_H
+#ifndef MBEDTLS_PKCS12_H
+#define MBEDTLS_PKCS12_H
 
 #include "md.h"
 #include "cipher.h"
@@ -30,17 +30,17 @@
 
 #include <stddef.h>
 
-#define POLARSSL_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
-#define POLARSSL_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
-#define POLARSSL_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00  /**< Feature not available, e.g. unsupported encryption scheme. */
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80  /**< PBE ASN.1 data not as expected. */
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00  /**< Given private key password does not allow for correct decryption. */
 
-#define PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
-#define PKCS12_DERIVE_IV        2   /**< initialization vector     */
-#define PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
+#define MBEDTLS_PKCS12_DERIVE_KEY       1   /**< encryption/decryption key */
+#define MBEDTLS_PKCS12_DERIVE_IV        2   /**< initialization vector     */
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3   /**< integrity / MAC key       */
 
-#define PKCS12_PBE_DECRYPT      0
-#define PKCS12_PBE_ENCRYPT      1
+#define MBEDTLS_PKCS12_PBE_DECRYPT      0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
 
 #ifdef __cplusplus
 extern "C" {
@@ -51,38 +51,38 @@
  *                   for pbeWithSHAAnd128BitRC4
  *
  * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
  * \param pwd        the password used (may be NULL if no password is used)
  * \param pwdlen     length of the password (may be 0)
  * \param input      the input data
  * \param len        data length
  * \param output     the output buffer
  *
- * \return           0 if successful, or a POLARSSL_ERR_XXX code
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
  */
-int pkcs12_pbe_sha1_rc4_128( asn1_buf *pbe_params, int mode,
+int mbedtls_pkcs12_pbe_sha1_rc4_128( mbedtls_asn1_buf *pbe_params, int mode,
                              const unsigned char *pwd,  size_t pwdlen,
                              const unsigned char *input, size_t len,
                              unsigned char *output );
 
 /**
  * \brief            PKCS12 Password Based function (encryption / decryption)
- *                   for cipher-based and md-based PBE's
+ *                   for cipher-based and mbedtls_md-based PBE's
  *
  * \param pbe_params an ASN1 buffer containing the pkcs-12PbeParams structure
- * \param mode       either PKCS12_PBE_ENCRYPT or PKCS12_PBE_DECRYPT
+ * \param mode       either MBEDTLS_PKCS12_PBE_ENCRYPT or MBEDTLS_PKCS12_PBE_DECRYPT
  * \param cipher_type the cipher used
- * \param md_type     the md used
+ * \param md_type     the mbedtls_md used
  * \param pwd        the password used (may be NULL if no password is used)
  * \param pwdlen     length of the password (may be 0)
  * \param input      the input data
  * \param len        data length
  * \param output     the output buffer
  *
- * \return           0 if successful, or a POLARSSL_ERR_XXX code
+ * \return           0 if successful, or a MBEDTLS_ERR_XXX code
  */
-int pkcs12_pbe( asn1_buf *pbe_params, int mode,
-                cipher_type_t cipher_type, md_type_t md_type,
+int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
+                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
                 const unsigned char *pwd,  size_t pwdlen,
                 const unsigned char *input, size_t len,
                 unsigned char *output );
@@ -101,17 +101,17 @@
  * \param pwdlen     length of the password (may be 0)
  * \param salt       salt buffer to use
  * \param saltlen    length of the salt
- * \param md         md type to use during the derivation
- * \param id         id that describes the purpose (can be PKCS12_DERIVE_KEY,
- *                   PKCS12_DERIVE_IV or PKCS12_DERIVE_MAC_KEY)
+ * \param mbedtls_md         mbedtls_md type to use during the derivation
+ * \param id         id that describes the purpose (can be MBEDTLS_PKCS12_DERIVE_KEY,
+ *                   MBEDTLS_PKCS12_DERIVE_IV or MBEDTLS_PKCS12_DERIVE_MAC_KEY)
  * \param iterations number of iterations
  *
  * \return          0 if successful, or a MD, BIGNUM type error.
  */
-int pkcs12_derivation( unsigned char *data, size_t datalen,
+int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
                        const unsigned char *pwd, size_t pwdlen,
                        const unsigned char *salt, size_t saltlen,
-                       md_type_t md, int id, int iterations );
+                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index f46be12..79b7136 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -23,8 +23,8 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PKCS5_H
-#define POLARSSL_PKCS5_H
+#ifndef MBEDTLS_PKCS5_H
+#define MBEDTLS_PKCS5_H
 
