Apply clang formatting.

Executed with:
`find . -regextype posix-egrep -regex ".*\.([hc]|fmt|function)" | xargs -L1 clang-format-12 -i`

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 71677e9..622ac3c 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -48,23 +48,23 @@
 
 /* padlock.c and aesni.c rely on these values! */
 /** AES encryption. */
-#define MBEDTLS_AES_ENCRYPT     1
+#define MBEDTLS_AES_ENCRYPT 1
 /** AES decryption. */
-#define MBEDTLS_AES_DECRYPT     0
+#define MBEDTLS_AES_DECRYPT 0
 
 /* Error codes in range 0x0020-0x0022 */
 /** Invalid key length. */
-#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH                -0x0020
+#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020
 /** Invalid data input length. */
-#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH              -0x0022
+#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022
 
 /* Error codes in range 0x0021-0x0025 */
 /** Invalid input data. */
-#define MBEDTLS_ERR_AES_BAD_INPUT_DATA                    -0x0021
+#define MBEDTLS_ERR_AES_BAD_INPUT_DATA -0x0021
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+    !defined(__cplusplus)
+#    define inline __inline
 #endif
 
 #ifdef __cplusplus
@@ -78,36 +78,31 @@
 /**
  * \brief The AES context-type definition.
  */
-typedef struct mbedtls_aes_context
-{
-    int MBEDTLS_PRIVATE(nr);                     /*!< The number of rounds. */
-    uint32_t *MBEDTLS_PRIVATE(rk);               /*!< AES round keys. */
-    uint32_t MBEDTLS_PRIVATE(buf)[68];           /*!< Unaligned data buffer. This buffer can
-                                     hold 32 extra Bytes, which can be used for
-                                     one of the following purposes:
-                                     <ul><li>Alignment if VIA padlock is
-                                             used.</li>
-                                     <li>Simplifying key expansion in the 256-bit
-                                         case by generating an extra round key.
-                                         </li></ul> */
-}
-mbedtls_aes_context;
+typedef struct mbedtls_aes_context {
+    int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
+    uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+    uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer
+                           can hold 32 extra Bytes, which can be used for one of
+                           the following purposes: <ul><li>Alignment if VIA
+                           padlock is used.</li> <li>Simplifying key expansion
+                           in the 256-bit case by generating an extra round key.
+                               </li></ul> */
+} mbedtls_aes_context;
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
+#    if defined(MBEDTLS_CIPHER_MODE_XTS)
 /**
  * \brief The AES XTS context-type definition.
  */
-typedef struct mbedtls_aes_xts_context
-{
-    mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for AES block
-                                        encryption or decryption. */
-    mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for tweak
-                                        computation. */
+typedef struct mbedtls_aes_xts_context {
+    mbedtls_aes_context MBEDTLS_PRIVATE(crypt); /*!< The AES context to use for
+                                        AES block encryption or decryption. */
+    mbedtls_aes_context MBEDTLS_PRIVATE(tweak); /*!< The AES context used for
+                                        tweak computation. */
 } mbedtls_aes_xts_context;
-#endif /* MBEDTLS_CIPHER_MODE_XTS */
+#    endif /* MBEDTLS_CIPHER_MODE_XTS */
 
-#else  /* MBEDTLS_AES_ALT */
-#include "aes_alt.h"
+#else /* MBEDTLS_AES_ALT */
+#    include "aes_alt.h"
 #endif /* MBEDTLS_AES_ALT */
 
 /**
@@ -118,7 +113,7 @@
  *
  * \param ctx      The AES context to initialize. This must not be \c NULL.
  */
-void mbedtls_aes_init( mbedtls_aes_context *ctx );
+void mbedtls_aes_init(mbedtls_aes_context *ctx);
 
 /**
  * \brief          This function releases and clears the specified AES context.
@@ -127,7 +122,7 @@
  *                 If this is \c NULL, this function does nothing.
  *                 Otherwise, the context must have been at least initialized.
  */
-void mbedtls_aes_free( mbedtls_aes_context *ctx );
+void mbedtls_aes_free(mbedtls_aes_context *ctx);
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 /**
@@ -138,7 +133,7 @@
  *
  * \param ctx      The AES XTS context to initialize. This must not be \c NULL.
  */
-void mbedtls_aes_xts_init( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_init(mbedtls_aes_xts_context *ctx);
 
 /**
  * \brief          This function releases and clears the specified AES XTS context.
@@ -147,7 +142,7 @@
  *                 If this is \c NULL, this function does nothing.
  *                 Otherwise, the context must have been at least initialized.
  */
-void mbedtls_aes_xts_free( mbedtls_aes_xts_context *ctx );
+void mbedtls_aes_xts_free(mbedtls_aes_xts_context *ctx);
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 /**
@@ -165,8 +160,9 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-int mbedtls_aes_setkey_enc( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
+int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx,
+                           const unsigned char *key,
+                           unsigned int keybits);
 
 /**
  * \brief          This function sets the decryption key.
@@ -183,8 +179,9 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-int mbedtls_aes_setkey_dec( mbedtls_aes_context *ctx, const unsigned char *key,
-                    unsigned int keybits );
+int mbedtls_aes_setkey_dec(mbedtls_aes_context *ctx,
+                           const unsigned char *key,
+                           unsigned int keybits);
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 /**
@@ -203,9 +200,9 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-int mbedtls_aes_xts_setkey_enc( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
+int mbedtls_aes_xts_setkey_enc(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits);
 
 /**
  * \brief          This function prepares an XTS context for decryption and
@@ -223,9 +220,9 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_AES_INVALID_KEY_LENGTH on failure.
  */
-int mbedtls_aes_xts_setkey_dec( mbedtls_aes_xts_context *ctx,
-                                const unsigned char *key,
-                                unsigned int keybits );
+int mbedtls_aes_xts_setkey_dec(mbedtls_aes_xts_context *ctx,
+                               const unsigned char *key,
+                               unsigned int keybits);
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 /**
@@ -251,10 +248,10 @@
 
