diff --git a/library/x509.c b/library/x509.c
index 1095b83..eb14720 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -30,13 +30,13 @@
  *  http://www.itu.int/ITU-T/studygroups/com17/languages/X.690-0207.pdf
  */
 
-#if !defined(POLARSSL_CONFIG_FILE)
+#if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
 #else
-#include POLARSSL_CONFIG_FILE
+#include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(POLARSSL_X509_USE_C)
+#if defined(MBEDTLS_X509_USE_C)
 
 #include "mbedtls/x509.h"
 #include "mbedtls/asn1.h"
@@ -45,19 +45,19 @@
 #include <stdio.h>
 #include <string.h>
 
-#if defined(POLARSSL_PEM_PARSE_C)
+#if defined(MBEDTLS_PEM_PARSE_C)
 #include "mbedtls/pem.h"
 #endif
 
-#if defined(POLARSSL_PLATFORM_C)
+#if defined(MBEDTLS_PLATFORM_C)
 #include "mbedtls/platform.h"
 #else
 #include <stdio.h>
 #include <stdlib.h>
-#define polarssl_free       free
-#define polarssl_malloc     malloc
-#define polarssl_printf     printf
-#define polarssl_snprintf   snprintf
+#define mbedtls_free       free
+#define mbedtls_malloc     malloc
+#define mbedtls_printf     printf
+#define mbedtls_snprintf   snprintf
 #endif
 
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -66,7 +66,7 @@
 #include <time.h>
 #endif
 
-#if defined(POLARSSL_FS_IO)
+#if defined(MBEDTLS_FS_IO)
 #include <stdio.h>
 #if !defined(_WIN32)
 #include <sys/types.h>
@@ -80,24 +80,24 @@
 /*
  *  CertificateSerialNumber  ::=  INTEGER
  */
-int x509_get_serial( unsigned char **p, const unsigned char *end,
-                     x509_buf *serial )
+int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
+                     mbedtls_x509_buf *serial )
 {
     int ret;
 
     if( ( end - *p ) < 1 )
-        return( POLARSSL_ERR_X509_INVALID_SERIAL +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
-    if( **p != ( ASN1_CONTEXT_SPECIFIC | ASN1_PRIMITIVE | 2 ) &&
-        **p !=   ASN1_INTEGER )
-        return( POLARSSL_ERR_X509_INVALID_SERIAL +
-                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+    if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
+        **p !=   MBEDTLS_ASN1_INTEGER )
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
     serial->tag = *(*p)++;
 
-    if( ( ret = asn1_get_len( p, end, &serial->len ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_SERIAL + ret );
+    if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret );
 
     serial->p = *p;
     *p += serial->len;
@@ -111,13 +111,13 @@
  *       algorithm               OBJECT IDENTIFIER,
  *       parameters              ANY DEFINED BY algorithm OPTIONAL  }
  */
-int x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       x509_buf *alg )
+int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
+                       mbedtls_x509_buf *alg )
 {
     int ret;
 
-    if( ( ret = asn1_get_alg_null( p, end, alg ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     return( 0 );
 }
@@ -125,18 +125,18 @@
 /*
  * Parse an algorithm identifier with (optional) paramaters
  */
-int x509_get_alg( unsigned char **p, const unsigned char *end,
-                  x509_buf *alg, x509_buf *params )
+int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params )
 {
     int ret;
 
-    if( ( ret = asn1_get_alg( p, end, alg, params ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     return( 0 );
 }
 
-#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
 /*
  * HashAlgorithm ::= AlgorithmIdentifier
  *
@@ -146,49 +146,49 @@
  *
  * For HashAlgorithm, parameters MUST be NULL or absent.
  */
-static int x509_get_hash_alg( const x509_buf *alg, md_type_t *md_alg )
+static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md_alg )
 {
     int ret;
     unsigned char *p;
     const unsigned char *end;
-    x509_buf md_oid;
+    mbedtls_x509_buf md_oid;
     size_t len;
 