 #include "asn1.h"
 #include "md.h"
@@ -38,13 +38,13 @@
 #include <inttypes.h>
 #endif
 
-#define POLARSSL_ERR_PKCS5_BAD_INPUT_DATA                  -0x3f80  /**< Bad input parameters to function. */
-#define POLARSSL_ERR_PKCS5_INVALID_FORMAT                  -0x3f00  /**< Unexpected ASN.1 data. */
-#define POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x3e80  /**< Requested encryption or digest alg not available. */
-#define POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH               -0x3e00  /**< Given private key password does not allow for correct decryption. */
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x3f80  /**< Bad input parameters to function. */
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x3f00  /**< Unexpected ASN.1 data. */
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x3e80  /**< Requested encryption or digest alg not available. */
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x3e00  /**< Given private key password does not allow for correct decryption. */
 
-#define PKCS5_DECRYPT      0
-#define PKCS5_ENCRYPT      1
+#define MBEDTLS_PKCS5_DECRYPT      0
+#define MBEDTLS_PKCS5_ENCRYPT      1
 
 #ifdef __cplusplus
 extern "C" {
@@ -54,16 +54,16 @@
  * \brief          PKCS#5 PBES2 function
  *
  * \param pbe_params the ASN.1 algorithm parameters
- * \param mode       either PKCS5_DECRYPT or PKCS5_ENCRYPT
+ * \param mode       either MBEDTLS_PKCS5_DECRYPT or MBEDTLS_PKCS5_ENCRYPT
  * \param pwd        password to use when generating key
  * \param pwdlen     length of password
  * \param data       data to process
  * \param datalen    length of data
  * \param output     output buffer
  *
- * \returns        0 on success, or a POLARSSL_ERR_XXX code if verification fails.
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
  */
-int pkcs5_pbes2( const asn1_buf *pbe_params, int mode,
+int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
                  const unsigned char *pwd,  size_t pwdlen,
                  const unsigned char *data, size_t datalen,
                  unsigned char *output );
@@ -80,9 +80,9 @@
  * \param key_length            Length of generated key
  * \param output   Generated key. Must be at least as big as key_length
  *
- * \returns        0 on success, or a POLARSSL_ERR_XXX code if verification fails.
+ * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
  */
-int pkcs5_pbkdf2_hmac( md_context_t *ctx, const unsigned char *password,
+int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
                        size_t plen, const unsigned char *salt, size_t slen,
                        unsigned int iteration_count,
                        uint32_t key_length, unsigned char *output );
@@ -92,7 +92,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int pkcs5_self_test( int verbose );
+int mbedtls_pkcs5_self_test( int verbose );
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 34af46e..765c18f 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_PLATFORM_H
-#define POLARSSL_PLATFORM_H
+#ifndef MBEDTLS_PLATFORM_H
+#define MBEDTLS_PLATFORM_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
 #ifdef __cplusplus
@@ -42,46 +42,46 @@
  * \{
  */
 