  * \return         \c 0 on success.
  */
-int mbedtls_aes_crypt_ecb( mbedtls_aes_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
+int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx,
+                          int mode,
+                          const unsigned char input[16],
+                          unsigned char output[16]);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
@@ -298,12 +295,12 @@
  * \return         #MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH
  *                 on failure.
  */
-int mbedtls_aes_crypt_cbc( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
+int mbedtls_aes_crypt_cbc(mbedtls_aes_context *ctx,
+                          int mode,
+                          size_t length,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
@@ -342,12 +339,12 @@
  *                     smaller than an AES block in size (16 Bytes) or if \p
  *                     length is larger than 2^20 blocks (16 MiB).
  */
-int mbedtls_aes_crypt_xts( mbedtls_aes_xts_context *ctx,
-                           int mode,
-                           size_t length,
-                           const unsigned char data_unit[16],
-                           const unsigned char *input,
-                           unsigned char *output );
+int mbedtls_aes_crypt_xts(mbedtls_aes_xts_context *ctx,
+                          int mode,
+                          size_t length,
+                          const unsigned char data_unit[16],
+                          const unsigned char *input,
+                          unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -390,13 +387,13 @@
  *
  * \return         \c 0 on success.
  */
-int mbedtls_aes_crypt_cfb128( mbedtls_aes_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_aes_crypt_cfb128(mbedtls_aes_context *ctx,
+                             int mode,
+                             size_t length,
+                             size_t *iv_off,
+                             unsigned char iv[16],
+                             const unsigned char *input,
+                             unsigned char *output);
 
 /**
  * \brief This function performs an AES-CFB8 encryption or decryption
@@ -434,12 +431,12 @@
  *
  * \return         \c 0 on success.
  */
-int mbedtls_aes_crypt_cfb8( mbedtls_aes_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
+int mbedtls_aes_crypt_cfb8(mbedtls_aes_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[16],
+                           const unsigned char *input,
+                           unsigned char *output);
 #endif /*MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_OFB)
@@ -488,12 +485,12 @@
  *
  * \return         \c 0 on success.
  */
-int mbedtls_aes_crypt_ofb( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_aes_crypt_ofb(mbedtls_aes_context *ctx,
+                          size_t length,
+                          size_t *iv_off,
+                          unsigned char iv[16],
+                          const unsigned char *input,
+                          unsigned char *output);
 
 #endif /* MBEDTLS_CIPHER_MODE_OFB */
 
@@ -574,13 +571,13 @@
  *
  * \return                 \c 0 on success.
  */
-int mbedtls_aes_crypt_ctr( mbedtls_aes_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_aes_crypt_ctr(mbedtls_aes_context *ctx,
+                          size_t length,
+                          size_t *nc_off,
+                          unsigned char nonce_counter[16],
+                          unsigned char stream_block[16],
+                          const unsigned char *input,
+                          unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 /**
@@ -594,9 +591,9 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
+int mbedtls_internal_aes_encrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16]);
 
 /**
  * \brief           Internal AES block decryption function. This is only
@@ -609,9 +606,9 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
-                                  const unsigned char input[16],
-                                  unsigned char output[16] );
+int mbedtls_internal_aes_decrypt(mbedtls_aes_context *ctx,
+                                 const unsigned char input[16],
+                                 unsigned char output[16]);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -620,7 +617,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_aes_self_test( int verbose );
+int mbedtls_aes_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 903262d..62c4aa4 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -38,14 +38,14 @@
 #include "mbedtls/platform_util.h"
 
 /** ARIA encryption. */
-#define MBEDTLS_ARIA_ENCRYPT     1
+#define MBEDTLS_ARIA_ENCRYPT 1
 /** ARIA decryption. */
-#define MBEDTLS_ARIA_DECRYPT     0
+#define MBEDTLS_ARIA_DECRYPT 0
 
 /** ARIA block size in bytes. */
-#define MBEDTLS_ARIA_BLOCKSIZE   16
+#define MBEDTLS_ARIA_BLOCKSIZE 16
 /** Maxiumum number of rounds in ARIA. */
-#define MBEDTLS_ARIA_MAX_ROUNDS  16
+#define MBEDTLS_ARIA_MAX_ROUNDS 16
 /** Maximum size of an ARIA key in bytes. */
 #define MBEDTLS_ARIA_MAX_KEYSIZE 32
 
@@ -66,16 +66,16 @@
 /**
  * \brief The ARIA context-type definition.
  */
-typedef struct mbedtls_aria_context
-{
-    unsigned char MBEDTLS_PRIVATE(nr);           /*!< The number of rounds (12, 14 or 16) */
+typedef struct mbedtls_aria_context {
+    unsigned char MBEDTLS_PRIVATE(nr); /*!< The number of rounds (12, 14 or 16)
+                                        */
     /*! The ARIA round keys. */
-    uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1][MBEDTLS_ARIA_BLOCKSIZE / 4];
-}
-mbedtls_aria_context;
+    uint32_t MBEDTLS_PRIVATE(rk)[MBEDTLS_ARIA_MAX_ROUNDS + 1]
+                                [MBEDTLS_ARIA_BLOCKSIZE / 4];
+} mbedtls_aria_context;
 
-#else  /* MBEDTLS_ARIA_ALT */
-#include "aria_alt.h"
+#else /* MBEDTLS_ARIA_ALT */
+#    include "aria_alt.h"
 #endif /* MBEDTLS_ARIA_ALT */
 
 /**
@@ -86,7 +86,7 @@
  *
  * \param ctx      The ARIA context to initialize. This must not be \c NULL.
  */
-void mbedtls_aria_init( mbedtls_aria_context *ctx );
+void mbedtls_aria_init(mbedtls_aria_context *ctx);
 
 /**
  * \brief          This function releases and clears the specified ARIA context.
@@ -95,7 +95,7 @@
  *                 case this function returns immediately. If it is not \c NULL,
  *                 it must point to an initialized ARIA context.
  */
-void mbedtls_aria_free( mbedtls_aria_context *ctx );
+void mbedtls_aria_free(mbedtls_aria_context *ctx);
 
 /**
  * \brief          This function sets the encryption key.
@@ -112,9 +112,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_aria_setkey_enc( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
+int mbedtls_aria_setkey_enc(mbedtls_aria_context *ctx,
+                            const unsigned char *key,
+                            unsigned int keybits);
 
 /**
  * \brief          This function sets the decryption key.
@@ -131,9 +131,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_aria_setkey_dec( mbedtls_aria_context *ctx,
-                             const unsigned char *key,
-                             unsigned int keybits );
+int mbedtls_aria_setkey_dec(mbedtls_aria_context *ctx,
+                            const unsigned char *key,
+                            unsigned int keybits);
 