     /* Make sure we got a SEQUENCE and setup bounds */
-    if( alg->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
-        return( POLARSSL_ERR_X509_INVALID_ALG +
-                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+    if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
     p = (unsigned char *) alg->p;
     end = p + alg->len;
 
     if( p >= end )
-        return( POLARSSL_ERR_X509_INVALID_ALG +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
     /* Parse md_oid */
     md_oid.tag = *p;
 
-    if( ( ret = asn1_get_tag( &p, end, &md_oid.len, ASN1_OID ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     md_oid.p = p;
     p += md_oid.len;
 
     /* Get md_alg from md_oid */
-    if( ( ret = oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     /* Make sure params is absent of NULL */
     if( p == end )
         return( 0 );
 
-    if( ( ret = asn1_get_tag( &p, end, &len, ASN1_NULL ) ) != 0 || len != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     if( p != end )
-        return( POLARSSL_ERR_X509_INVALID_ALG +
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
     return( 0 );
 }
@@ -205,25 +205,25 @@
  * of trailerField MUST be 1, and PKCS#1 v2.2 doesn't even define any other
  * option. Enfore this at parsing time.
  */
-int x509_get_rsassa_pss_params( const x509_buf *params,
-                                md_type_t *md_alg, md_type_t *mgf_md,
+int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
+                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
                                 int *salt_len )
 {
     int ret;
     unsigned char *p;
     const unsigned char *end, *end2;
     size_t len;
-    x509_buf alg_id, alg_params;
+    mbedtls_x509_buf alg_id, alg_params;
 
     /* First set everything to defaults */
-    *md_alg = POLARSSL_MD_SHA1;
-    *mgf_md = POLARSSL_MD_SHA1;
+    *md_alg = MBEDTLS_MD_SHA1;
+    *mgf_md = MBEDTLS_MD_SHA1;
     *salt_len = 20;
 
     /* Make sure params is a SEQUENCE and setup bounds */
-    if( params->tag != ( ASN1_CONSTRUCTED | ASN1_SEQUENCE ) )
-        return( POLARSSL_ERR_X509_INVALID_ALG +
-                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+    if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
     p = (unsigned char *) params->p;
     end = p + params->len;
@@ -234,24 +234,24 @@
     /*
      * HashAlgorithm
      */
-    if( ( ret = asn1_get_tag( &p, end, &len,
-                    ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 0 ) ) == 0 )
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 0 ) ) == 0 )
     {
         end2 = p + len;
 
         /* HashAlgorithm ::= AlgorithmIdentifier (without parameters) */
-        if( ( ret = x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
+        if( ( ret = mbedtls_x509_get_alg_null( &p, end2, &alg_id ) ) != 0 )
             return( ret );
 
-        if( ( ret = oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
-            return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+        if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
         if( p != end2 )
-            return( POLARSSL_ERR_X509_INVALID_ALG +
-                    POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
-    else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     if( p == end )
         return( 0 );
@@ -259,30 +259,30 @@
     /*
      * MaskGenAlgorithm
      */
-    if( ( ret = asn1_get_tag( &p, end, &len,
-                    ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 1 ) ) == 0 )
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 1 ) ) == 0 )
     {
         end2 = p + len;
 
         /* MaskGenAlgorithm ::= AlgorithmIdentifier (params = HashAlgorithm) */
-        if( ( ret = x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
+        if( ( ret = mbedtls_x509_get_alg( &p, end2, &alg_id, &alg_params ) ) != 0 )
             return( ret );
 
         /* Only MFG1 is recognised for now */
-        if( OID_CMP( OID_MGF1, &alg_id ) != 0 )
-            return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE +
-                    POLARSSL_ERR_OID_NOT_FOUND );
+        if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
+            return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE +
+                    MBEDTLS_ERR_OID_NOT_FOUND );
 
         /* Parse HashAlgorithm */
         if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
             return( ret );
 
         if( p != end2 )
-            return( POLARSSL_ERR_X509_INVALID_ALG +
-                    POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
-    else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     if( p == end )
         return( 0 );
@@ -290,20 +290,20 @@
     /*
      * salt_len
      */
-    if( ( ret = asn1_get_tag( &p, end, &len,
-                    ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 2 ) ) == 0 )
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 2 ) ) == 0 )
     {
         end2 = p + len;
 