-#if !defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
+#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
 #include <stdio.h>
 #include <stdlib.h>
-#if !defined(POLARSSL_PLATFORM_STD_SNPRINTF)
-#define POLARSSL_PLATFORM_STD_SNPRINTF   snprintf /**< Default snprintf to use  */
+#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< Default snprintf to use  */
 #endif
-#if !defined(POLARSSL_PLATFORM_STD_PRINTF)
-#define POLARSSL_PLATFORM_STD_PRINTF   printf /**< Default printf to use  */
+#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< Default printf to use  */
 #endif
-#if !defined(POLARSSL_PLATFORM_STD_FPRINTF)
-#define POLARSSL_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
+#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use */
 #endif
-#if !defined(POLARSSL_PLATFORM_STD_MALLOC)
-#define POLARSSL_PLATFORM_STD_MALLOC   malloc /**< Default allocator to use */
+#if !defined(MBEDTLS_PLATFORM_STD_MALLOC)
+#define MBEDTLS_PLATFORM_STD_MALLOC   malloc /**< Default allocator to use */
 #endif
-#if !defined(POLARSSL_PLATFORM_STD_FREE)
-#define POLARSSL_PLATFORM_STD_FREE       free /**< Default free to use */
+#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE       free /**< Default free to use */
 #endif
-#if !defined(POLARSSL_PLATFORM_STD_EXIT)
-#define POLARSSL_PLATFORM_STD_EXIT      exit /**< Default free to use */
+#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+#define MBEDTLS_PLATFORM_STD_EXIT      exit /**< Default free to use */
 #endif
-#else /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(POLARSSL_PLATFORM_STD_MEM_HDR)
-#include POLARSSL_PLATFORM_STD_MEM_HDR
+#else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+#include MBEDTLS_PLATFORM_STD_MEM_HDR
 #endif
-#endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
+#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
 /* \} name SECTION: Module settings */
 
 /*
  * The function pointers for malloc and free
  */
-#if defined(POLARSSL_PLATFORM_MEMORY)
-#if defined(POLARSSL_PLATFORM_FREE_MACRO) && \
-    defined(POLARSSL_PLATFORM_MALLOC_MACRO)
-#define polarssl_free       POLARSSL_PLATFORM_FREE_MACRO
-#define polarssl_malloc     POLARSSL_PLATFORM_MALLOC_MACRO
+#if defined(MBEDTLS_PLATFORM_MEMORY)
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    defined(MBEDTLS_PLATFORM_MALLOC_MACRO)
+#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
+#define mbedtls_malloc     MBEDTLS_PLATFORM_MALLOC_MACRO
 #else
-extern void * (*polarssl_malloc)( size_t len );
-extern void (*polarssl_free)( void *ptr );
+extern void * (*mbedtls_malloc)( size_t len );
+extern void (*mbedtls_free)( void *ptr );
 
 /**
  * \brief   Set your own memory implementation function pointers
@@ -91,19 +91,19 @@
  *
  * \return              0 if successful
  */
-int platform_set_malloc_free( void * (*malloc_func)( size_t ),
+int mbedtls_platform_set_malloc_free( void * (*malloc_func)( size_t ),
                               void (*free_func)( void * ) );
-#endif /* POLARSSL_PLATFORM_FREE_MACRO && POLARSSL_PLATFORM_MALLOC_MACRO */
-#else /* !POLARSSL_PLATFORM_MEMORY */
-#define polarssl_free       free
-#define polarssl_malloc     malloc
-#endif /* POLARSSL_PLATFORM_MEMORY && !POLARSSL_PLATFORM_{FREE,MALLOC}_MACRO */
+#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_MALLOC_MACRO */
+#else /* !MBEDTLS_PLATFORM_MEMORY */
+#define mbedtls_free       free
+#define mbedtls_malloc     malloc
+#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,MALLOC}_MACRO */
 
 /*
  * The function pointers for fprintf
  */
-#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
-extern int (*polarssl_fprintf)( FILE *stream, const char *format, ... );
+#if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
+extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
 