 /**
  * \brief          This function performs an ARIA single-block encryption or
@@ -155,9 +155,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_aria_crypt_ecb( mbedtls_aria_context *ctx,
-                            const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char output[MBEDTLS_ARIA_BLOCKSIZE] );
+int mbedtls_aria_crypt_ecb(mbedtls_aria_context *ctx,
+                           const unsigned char input[MBEDTLS_ARIA_BLOCKSIZE],
+                           unsigned char output[MBEDTLS_ARIA_BLOCKSIZE]);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
@@ -201,12 +201,12 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_aria_crypt_cbc( mbedtls_aria_context *ctx,
-                            int mode,
-                            size_t length,
-                            unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
+int mbedtls_aria_crypt_cbc(mbedtls_aria_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+                           const unsigned char *input,
+                           unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -251,13 +251,13 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_aria_crypt_cfb128( mbedtls_aria_context *ctx,
-                               int mode,
-                               size_t length,
-                               size_t *iv_off,
-                               unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
-                               const unsigned char *input,
-                               unsigned char *output );
+int mbedtls_aria_crypt_cfb128(mbedtls_aria_context *ctx,
+                              int mode,
+                              size_t length,
+                              size_t *iv_off,
+                              unsigned char iv[MBEDTLS_ARIA_BLOCKSIZE],
+                              const unsigned char *input,
+                              unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -338,13 +338,13 @@
  * \return                 \c 0 on success.
  * \return                 A negative error code on failure.
  */
-int mbedtls_aria_crypt_ctr( mbedtls_aria_context *ctx,
-                            size_t length,
-                            size_t *nc_off,
-                            unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
-                            unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
-                            const unsigned char *input,
-                            unsigned char *output );
+int mbedtls_aria_crypt_ctr(mbedtls_aria_context *ctx,
+                           size_t length,
+                           size_t *nc_off,
+                           unsigned char nonce_counter[MBEDTLS_ARIA_BLOCKSIZE],
+                           unsigned char stream_block[MBEDTLS_ARIA_BLOCKSIZE],
+                           const unsigned char *input,
+                           unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -353,7 +353,7 @@
  *
  * \return         \c 0 on success, or \c 1 on failure.
  */
-int mbedtls_aria_self_test( int verbose );
+int mbedtls_aria_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index f45fc17..78c3fed 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -28,7 +28,7 @@
 #include <stddef.h>
 
 #if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
+#    include "mbedtls/bignum.h"
 #endif
 
 /**
@@ -44,19 +44,19 @@
  * \{
  */
 /** Out of data when parsing an ASN1 data structure. */
-#define MBEDTLS_ERR_ASN1_OUT_OF_DATA                      -0x0060
+#define MBEDTLS_ERR_ASN1_OUT_OF_DATA -0x0060
 /** ASN1 tag was of an unexpected value. */
-#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG                   -0x0062
+#define MBEDTLS_ERR_ASN1_UNEXPECTED_TAG -0x0062
 /** Error when trying to determine the length or invalid length. */
-#define MBEDTLS_ERR_ASN1_INVALID_LENGTH                   -0x0064
+#define MBEDTLS_ERR_ASN1_INVALID_LENGTH -0x0064
 /** Actual length differs from expected length. */
-#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH                  -0x0066
+#define MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -0x0066
 /** Data is invalid. */
-#define MBEDTLS_ERR_ASN1_INVALID_DATA                     -0x0068
+#define MBEDTLS_ERR_ASN1_INVALID_DATA -0x0068
 /** Memory allocation failed */
-#define MBEDTLS_ERR_ASN1_ALLOC_FAILED                     -0x006A
+#define MBEDTLS_ERR_ASN1_ALLOC_FAILED -0x006A
 /** Buffer too small when writing ASN.1 data structure. */
-#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL                    -0x006C
+#define MBEDTLS_ERR_ASN1_BUF_TOO_SMALL -0x006C
 
 /* \} name */
 
@@ -71,38 +71,37 @@
  * Such sequences are typically read into \c ::mbedtls_x509_buf.
  * \{
  */
-#define MBEDTLS_ASN1_BOOLEAN                 0x01
-#define MBEDTLS_ASN1_INTEGER                 0x02
-#define MBEDTLS_ASN1_BIT_STRING              0x03
-#define MBEDTLS_ASN1_OCTET_STRING            0x04
-#define MBEDTLS_ASN1_NULL                    0x05
-#define MBEDTLS_ASN1_OID                     0x06
-#define MBEDTLS_ASN1_ENUMERATED              0x0A
-#define MBEDTLS_ASN1_UTF8_STRING             0x0C
-#define MBEDTLS_ASN1_SEQUENCE                0x10
-#define MBEDTLS_ASN1_SET                     0x11
-#define MBEDTLS_ASN1_PRINTABLE_STRING        0x13
-#define MBEDTLS_ASN1_T61_STRING              0x14
-#define MBEDTLS_ASN1_IA5_STRING              0x16
-#define MBEDTLS_ASN1_UTC_TIME                0x17
-#define MBEDTLS_ASN1_GENERALIZED_TIME        0x18
-#define MBEDTLS_ASN1_UNIVERSAL_STRING        0x1C
-#define MBEDTLS_ASN1_BMP_STRING              0x1E
-#define MBEDTLS_ASN1_PRIMITIVE               0x00
-#define MBEDTLS_ASN1_CONSTRUCTED             0x20
-#define MBEDTLS_ASN1_CONTEXT_SPECIFIC        0x80
+#define MBEDTLS_ASN1_BOOLEAN          0x01
+#define MBEDTLS_ASN1_INTEGER          0x02
+#define MBEDTLS_ASN1_BIT_STRING       0x03
+#define MBEDTLS_ASN1_OCTET_STRING     0x04
+#define MBEDTLS_ASN1_NULL             0x05
+#define MBEDTLS_ASN1_OID              0x06
+#define MBEDTLS_ASN1_ENUMERATED       0x0A
+#define MBEDTLS_ASN1_UTF8_STRING      0x0C
+#define MBEDTLS_ASN1_SEQUENCE         0x10
+#define MBEDTLS_ASN1_SET              0x11
+#define MBEDTLS_ASN1_PRINTABLE_STRING 0x13
+#define MBEDTLS_ASN1_T61_STRING       0x14
+#define MBEDTLS_ASN1_IA5_STRING       0x16
+#define MBEDTLS_ASN1_UTC_TIME         0x17
+#define MBEDTLS_ASN1_GENERALIZED_TIME 0x18
+#define MBEDTLS_ASN1_UNIVERSAL_STRING 0x1C
+#define MBEDTLS_ASN1_BMP_STRING       0x1E
+#define MBEDTLS_ASN1_PRIMITIVE        0x00
+#define MBEDTLS_ASN1_CONSTRUCTED      0x20
+#define MBEDTLS_ASN1_CONTEXT_SPECIFIC 0x80
 