-        if( ( ret = asn1_get_int( &p, end2, salt_len ) ) != 0 )
-            return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+        if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
         if( p != end2 )
-            return( POLARSSL_ERR_X509_INVALID_ALG +
-                    POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
     }
-    else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     if( p == end )
         return( 0 );
@@ -311,33 +311,33 @@
     /*
      * trailer_field (if present, must be 1)
      */
-    if( ( ret = asn1_get_tag( &p, end, &len,
-                    ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | 3 ) ) == 0 )
+    if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
+                    MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | 3 ) ) == 0 )
     {
         int trailer_field;
 
         end2 = p + len;
 
-        if( ( ret = asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
-            return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+        if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
         if( p != end2 )
-            return( POLARSSL_ERR_X509_INVALID_ALG +
-                    POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+            return( MBEDTLS_ERR_X509_INVALID_ALG +
+                    MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
         if( trailer_field != 1 )
-            return( POLARSSL_ERR_X509_INVALID_ALG );
+            return( MBEDTLS_ERR_X509_INVALID_ALG );
     }
-    else if( ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG )
-        return( POLARSSL_ERR_X509_INVALID_ALG + ret );
+    else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
+        return( MBEDTLS_ERR_X509_INVALID_ALG + ret );
 
     if( p != end )
-        return( POLARSSL_ERR_X509_INVALID_ALG +
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+        return( MBEDTLS_ERR_X509_INVALID_ALG +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
     return( 0 );
 }
-#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
 /*
  *  AttributeTypeAndValue ::= SEQUENCE {
@@ -350,46 +350,46 @@
  */
 static int x509_get_attr_type_value( unsigned char **p,
                                      const unsigned char *end,
-                                     x509_name *cur )
+                                     mbedtls_x509_name *cur )
 {
     int ret;
     size_t len;
-    x509_buf *oid;
-    x509_buf *val;
+    mbedtls_x509_buf *oid;
+    mbedtls_x509_buf *val;
 
-    if( ( ret = asn1_get_tag( p, end, &len,
-            ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 
     if( ( end - *p ) < 1 )
-        return( POLARSSL_ERR_X509_INVALID_NAME +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
     oid = &cur->oid;
     oid->tag = **p;
 
-    if( ( ret = asn1_get_tag( p, end, &oid->len, ASN1_OID ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 
     oid->p = *p;
     *p += oid->len;
 
     if( ( end - *p ) < 1 )
-        return( POLARSSL_ERR_X509_INVALID_NAME +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
-    if( **p != ASN1_BMP_STRING && **p != ASN1_UTF8_STRING      &&
-        **p != ASN1_T61_STRING && **p != ASN1_PRINTABLE_STRING &&
-        **p != ASN1_IA5_STRING && **p != ASN1_UNIVERSAL_STRING &&
-        **p != ASN1_BIT_STRING )
-        return( POLARSSL_ERR_X509_INVALID_NAME +
-                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+    if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING      &&
+        **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
+        **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
+        **p != MBEDTLS_ASN1_BIT_STRING )
+        return( MBEDTLS_ERR_X509_INVALID_NAME +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 
     val = &cur->val;
     val->tag = *(*p)++;
 
-    if( ( ret = asn1_get_len( p, end, &val->len ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+    if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 
     val->p = *p;
     *p += val->len;
@@ -420,10 +420,10 @@
  * one element, which is represented as a list of AttributeTypeAndValue.
  * For the general case we still use a flat list, but we mark elements of the
  * same set so that they are "merged" together in the functions that consume
- * this list, eg x509_dn_gets().
+ * this list, eg mbedtls_x509_dn_gets().
  */
-int x509_get_name( unsigned char **p, const unsigned char *end,
-                   x509_name *cur )
+int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_name *cur )
 {
     int ret;
     size_t set_len;
@@ -435,9 +435,9 @@
         /*
          * parse SET
          */
-        if( ( ret = asn1_get_tag( p, end, &set_len,
-                ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
-            return( POLARSSL_ERR_X509_INVALID_NAME + ret );
+        if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
+                MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
+            return( MBEDTLS_ERR_X509_INVALID_NAME + ret );
 
         end_set  = *p + set_len;
 