 /**
  * \brief   Set your own fprintf function pointer
@@ -112,21 +112,21 @@
  *
  * \return              0
  */
-int platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
+int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
                                                ... ) );
 #else
-#if defined(POLARSSL_PLATFORM_FPRINTF_MACRO)
-#define polarssl_fprintf    POLARSSL_PLATFORM_FPRINTF_MACRO
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
 #else
-#define polarssl_fprintf    fprintf
-#endif /* POLARSSL_PLATFORM_FPRINTF_MACRO */
-#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */
+#define mbedtls_fprintf    fprintf
+#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
 
 /*
  * The function pointers for printf
  */
-#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
-extern int (*polarssl_printf)( const char *format, ... );
+#if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
+extern int (*mbedtls_printf)( const char *format, ... );
 
 /**
  * \brief   Set your own printf function pointer
@@ -135,20 +135,20 @@
  *
  * \return              0
  */
-int platform_set_printf( int (*printf_func)( const char *, ... ) );
-#else /* !POLARSSL_PLATFORM_PRINTF_ALT */
-#if defined(POLARSSL_PLATFORM_PRINTF_MACRO)
-#define polarssl_printf     POLARSSL_PLATFORM_PRINTF_MACRO
+int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
 #else
-#define polarssl_printf     printf
-#endif /* POLARSSL_PLATFORM_PRINTF_MACRO */
-#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
+#define mbedtls_printf     printf
+#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
 
 /*
  * The function pointers for snprintf
  */
-#if defined(POLARSSL_PLATFORM_SNPRINTF_ALT)
-extern int (*polarssl_snprintf)( char * s, size_t n, const char * format, ... );
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
+extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
 
 /**
  * \brief   Set your own snprintf function pointer
@@ -157,21 +157,21 @@
  *
  * \return              0
  */
-int platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
+int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
                                                  const char * format, ... ) );
-#else /* POLARSSL_PLATFORM_SNPRINTF_ALT */
-#if defined(POLARSSL_PLATFORM_SNPRINTF_MACRO)
-#define polarssl_snprintf   POLARSSL_PLATFORM_SNPRINTF_MACRO
+#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
 #else
-#define polarssl_snprintf   snprintf
-#endif /* POLARSSL_PLATFORM_SNPRINTF_MACRO */
-#endif /* POLARSSL_PLATFORM_SNPRINTF_ALT */
+#define mbedtls_snprintf   snprintf
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+#endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
 
 /*
  * The function pointers for exit
  */
-#if defined(POLARSSL_PLATFORM_EXIT_ALT)
-extern void (*polarssl_exit)( int status );
+#if defined(MBEDTLS_PLATFORM_EXIT_ALT)
+extern void (*mbedtls_exit)( int status );
 
 /**
  * \brief   Set your own exit function pointer
@@ -180,14 +180,14 @@
  *
  * \return              0
  */
-int platform_set_exit( void (*exit_func)( int status ) );
+int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
 #else
-#if defined(POLARSSL_PLATFORM_EXIT_MACRO)
-#define polarssl_exit   POLARSSL_PLATFORM_EXIT_MACRO
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
 #else
-#define polarssl_exit   exit
-#endif /* POLARSSL_PLATFORM_EXIT_MACRO */
-#endif /* POLARSSL_PLATFORM_EXIT_ALT */
+#define mbedtls_exit   exit
+#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+#endif /* MBEDTLS_PLATFORM_EXIT_ALT */
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 48db853..7a77265 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -1,5 +1,5 @@
 /**
- * \file ripemd160.h
+ * \file mbedtls_ripemd160.h
  *
  * \brief RIPE MD-160 message digest
  *
@@ -21,13 +21,13 @@
  *  with this program; if not, write to the Free Software Foundation, Inc.,
  *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
-#ifndef POLARSSL_RIPEMD160_H
-#define POLARSSL_RIPEMD160_H
+#ifndef MBEDTLS_RIPEMD160_H
+#define MBEDTLS_RIPEMD160_H
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "config.h"
 #else
-#include POLARSSL_C