 /* Slightly smaller way to check if tag is a string tag
  * compared to canonical implementation. */
-#define MBEDTLS_ASN1_IS_STRING_TAG( tag )                                     \
-    ( ( tag ) < 32u && (                                                      \
-        ( ( 1u << ( tag ) ) & ( ( 1u << MBEDTLS_ASN1_BMP_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UTF8_STRING )      |     \
-                                ( 1u << MBEDTLS_ASN1_T61_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_IA5_STRING )       |     \
-                                ( 1u << MBEDTLS_ASN1_UNIVERSAL_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_PRINTABLE_STRING ) |     \
-                                ( 1u << MBEDTLS_ASN1_BIT_STRING ) ) ) != 0 ) )
+#define MBEDTLS_ASN1_IS_STRING_TAG(tag)                                      \
+    ((tag) < 32u &&                                                          \
+     (((1u << (tag)) &                                                       \
+       ((1u << MBEDTLS_ASN1_BMP_STRING) | (1u << MBEDTLS_ASN1_UTF8_STRING) | \
+        (1u << MBEDTLS_ASN1_T61_STRING) | (1u << MBEDTLS_ASN1_IA5_STRING) |  \
+        (1u << MBEDTLS_ASN1_UNIVERSAL_STRING) |                              \
+        (1u << MBEDTLS_ASN1_PRINTABLE_STRING) |                              \
+        (1u << MBEDTLS_ASN1_BIT_STRING))) != 0))
 
 /*
  * Bit masks for each of the components of an ASN.1 tag as specified in
@@ -114,9 +113,9 @@
  *     | Class | P/C | Tag number |
  *     +-------+-----+------------+
  */
-#define MBEDTLS_ASN1_TAG_CLASS_MASK          0xC0
-#define MBEDTLS_ASN1_TAG_PC_MASK             0x20
-#define MBEDTLS_ASN1_TAG_VALUE_MASK          0x1F
+#define MBEDTLS_ASN1_TAG_CLASS_MASK 0xC0
+#define MBEDTLS_ASN1_TAG_PC_MASK    0x20
+#define MBEDTLS_ASN1_TAG_VALUE_MASK 0x1F
 
 /* \} name */
 /* \} addtogroup asn1_module */
@@ -127,16 +126,16 @@
 /**
  * Compares an mbedtls_asn1_buf structure to a reference OID.
  *
- * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot use a
- * 'unsigned char *oid' here!
+ * Only works for 'defined' oid_str values (MBEDTLS_OID_HMAC_SHA1), you cannot
+ * use a 'unsigned char *oid' here!
  */
-#define MBEDTLS_OID_CMP(oid_str, oid_buf)                                   \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len ) ||                \
-          memcmp( (oid_str), (oid_buf)->p, (oid_buf)->len) != 0 )
+#define MBEDTLS_OID_CMP(oid_str, oid_buf)             \
+    ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf)->len) || \
+     memcmp((oid_str), (oid_buf)->p, (oid_buf)->len) != 0)
 
-#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len)              \
-        ( ( MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len) ) ||             \
-          memcmp( (oid_str), (oid_buf), (oid_buf_len) ) != 0 )
+#define MBEDTLS_OID_CMP_RAW(oid_str, oid_buf, oid_buf_len) \
+    ((MBEDTLS_OID_SIZE(oid_str) != (oid_buf_len)) ||       \
+     memcmp((oid_str), (oid_buf), (oid_buf_len)) != 0)
 
 #ifdef __cplusplus
 extern "C" {
@@ -150,46 +149,44 @@
 /**
  * Type-length-value structure that allows for ASN1 using DER.
  */
-typedef struct mbedtls_asn1_buf
-{
-    int MBEDTLS_PRIVATE(tag);                /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
-    size_t MBEDTLS_PRIVATE(len);             /**< ASN1 length, in octets. */
-    unsigned char *MBEDTLS_PRIVATE(p);       /**< ASN1 data, e.g. in ASCII. */
-}
-mbedtls_asn1_buf;
+typedef struct mbedtls_asn1_buf {
+    int MBEDTLS_PRIVATE(tag); /**< ASN1 type, e.g. MBEDTLS_ASN1_UTF8_STRING. */
+    size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+    unsigned char *MBEDTLS_PRIVATE(p); /**< ASN1 data, e.g. in ASCII. */
+} mbedtls_asn1_buf;
 
 /**
  * Container for ASN1 bit strings.
  */
-typedef struct mbedtls_asn1_bitstring
-{
-    size_t MBEDTLS_PRIVATE(len);                 /**< ASN1 length, in octets. */
-    unsigned char MBEDTLS_PRIVATE(unused_bits);  /**< Number of unused bits at the end of the string */
-    unsigned char *MBEDTLS_PRIVATE(p);           /**< Raw ASN1 data for the bit string */
-}
-mbedtls_asn1_bitstring;
+typedef struct mbedtls_asn1_bitstring {
+    size_t MBEDTLS_PRIVATE(len); /**< ASN1 length, in octets. */
+    unsigned char MBEDTLS_PRIVATE(unused_bits); /**< Number of unused bits at
+                                                   the end of the string */
+    unsigned char *MBEDTLS_PRIVATE(p); /**< Raw ASN1 data for the bit string */
+} mbedtls_asn1_bitstring;
 
 /**
  * Container for a sequence of ASN.1 items
  */
-typedef struct mbedtls_asn1_sequence
-{
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(buf);                   /**< Buffer containing the given ASN.1 item. */
-    struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next);    /**< The next entry in the sequence. */
-}
-mbedtls_asn1_sequence;
+typedef struct mbedtls_asn1_sequence {
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(buf); /**< Buffer containing the given
+                                              ASN.1 item. */
+    struct mbedtls_asn1_sequence *MBEDTLS_PRIVATE(next); /**< The next entry in
+                                                            the sequence. */
+} mbedtls_asn1_sequence;
 
 /**
  * Container for a sequence or list of 'named' ASN.1 data items
  */
-typedef struct mbedtls_asn1_named_data
-{
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(oid);                   /**< The object identifier. */
-    mbedtls_asn1_buf MBEDTLS_PRIVATE(val);                   /**< The named value. */
-    struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next);  /**< The next entry in the sequence. */
-    unsigned char MBEDTLS_PRIVATE(next_merged);      /**< Merge next item into the current one? */
-}
-mbedtls_asn1_named_data;
+typedef struct mbedtls_asn1_named_data {
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(oid); /**< The object identifier. */
+    mbedtls_asn1_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+    struct mbedtls_asn1_named_data *MBEDTLS_PRIVATE(next); /**< The next entry
+                                                              in the sequence.
+                                                            */
+    unsigned char MBEDTLS_PRIVATE(next_merged); /**< Merge next item into the
+                                                   current one? */
+} mbedtls_asn1_named_data;
 