@@ -452,12 +452,12 @@
             /* Mark this item as being only one in a set */
             cur->next_merged = 1;
 
-            cur->next = polarssl_malloc( sizeof( x509_name ) );
+            cur->next = mbedtls_malloc( sizeof( mbedtls_x509_name ) );
 
             if( cur->next == NULL )
-                return( POLARSSL_ERR_X509_MALLOC_FAILED );
+                return( MBEDTLS_ERR_X509_MALLOC_FAILED );
 
-            memset( cur->next, 0, sizeof( x509_name ) );
+            memset( cur->next, 0, sizeof( mbedtls_x509_name ) );
 
             cur = cur->next;
         }
@@ -468,12 +468,12 @@
         if( *p == end )
             return( 0 );
 
-        cur->next = polarssl_malloc( sizeof( x509_name ) );
+        cur->next = mbedtls_malloc( sizeof( mbedtls_x509_name ) );
 
         if( cur->next == NULL )
-            return( POLARSSL_ERR_X509_MALLOC_FAILED );
+            return( MBEDTLS_ERR_X509_MALLOC_FAILED );
 
-        memset( cur->next, 0, sizeof( x509_name ) );
+        memset( cur->next, 0, sizeof( mbedtls_x509_name ) );
 
         cur = cur->next;
     }
@@ -482,7 +482,7 @@
 static int x509_parse_int(unsigned char **p, unsigned n, int *res){
     *res = 0;
     for( ; n > 0; --n ){
-        if( ( **p < '0') || ( **p > '9' ) ) return POLARSSL_ERR_X509_INVALID_DATE;
+        if( ( **p < '0') || ( **p > '9' ) ) return MBEDTLS_ERR_X509_INVALID_DATE;
         *res *= 10;
         *res += (*(*p)++ - '0');
     }
@@ -494,26 +494,26 @@
  *       utcTime        UTCTime,
  *       generalTime    GeneralizedTime }
  */
-int x509_get_time( unsigned char **p, const unsigned char *end,
-                   x509_time *time )
+int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
+                   mbedtls_x509_time *time )
 {
     int ret;
     size_t len;
     unsigned char tag;
 
     if( ( end - *p ) < 1 )
-        return( POLARSSL_ERR_X509_INVALID_DATE +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_DATE +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
     tag = **p;
 
-    if( tag == ASN1_UTC_TIME )
+    if( tag == MBEDTLS_ASN1_UTC_TIME )
     {
         (*p)++;
-        ret = asn1_get_len( p, end, &len );
+        ret = mbedtls_asn1_get_len( p, end, &len );
 
         if( ret != 0 )
-            return( POLARSSL_ERR_X509_INVALID_DATE + ret );
+            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
 
         CHECK( x509_parse_int( p, 2, &time->year ) );
         CHECK( x509_parse_int( p, 2, &time->mon ) );
@@ -523,20 +523,20 @@
         if( len > 10 )
             CHECK( x509_parse_int( p, 2, &time->sec ) );
         if( len > 12 && *(*p)++ != 'Z' )
-            return( POLARSSL_ERR_X509_INVALID_DATE );
+            return( MBEDTLS_ERR_X509_INVALID_DATE );
 
         time->year +=  100 * ( time->year < 50 );
         time->year += 1900;
 
         return( 0 );
     }
-    else if( tag == ASN1_GENERALIZED_TIME )
+    else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
     {
         (*p)++;
-        ret = asn1_get_len( p, end, &len );
+        ret = mbedtls_asn1_get_len( p, end, &len );
 
         if( ret != 0 )
-            return( POLARSSL_ERR_X509_INVALID_DATE + ret );
+            return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
 
         CHECK( x509_parse_int( p, 4, &time->year ) );
         CHECK( x509_parse_int( p, 2, &time->mon ) );
@@ -546,28 +546,28 @@
         if( len > 12 )
             CHECK( x509_parse_int( p, 2, &time->sec ) );
         if( len > 14 && *(*p)++ != 'Z' )
-            return( POLARSSL_ERR_X509_INVALID_DATE );
+            return( MBEDTLS_ERR_X509_INVALID_DATE );
 
         return( 0 );
     }
     else
-        return( POLARSSL_ERR_X509_INVALID_DATE +
-                POLARSSL_ERR_ASN1_UNEXPECTED_TAG );
+        return( MBEDTLS_ERR_X509_INVALID_DATE +
+                MBEDTLS_ERR_ASN1_UNEXPECTED_TAG );
 }
 
-int x509_get_sig( unsigned char **p, const unsigned char *end, x509_buf *sig )
+int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
 {
     int ret;
     size_t len;
 
     if( ( end - *p ) < 1 )
-        return( POLARSSL_ERR_X509_INVALID_SIGNATURE +
-                POLARSSL_ERR_ASN1_OUT_OF_DATA );
+        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE +
+                MBEDTLS_ERR_ASN1_OUT_OF_DATA );
 
     sig->tag = **p;
 
-    if( ( ret = asn1_get_bitstring_null( p, end, &len ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_SIGNATURE + ret );
+    if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret );
 
     sig->len = len;
     sig->p = *p;
@@ -580,46 +580,46 @@
 /*
  * Get signature algorithm from alg OID and optional parameters
  */
-int x509_get_sig_alg( const x509_buf *sig_oid, const x509_buf *sig_params,
-                      md_type_t *md_alg, pk_type_t *pk_alg,
+int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
+                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
                       void **sig_opts )
 {
     int ret;
 
     if( *sig_opts != NULL )
-        return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
+        return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
 
-    if( ( ret = oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
-        return( POLARSSL_ERR_X509_UNKNOWN_SIG_ALG + ret );
+    if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
+        return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret );
 
-#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
-    if( *pk_alg == POLARSSL_PK_RSASSA_PSS )
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
     {
-        pk_rsassa_pss_options *pss_opts;
+        mbedtls_pk_rsassa_pss_options *pss_opts;
 
-        pss_opts = polarssl_malloc( sizeof( pk_rsassa_pss_options ) );
+        pss_opts = mbedtls_malloc( sizeof( mbedtls_pk_rsassa_pss_options ) );
         if( pss_opts == NULL )
-            return( POLARSSL_ERR_X509_MALLOC_FAILED );
+            return( MBEDTLS_ERR_X509_MALLOC_FAILED );
 
-        ret = x509_get_rsassa_pss_params( sig_params,
+        ret = mbedtls_x509_get_rsassa_pss_params( sig_params,
                                           md_alg,
                                           &pss_opts->mgf1_hash_id,
                                           &pss_opts->expected_salt_len );
         if( ret != 0 )
         {
-            polarssl_free( pss_opts );
+            mbedtls_free( pss_opts );
             return( ret );
         }
 
         *sig_opts = (void *) pss_opts;
     }
     else
-#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
     {
         /* Make sure parameters are absent or NULL */
-        if( ( sig_params->tag != ASN1_NULL && sig_params->tag != 0 ) ||
+        if( ( sig_params->tag != MBEDTLS_ASN1_NULL && sig_params->tag != 0 ) ||
               sig_params->len != 0 )
-        return( POLARSSL_ERR_X509_INVALID_ALG );
+        return( MBEDTLS_ERR_X509_INVALID_ALG );
     }
 
     return( 0 );
@@ -629,8 +629,8 @@
  * X.509 Extensions (No parsing of extensions, pointer should
  * be either manually updated or extensions should be parsed!
  */
-int x509_get_ext( unsigned char **p, const unsigned char *end,
-                  x509_buf *ext, int tag )
+int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
+                  mbedtls_x509_buf *ext, int tag )
 {
     int ret;
     size_t len;
@@ -640,8 +640,8 @@
 
     ext->tag = **p;
 
-    if( ( ret = asn1_get_tag( p, end, &ext->len,
-            ASN1_CONTEXT_SPECIFIC | ASN1_CONSTRUCTED | tag ) ) != 0 )
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &ext->len,
+            MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ) ) != 0 )
         return( ret );
 
     ext->p = *p;
@@ -655,13 +655,13 @@
      *      critical    BOOLEAN DEFAULT FALSE,
      *      extnValue   OCTET STRING  }
      */
-    if( ( ret = asn1_get_tag( p, end, &len,
-            ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
-        return( POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret );
+    if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
+            MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret );
 
     if( end != *p + len )
-        return( POLARSSL_ERR_X509_INVALID_EXTENSIONS +
-                POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
+        return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
+                MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
 
     return( 0 );
 }
@@ -702,7 +702,7 @@
 #define snprintf compat_snprintf
 #endif /* _MSC_VER && !snprintf && !EFIX64 && !EFI32 */
 