 /**
  * \brief       Get the length of an ASN.1 element.
@@ -209,9 +206,9 @@
  *              would end beyond \p end.
  * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
  */
-int mbedtls_asn1_get_len( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len );
+int mbedtls_asn1_get_len(unsigned char **p,
+                         const unsigned char *end,
+                         size_t *len);
 
 /**
  * \brief       Get the tag and length of the element.
@@ -234,9 +231,10 @@
  *              would end beyond \p end.
  * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the length is unparseable.
  */
-int mbedtls_asn1_get_tag( unsigned char **p,
-                          const unsigned char *end,
-                          size_t *len, int tag );
+int mbedtls_asn1_get_tag(unsigned char **p,
+                         const unsigned char *end,
+                         size_t *len,
+                         int tag);
 
 /**
  * \brief       Retrieve a boolean ASN.1 tag and its value.
@@ -253,9 +251,9 @@
  * \return      An ASN.1 error code if the input does not start with
  *              a valid ASN.1 BOOLEAN.
  */
-int mbedtls_asn1_get_bool( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
+int mbedtls_asn1_get_bool(unsigned char **p,
+                          const unsigned char *end,
+                          int *val);
 
 /**
  * \brief       Retrieve an integer ASN.1 tag and its value.
@@ -274,9 +272,7 @@
  * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
  *              not fit in an \c int.
  */
-int mbedtls_asn1_get_int( unsigned char **p,
-                          const unsigned char *end,
-                          int *val );
+int mbedtls_asn1_get_int(unsigned char **p, const unsigned char *end, int *val);
 
 /**
  * \brief       Retrieve an enumerated ASN.1 tag and its value.
@@ -295,9 +291,9 @@
  * \return      #MBEDTLS_ERR_ASN1_INVALID_LENGTH if the parsed value does
  *              not fit in an \c int.
  */
-int mbedtls_asn1_get_enum( unsigned char **p,
-                           const unsigned char *end,
-                           int *val );
+int mbedtls_asn1_get_enum(unsigned char **p,
+                          const unsigned char *end,
+                          int *val);
 
 /**
  * \brief       Retrieve a bitstring ASN.1 tag and its value.
@@ -316,8 +312,9 @@
  * \return      An ASN.1 error code if the input does not start with
  *              a valid ASN.1 BIT STRING.
  */
-int mbedtls_asn1_get_bitstring( unsigned char **p, const unsigned char *end,
-                                mbedtls_asn1_bitstring *bs );
+int mbedtls_asn1_get_bitstring(unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_asn1_bitstring *bs);
 
 /**
  * \brief       Retrieve a bitstring ASN.1 tag without unused bits and its
@@ -337,9 +334,9 @@
  * \return      An ASN.1 error code if the input does not start with
  *              a valid ASN.1 BIT STRING.
  */
-int mbedtls_asn1_get_bitstring_null( unsigned char **p,
-                                     const unsigned char *end,
-                                     size_t *len );
+int mbedtls_asn1_get_bitstring_null(unsigned char **p,
+                                    const unsigned char *end,
+                                    size_t *len);
 
 /**
  * \brief       Parses and splits an ASN.1 "SEQUENCE OF <tag>".
@@ -388,10 +385,10 @@
  * \return      An ASN.1 error code if the input does not start with
  *              a valid ASN.1 SEQUENCE.
  */
-int mbedtls_asn1_get_sequence_of( unsigned char **p,
-                                  const unsigned char *end,
-                                  mbedtls_asn1_sequence *cur,
-                                  int tag );
+int mbedtls_asn1_get_sequence_of(unsigned char **p,
+                                 const unsigned char *end,
+                                 mbedtls_asn1_sequence *cur,
+                                 int tag);
 /**
  * \brief          Free a heap-allocated linked list presentation of
  *                 an ASN.1 sequence, including the first element.
@@ -413,7 +410,7 @@
  *                 be \c NULL, in which case this functions returns
  *                 immediately.
  */
-void mbedtls_asn1_sequence_free( mbedtls_asn1_sequence *seq );
+void mbedtls_asn1_sequence_free(mbedtls_asn1_sequence *seq);
 
 /**
  * \brief                Traverse an ASN.1 SEQUENCE container and
@@ -503,11 +500,12 @@
 int mbedtls_asn1_traverse_sequence_of(
     unsigned char **p,
     const unsigned char *end,
-    unsigned char tag_must_mask, unsigned char tag_must_val,
-    unsigned char tag_may_mask, unsigned char tag_may_val,
-    int (*cb)( void *ctx, int tag,
-               unsigned char* start, size_t len ),
-    void *ctx );
+    unsigned char tag_must_mask,
+    unsigned char tag_must_val,
+    unsigned char tag_may_mask,
+    unsigned char tag_may_val,
+    int (*cb)(void *ctx, int tag, unsigned char *start, size_t len),
+    void *ctx);
 
 #if defined(MBEDTLS_BIGNUM_C)
 /**
@@ -528,9 +526,9 @@
  *              not fit in an \c int.
  * \return      An MPI error code if the parsed value is too large.
  */
-int mbedtls_asn1_get_mpi( unsigned char **p,
-                          const unsigned char *end,
-                          mbedtls_mpi *X );
+int mbedtls_asn1_get_mpi(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_mpi *X);
 #endif /* MBEDTLS_BIGNUM_C */
 
 /**
@@ -549,9 +547,10 @@
  *
  * \return      0 if successful or a specific ASN.1 or MPI error code.
  */
-int mbedtls_asn1_get_alg( unsigned char **p,
-                  const unsigned char *end,
-                  mbedtls_asn1_buf *alg, mbedtls_asn1_buf *params );
+int mbedtls_asn1_get_alg(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_asn1_buf *alg,
+                         mbedtls_asn1_buf *params);
 
 /**
  * \brief       Retrieve an AlgorithmIdentifier ASN.1 sequence with NULL or no
@@ -568,9 +567,9 @@
  *
  * \return      0 if successful or a specific ASN.1 or MPI error code.
  */
-int mbedtls_asn1_get_alg_null( unsigned char **p,
-                       const unsigned char *end,
-                       mbedtls_asn1_buf *alg );
+int mbedtls_asn1_get_alg_null(unsigned char **p,
+                              const unsigned char *end,
+                              mbedtls_asn1_buf *alg);
 