-#define POLARSSL_ERR_DEBUG_BUF_TOO_SMALL    -2
+#define MBEDTLS_ERR_DEBUG_BUF_TOO_SMALL    -2
 
 #define SAFE_SNPRINTF()                             \
 {                                                   \
@@ -711,7 +711,7 @@
                                                     \
     if( (unsigned int) ret > n ) {                  \
         p[n - 1] = '\0';                            \
-        return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL ); \
+        return( MBEDTLS_ERR_DEBUG_BUF_TOO_SMALL ); \
     }                                               \
                                                     \
     n -= (unsigned int) ret;                        \
@@ -722,14 +722,14 @@
  * Store the name in printable form into buf; no more
  * than size characters will be written
  */
-int x509_dn_gets( char *buf, size_t size, const x509_name *dn )
+int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn )
 {
     int ret;
     size_t i, n;
     unsigned char c, merge = 0;
-    const x509_name *name;
+    const mbedtls_x509_name *name;
     const char *short_name = NULL;
-    char s[X509_MAX_DN_NAME_SIZE], *p;
+    char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
 
     memset( s, 0, sizeof( s ) );
 
@@ -747,16 +747,16 @@
 
         if( name != dn )
         {
-            ret = polarssl_snprintf( p, n, merge ? " + " : ", " );
+            ret = mbedtls_snprintf( p, n, merge ? " + " : ", " );
             SAFE_SNPRINTF();
         }
 
-        ret = oid_get_attr_short_name( &name->oid, &short_name );
+        ret = mbedtls_oid_get_attr_short_name( &name->oid, &short_name );
 
         if( ret == 0 )
-            ret = polarssl_snprintf( p, n, "%s=", short_name );
+            ret = mbedtls_snprintf( p, n, "%s=", short_name );
         else
-            ret = polarssl_snprintf( p, n, "\?\?=" );
+            ret = mbedtls_snprintf( p, n, "\?\?=" );
         SAFE_SNPRINTF();
 
         for( i = 0; i < name->val.len; i++ )
@@ -770,7 +770,7 @@
             else s[i] = c;
         }
         s[i] = '\0';
-        ret = polarssl_snprintf( p, n, "%s", s );
+        ret = mbedtls_snprintf( p, n, "%s", s );
         SAFE_SNPRINTF();
 
         merge = name->next_merged;
@@ -784,7 +784,7 @@
  * Store the serial in printable form into buf; no more
  * than size characters will be written
  */
-int x509_serial_gets( char *buf, size_t size, const x509_buf *serial )
+int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial )
 {
     int ret;
     size_t i, n, nr;
@@ -801,14 +801,14 @@
         if( i == 0 && nr > 1 && serial->p[i] == 0x0 )
             continue;
 
-        ret = polarssl_snprintf( p, n, "%02X%s",
+        ret = mbedtls_snprintf( p, n, "%02X%s",
                 serial->p[i], ( i < nr - 1 ) ? ":" : "" );
         SAFE_SNPRINTF();
     }
 
     if( nr != serial->len )
     {
-        ret = polarssl_snprintf( p, n, "...." );
+        ret = mbedtls_snprintf( p, n, "...." );
         SAFE_SNPRINTF();
     }
 
@@ -818,8 +818,8 @@
 /*
  * Helper for writing signature algorithms
  */
-int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
-                       pk_type_t pk_alg, md_type_t md_alg,
+int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
+                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
                        const void *sig_opts )
 {
     int ret;
@@ -827,27 +827,27 @@
     size_t n = size;
     const char *desc = NULL;
 
-    ret = oid_get_sig_alg_desc( sig_oid, &desc );
+    ret = mbedtls_oid_get_sig_alg_desc( sig_oid, &desc );
     if( ret != 0 )
-        ret = polarssl_snprintf( p, n, "???"  );
+        ret = mbedtls_snprintf( p, n, "???"  );
     else
-        ret = polarssl_snprintf( p, n, "%s", desc );
+        ret = mbedtls_snprintf( p, n, "%s", desc );
     SAFE_SNPRINTF();
 
-#if defined(POLARSSL_X509_RSASSA_PSS_SUPPORT)
-    if( pk_alg == POLARSSL_PK_RSASSA_PSS )
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
+    if( pk_alg == MBEDTLS_PK_RSASSA_PSS )
     {
-        const pk_rsassa_pss_options *pss_opts;
-        const md_info_t *md_info, *mgf_md_info;
+        const mbedtls_pk_rsassa_pss_options *pss_opts;
+        const mbedtls_md_info_t *md_info, *mgf_md_info;
 
-        pss_opts = (const pk_rsassa_pss_options *) sig_opts;
+        pss_opts = (const mbedtls_pk_rsassa_pss_options *) sig_opts;
 
-        md_info = md_info_from_type( md_alg );
-        mgf_md_info = md_info_from_type( pss_opts->mgf1_hash_id );
+        md_info = mbedtls_md_info_from_type( md_alg );
+        mgf_md_info = mbedtls_md_info_from_type( pss_opts->mgf1_hash_id );
 
-        ret = polarssl_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
-                              md_info ? md_get_name( md_info ) : "???",
-                              mgf_md_info ? md_get_name( mgf_md_info ) : "???",
+        ret = mbedtls_snprintf( p, n, " (%s, MGF1-%s, 0x%02X)",
+                              md_info ? mbedtls_md_get_name( md_info ) : "???",
+                              mgf_md_info ? mbedtls_md_get_name( mgf_md_info ) : "???",
                               pss_opts->expected_salt_len );
         SAFE_SNPRINTF();
     }
@@ -855,7 +855,7 @@
     ((void) pk_alg);
     ((void) md_alg);
     ((void) sig_opts);
-#endif /* POLARSSL_X509_RSASSA_PSS_SUPPORT */
+#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */
 
     return( (int)( size - n ) );
 }
@@ -863,27 +863,27 @@
 /*
  * Helper for writing "RSA key size", "EC key size", etc
  */
-int x509_key_size_helper( char *buf, size_t size, const char *name )
+int mbedtls_x509_key_size_helper( char *buf, size_t size, const char *name )
 {
     char *p = buf;
     size_t n = size;
     int ret;
 
     if( strlen( name ) + sizeof( " key size" ) > size )
-        return( POLARSSL_ERR_DEBUG_BUF_TOO_SMALL );
+        return( MBEDTLS_ERR_DEBUG_BUF_TOO_SMALL );
 
-    ret = polarssl_snprintf( p, n, "%s key size", name );
+    ret = mbedtls_snprintf( p, n, "%s key size", name );
     SAFE_SNPRINTF();
 
     return( 0 );
 }
 
 /*
- * Return 0 if the x509_time is still valid, or 1 otherwise.
+ * Return 0 if the mbedtls_x509_time is still valid, or 1 otherwise.
  */
-#if defined(POLARSSL_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME)
 
-static void x509_get_current_time( x509_time *now )
+static void x509_get_current_time( mbedtls_x509_time *now )
 {
 #if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
     SYSTEMTIME st;
@@ -915,7 +915,7 @@
 /*
  * Return 0 if before <= after, 1 otherwise
  */
-static int x509_check_time( const x509_time *before, const x509_time *after )
+static int x509_check_time( const mbedtls_x509_time *before, const mbedtls_x509_time *after )
 {
     if( before->year  > after->year )
         return( 1 );
@@ -953,40 +953,40 @@
     return( 0 );
 }
 