 /**
  * \brief       Find a specific named_data entry in a sequence or list based on
@@ -582,8 +581,10 @@
  *
  * \return      NULL if not found, or a pointer to the existing entry.
  */
-const mbedtls_asn1_named_data *mbedtls_asn1_find_named_data( const mbedtls_asn1_named_data *list,
-                                       const char *oid, size_t len );
+const mbedtls_asn1_named_data *
+mbedtls_asn1_find_named_data(const mbedtls_asn1_named_data *list,
+                             const char *oid,
+                             size_t len);
 
 /**
  * \brief       Free a mbedtls_asn1_named_data entry
@@ -592,7 +593,7 @@
  *              This function calls mbedtls_free() on
  *              `entry->oid.p` and `entry->val.p`.
  */
-void mbedtls_asn1_free_named_data( mbedtls_asn1_named_data *entry );
+void mbedtls_asn1_free_named_data(mbedtls_asn1_named_data *entry);
 
 /**
  * \brief       Free all entries in a mbedtls_asn1_named_data list.
@@ -602,7 +603,7 @@
  *              mbedtls_free() on each list element and
  *              sets \c *head to \c NULL.
  */
-void mbedtls_asn1_free_named_data_list( mbedtls_asn1_named_data **head );
+void mbedtls_asn1_free_named_data_list(mbedtls_asn1_named_data **head);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index 7a57f15..c57831c 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -26,14 +26,13 @@
 
 #include "mbedtls/asn1.h"
 
-#define MBEDTLS_ASN1_CHK_ADD(g, f)                      \
-    do                                                  \
-    {                                                   \
-        if( ( ret = (f) ) < 0 )                         \
-            return ret ;                              \
-        else                                            \
-            (g) += ret;                                 \
-    } while( 0 )
+#define MBEDTLS_ASN1_CHK_ADD(g, f) \
+    do {                           \
+        if ((ret = (f)) < 0)       \
+            return ret;            \
+        else                       \
+            (g) += ret;            \
+    } while (0)
 
 #ifdef __cplusplus
 extern "C" {
@@ -51,8 +50,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_len( unsigned char **p, const unsigned char *start,
-                            size_t len );
+int mbedtls_asn1_write_len(unsigned char **p,
+                           const unsigned char *start,
+                           size_t len);
 /**
  * \brief           Write an ASN.1 tag in ASN.1 format.
  *
@@ -65,8 +65,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_tag( unsigned char **p, const unsigned char *start,
-                            unsigned char tag );
+int mbedtls_asn1_write_tag(unsigned char **p,
+                           const unsigned char *start,
+                           unsigned char tag);
 
 /**
  * \brief           Write raw buffer data.
@@ -81,8 +82,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_raw_buffer( unsigned char **p, const unsigned char *start,
-                                   const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_raw_buffer(unsigned char **p,
+                                  const unsigned char *start,
+                                  const unsigned char *buf,
+                                  size_t size);
 
 #if defined(MBEDTLS_BIGNUM_C)
 /**
@@ -99,8 +102,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_mpi( unsigned char **p, const unsigned char *start,
-                            const mbedtls_mpi *X );
+int mbedtls_asn1_write_mpi(unsigned char **p,
+                           const unsigned char *start,
+                           const mbedtls_mpi *X);
 #endif /* MBEDTLS_BIGNUM_C */
 
 /**
@@ -115,7 +119,7 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_null( unsigned char **p, const unsigned char *start );
+int mbedtls_asn1_write_null(unsigned char **p, const unsigned char *start);
 
 /**
  * \brief           Write an OID tag (#MBEDTLS_ASN1_OID) and data
@@ -131,8 +135,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_oid( unsigned char **p, const unsigned char *start,
-                            const char *oid, size_t oid_len );
+int mbedtls_asn1_write_oid(unsigned char **p,
+                           const unsigned char *start,
+                           const char *oid,
+                           size_t oid_len);
 
 /**
  * \brief           Write an AlgorithmIdentifier sequence in ASN.1 format.
@@ -149,10 +155,11 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_algorithm_identifier( unsigned char **p,
-                                             const unsigned char *start,
-                                             const char *oid, size_t oid_len,
-                                             size_t par_len );
+int mbedtls_asn1_write_algorithm_identifier(unsigned char **p,
+                                            const unsigned char *start,
+                                            const char *oid,
+                                            size_t oid_len,
+                                            size_t par_len);
 
 /**
  * \brief           Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
@@ -167,8 +174,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_bool( unsigned char **p, const unsigned char *start,
-                             int boolean );
+int mbedtls_asn1_write_bool(unsigned char **p,
+                            const unsigned char *start,
+                            int boolean);
 
 /**
  * \brief           Write an int tag (#MBEDTLS_ASN1_INTEGER) and value
@@ -184,7 +192,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_int( unsigned char **p, const unsigned char *start, int val );
+int mbedtls_asn1_write_int(unsigned char **p,
+                           const unsigned char *start,
+                           int val);
 
 /**
  * \brief           Write an enum tag (#MBEDTLS_ASN1_ENUMERATED) and value
@@ -199,7 +209,9 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_asn1_write_enum( unsigned char **p, const unsigned char *start, int val );
+int mbedtls_asn1_write_enum(unsigned char **p,
+                            const unsigned char *start,
+                            int val);
 
 /**
  * \brief           Write a string in ASN.1 format using a specific
@@ -218,9 +230,11 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_tagged_string( unsigned char **p, const unsigned char *start,
-                                      int tag, const char *text,
-                                      size_t text_len );
+int mbedtls_asn1_write_tagged_string(unsigned char **p,
+                                     const unsigned char *start,
+                                     int tag,
+                                     const char *text,
+                                     size_t text_len);
 
 /**
  * \brief           Write a string in ASN.1 format using the PrintableString
@@ -237,9 +251,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_printable_string( unsigned char **p,
-                                         const unsigned char *start,
-                                         const char *text, size_t text_len );
+int mbedtls_asn1_write_printable_string(unsigned char **p,
+                                        const unsigned char *start,
+                                        const char *text,
+                                        size_t text_len);
 
 /**
  * \brief           Write a UTF8 string in ASN.1 format using the UTF8String
@@ -256,8 +271,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_utf8_string( unsigned char **p, const unsigned char *start,
-                                    const char *text, size_t text_len );
+int mbedtls_asn1_write_utf8_string(unsigned char **p,
+                                   const unsigned char *start,
+                                   const char *text,
+                                   size_t text_len);
 
 /**
  * \brief           Write a string in ASN.1 format using the IA5String
@@ -274,8 +291,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_ia5_string( unsigned char **p, const unsigned char *start,
-                                   const char *text, size_t text_len );
+int mbedtls_asn1_write_ia5_string(unsigned char **p,
+                                  const unsigned char *start,
+                                  const char *text,
+                                  size_t text_len);
 
 /**
  * \brief           Write a bitstring tag (#MBEDTLS_ASN1_BIT_STRING) and
@@ -291,8 +310,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_bitstring( unsigned char **p, const unsigned char *start,
-                                  const unsigned char *buf, size_t bits );
+int mbedtls_asn1_write_bitstring(unsigned char **p,
+                                 const unsigned char *start,
+                                 const unsigned char *buf,
+                                 size_t bits);
 
 /**
  * \brief           This function writes a named bitstring tag
@@ -311,10 +332,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_named_bitstring( unsigned char **p,
-                                        const unsigned char *start,
-                                        const unsigned char *buf,
-                                        size_t bits );
+int mbedtls_asn1_write_named_bitstring(unsigned char **p,
+                                       const unsigned char *start,
+                                       const unsigned char *buf,
+                                       size_t bits);
 
 /**
  * \brief           Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
@@ -330,8 +351,10 @@
  * \return          The number of bytes written to \p p on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_asn1_write_octet_string( unsigned char **p, const unsigned char *start,
-                                     const unsigned char *buf, size_t size );
+int mbedtls_asn1_write_octet_string(unsigned char **p,
+                                    const unsigned char *start,
+                                    const unsigned char *buf,
+                                    size_t size);
 
 /**
  * \brief           Create or find a specific named_data entry for writing in a
@@ -354,10 +377,12 @@
  * \return          A pointer to the new / existing entry on success.
  * \return          \c NULL if if there was a memory allocation error.
  */
-mbedtls_asn1_named_data *mbedtls_asn1_store_named_data( mbedtls_asn1_named_data **list,
-                                        const char *oid, size_t oid_len,
-                                        const unsigned char *val,
-                                        size_t val_len );
+mbedtls_asn1_named_data *
+mbedtls_asn1_store_named_data(mbedtls_asn1_named_data **list,
+                              const char *oid,
+                              size_t oid_len,
+                              const unsigned char *val,
+                              size_t val_len);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/base64.h b/include/mbedtls/base64.h
index 8378589..4fab98c 100644
--- a/include/mbedtls/base64.h
+++ b/include/mbedtls/base64.h
@@ -27,9 +27,9 @@
 #include <stddef.h>
 
 /** Output buffer too small. */
-#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL               -0x002A
+#define MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL -0x002A
 /** Invalid character in input. */
-#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER              -0x002C
+#define MBEDTLS_ERR_BASE64_INVALID_CHARACTER -0x002C
 
 #ifdef __cplusplus
 extern "C" {
@@ -54,8 +54,11 @@
  * \note           Call this function with dlen = 0 to obtain the
  *                 required buffer size in *olen
  */
-int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
+int mbedtls_base64_encode(unsigned char *dst,
+                          size_t dlen,
+                          size_t *olen,
+                          const unsigned char *src,
+                          size_t slen);
 
 /**
  * \brief          Decode a base64-formatted buffer
@@ -74,8 +77,11 @@
  * \note           Call this function with *dst = NULL or dlen = 0 to obtain
  *                 the required buffer size in *olen
  */
-int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
-                   const unsigned char *src, size_t slen );
+int mbedtls_base64_decode(unsigned char *dst,
+                          size_t dlen,
+                          size_t *olen,
+                          const unsigned char *src,
+                          size_t slen);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -83,7 +89,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_base64_self_test( int verbose );
+int mbedtls_base64_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index a02a094..8e64923 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -29,37 +29,36 @@
 #include <stdint.h>
 
 #if defined(MBEDTLS_FS_IO)
-#include <stdio.h>
+#    include <stdio.h>
 #endif
 
 /** An error occurred while reading from or writing to a file. */
-#define MBEDTLS_ERR_MPI_FILE_IO_ERROR                     -0x0002
+#define MBEDTLS_ERR_MPI_FILE_IO_ERROR -0x0002
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA                    -0x0004
+#define MBEDTLS_ERR_MPI_BAD_INPUT_DATA -0x0004
 /** There is an invalid character in the digit string. */
-#define MBEDTLS_ERR_MPI_INVALID_CHARACTER                 -0x0006
+#define MBEDTLS_ERR_MPI_INVALID_CHARACTER -0x0006
 /** The buffer is too small to write to. */
-#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL                  -0x0008
+#define MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL -0x0008
 /** The input arguments are negative or result in illegal output. */
-#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE                    -0x000A
+#define MBEDTLS_ERR_MPI_NEGATIVE_VALUE -0x000A
 /** The input argument for division is zero, which is not allowed. */
-#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO                  -0x000C
+#define MBEDTLS_ERR_MPI_DIVISION_BY_ZERO -0x000C
 /** The input arguments are not acceptable. */
-#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE                    -0x000E
+#define MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -0x000E
 /** Memory allocation failed. */
-#define MBEDTLS_ERR_MPI_ALLOC_FAILED                      -0x0010
+#define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010
 
-#define MBEDTLS_MPI_CHK(f)       \
-    do                           \
-    {                            \
-        if( ( ret = (f) ) != 0 ) \
-            goto cleanup;        \
-    } while( 0 )
+#define MBEDTLS_MPI_CHK(f)    \
+    do {                      \
+        if ((ret = (f)) != 0) \
+            goto cleanup;     \
+    } while (0)
 
 /*
  * Maximum size MPIs are allowed to grow to in number of limbs.
  */
-#define MBEDTLS_MPI_MAX_LIMBS                             10000
+#define MBEDTLS_MPI_MAX_LIMBS 10000
 
 #if !defined(MBEDTLS_MPI_WINDOW_SIZE)
 /*
@@ -72,7 +71,7 @@
  * Reduction in size, reduces speed.
  */
 /** Maximum window size used. */
-#define MBEDTLS_MPI_WINDOW_SIZE                           6
+#    define MBEDTLS_MPI_WINDOW_SIZE 6
 #endif /* !MBEDTLS_MPI_WINDOW_SIZE */
 