-int x509_time_expired( const x509_time *to )
+int mbedtls_x509_time_expired( const mbedtls_x509_time *to )
 {
-    x509_time now;
+    mbedtls_x509_time now;
 
     x509_get_current_time( &now );
 
     return( x509_check_time( &now, to ) );
 }
 
-int x509_time_future( const x509_time *from )
+int mbedtls_x509_time_future( const mbedtls_x509_time *from )
 {
-    x509_time now;
+    mbedtls_x509_time now;
 
     x509_get_current_time( &now );
 
     return( x509_check_time( from, &now ) );
 }
 
-#else  /* POLARSSL_HAVE_TIME */
+#else  /* MBEDTLS_HAVE_TIME */
 
-int x509_time_expired( const x509_time *to )
+int mbedtls_x509_time_expired( const mbedtls_x509_time *to )
 {
     ((void) to);
     return( 0 );
 }
 
-int x509_time_future( const x509_time *from )
+int mbedtls_x509_time_future( const mbedtls_x509_time *from )
 {
     ((void) from);
     return( 0 );
 }
-#endif /* POLARSSL_HAVE_TIME */
+#endif /* MBEDTLS_HAVE_TIME */
 
-#if defined(POLARSSL_SELF_TEST)
+#if defined(MBEDTLS_SELF_TEST)
 
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/certs.h"
@@ -994,68 +994,68 @@
 /*
  * Checkup routine
  */
-int x509_self_test( int verbose )
+int mbedtls_x509_self_test( int verbose )
 {
-#if defined(POLARSSL_CERTS_C) && defined(POLARSSL_SHA1_C)
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA1_C)
     int ret;
     int flags;
-    x509_crt cacert;
-    x509_crt clicert;
+    mbedtls_x509_crt cacert;
+    mbedtls_x509_crt clicert;
 
     if( verbose != 0 )
-        polarssl_printf( "  X.509 certificate load: " );
+        mbedtls_printf( "  X.509 certificate load: " );
 
-    x509_crt_init( &clicert );
+    mbedtls_x509_crt_init( &clicert );
 
-    ret = x509_crt_parse( &clicert, (const unsigned char *) test_cli_crt,
-                          strlen( test_cli_crt ) );
+    ret = mbedtls_x509_crt_parse( &clicert, (const unsigned char *) mbedtls_test_cli_crt,
+                          strlen( mbedtls_test_cli_crt ) );
     if( ret != 0 )
     {
         if( verbose != 0 )
-            polarssl_printf( "failed\n" );
+            mbedtls_printf( "failed\n" );
 
         return( ret );
     }
 
-    x509_crt_init( &cacert );
+    mbedtls_x509_crt_init( &cacert );
 
-    ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
-                          strlen( test_ca_crt ) );
+    ret = mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_ca_crt,
+                          strlen( mbedtls_test_ca_crt ) );
     if( ret != 0 )
     {
         if( verbose != 0 )
-            polarssl_printf( "failed\n" );
+            mbedtls_printf( "failed\n" );
 
         return( ret );
     }
 
     if( verbose != 0 )
-        polarssl_printf( "passed\n  X.509 signature verify: ");
+        mbedtls_printf( "passed\n  X.509 signature verify: ");
 
-    ret = x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
+    ret = mbedtls_x509_crt_verify( &clicert, &cacert, NULL, NULL, &flags, NULL, NULL );
     if( ret != 0 )
     {
         if( verbose != 0 )
-            polarssl_printf( "failed\n" );
+            mbedtls_printf( "failed\n" );
 
-        polarssl_printf( "ret = %d, &flags = %04x\n", ret, flags );
+        mbedtls_printf( "ret = %d, &flags = %04x\n", ret, flags );
 
         return( ret );
     }
 
     if( verbose != 0 )
-        polarssl_printf( "passed\n\n");
+        mbedtls_printf( "passed\n\n");
 
-    x509_crt_free( &cacert  );
-    x509_crt_free( &clicert );
+    mbedtls_x509_crt_free( &cacert  );
+    mbedtls_x509_crt_free( &clicert );
 
     return( 0 );
 #else
     ((void) verbose);
-    return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
-#endif /* POLARSSL_CERTS_C && POLARSSL_SHA1_C */
+    return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
+#endif /* MBEDTLS_CERTS_C && MBEDTLS_SHA1_C */
 }
 
-#endif /* POLARSSL_SELF_TEST */
+#endif /* MBEDTLS_SELF_TEST */
 
-#endif /* POLARSSL_X509_USE_C */
+#endif /* MBEDTLS_X509_USE_C */