 #if !defined(MBEDTLS_MPI_MAX_SIZE)
@@ -84,16 +83,16 @@
  * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher.
  */
 /** Maximum number of bytes for usable MPIs. */
-#define MBEDTLS_MPI_MAX_SIZE                              1024
+#    define MBEDTLS_MPI_MAX_SIZE 1024
 #endif /* !MBEDTLS_MPI_MAX_SIZE */
 
-#define MBEDTLS_MPI_MAX_BITS                              ( 8 * MBEDTLS_MPI_MAX_SIZE )    /**< Maximum number of bits for usable MPIs. */
+#define MBEDTLS_MPI_MAX_BITS \
+    (8 * MBEDTLS_MPI_MAX_SIZE) /**< Maximum number of bits for usable MPIs. */
 
 /*
- * When reading from files with mbedtls_mpi_read_file() and writing to files with
- * mbedtls_mpi_write_file() the buffer should have space
- * for a (short) label, the MPI (in the provided radix), the newline
- * characters and the '\0'.
+ * When reading from files with mbedtls_mpi_read_file() and writing to files
+ * with mbedtls_mpi_write_file() the buffer should have space for a (short)
+ * label, the MPI (in the provided radix), the newline characters and the '\0'.
  *
  * By default we assume at least a 10 char label, a minimum radix of 10
  * (decimal) and a maximum of 4096 bit numbers (1234 decimal chars).
@@ -107,9 +106,12 @@
  *  MBEDTLS_MPI_RW_BUFFER_SIZE = ceil(MBEDTLS_MPI_MAX_BITS / ln(10) * ln(2)) +
  *                                LabelSize + 6
  */
-#define MBEDTLS_MPI_MAX_BITS_SCALE100          ( 100 * MBEDTLS_MPI_MAX_BITS )
-#define MBEDTLS_LN_2_DIV_LN_10_SCALE100                 332
-#define MBEDTLS_MPI_RW_BUFFER_SIZE             ( ((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / MBEDTLS_LN_2_DIV_LN_10_SCALE100) + 10 + 6 )
+#define MBEDTLS_MPI_MAX_BITS_SCALE100   (100 * MBEDTLS_MPI_MAX_BITS)
+#define MBEDTLS_LN_2_DIV_LN_10_SCALE100 332
+#define MBEDTLS_MPI_RW_BUFFER_SIZE                                            \
+    (((MBEDTLS_MPI_MAX_BITS_SCALE100 + MBEDTLS_LN_2_DIV_LN_10_SCALE100 - 1) / \
+      MBEDTLS_LN_2_DIV_LN_10_SCALE100) +                                      \
+     10 + 6)
 
 /*
  * Define the base integer type, architecture-wise.
@@ -122,63 +124,61 @@
  * disabled by defining MBEDTLS_NO_UDBL_DIVISION.
  */
 #if !defined(MBEDTLS_HAVE_INT32)
-    #if defined(_MSC_VER) && defined(_M_AMD64)
-        /* Always choose 64-bit when using MSC */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #elif defined(__GNUC__) && (                         \
-        defined(__amd64__) || defined(__x86_64__)     || \
-        defined(__ppc64__) || defined(__powerpc64__)  || \
-        defined(__ia64__)  || defined(__alpha__)      || \
-        ( defined(__sparc__) && defined(__arch64__) ) || \
-        defined(__s390x__) || defined(__mips64)       || \
-        defined(__aarch64__) )
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(__ARMCC_VERSION) && defined(__aarch64__)
-        /*
-         * __ARMCC_VERSION is defined for both armcc and armclang and
-         * __aarch64__ is only defined by armclang when compiling 64-bit code
-         */
-        #if !defined(MBEDTLS_HAVE_INT64)
-            #define MBEDTLS_HAVE_INT64
-        #endif /* !MBEDTLS_HAVE_INT64 */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-        #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-            /* mbedtls_t_udbl defined as 128-bit unsigned int */
-            typedef __uint128_t mbedtls_t_udbl;
-            #define MBEDTLS_HAVE_UDBL
-        #endif /* !MBEDTLS_NO_UDBL_DIVISION */
-    #elif defined(MBEDTLS_HAVE_INT64)
-        /* Force 64-bit integers with unknown compiler */
-        typedef  int64_t mbedtls_mpi_sint;
-        typedef uint64_t mbedtls_mpi_uint;
-    #endif
+#    if defined(_MSC_VER) && defined(_M_AMD64)
+/* Always choose 64-bit when using MSC */
+#        if !defined(MBEDTLS_HAVE_INT64)
+#            define MBEDTLS_HAVE_INT64
+#        endif /* !MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+#    elif defined(__GNUC__) &&                                                \
+        (defined(__amd64__) || defined(__x86_64__) || defined(__ppc64__) ||   \
+         defined(__powerpc64__) || defined(__ia64__) || defined(__alpha__) || \
+         (defined(__sparc__) && defined(__arch64__)) || defined(__s390x__) || \
+         defined(__mips64) || defined(__aarch64__))
+#        if !defined(MBEDTLS_HAVE_INT64)
+#            define MBEDTLS_HAVE_INT64
+#        endif /* MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+#        if !defined(MBEDTLS_NO_UDBL_DIVISION)
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI)));
+#            define MBEDTLS_HAVE_UDBL
+#        endif /* !MBEDTLS_NO_UDBL_DIVISION */
+#    elif defined(__ARMCC_VERSION) && defined(__aarch64__)
+/*
+ * __ARMCC_VERSION is defined for both armcc and armclang and
+ * __aarch64__ is only defined by armclang when compiling 64-bit code
+ */
+#        if !defined(MBEDTLS_HAVE_INT64)
+#            define MBEDTLS_HAVE_INT64
+#        endif /* !MBEDTLS_HAVE_INT64 */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+#        if !defined(MBEDTLS_NO_UDBL_DIVISION)
+/* mbedtls_t_udbl defined as 128-bit unsigned int */
+typedef __uint128_t mbedtls_t_udbl;
+#            define MBEDTLS_HAVE_UDBL
+#        endif /* !MBEDTLS_NO_UDBL_DIVISION */
+#    elif defined(MBEDTLS_HAVE_INT64)
+/* Force 64-bit integers with unknown compiler */
+typedef int64_t mbedtls_mpi_sint;
+typedef uint64_t mbedtls_mpi_uint;
+#    endif
 #endif /* !MBEDTLS_HAVE_INT32 */
 
 #if !defined(MBEDTLS_HAVE_INT64)
-    /* Default to 32-bit compilation */
-    #if !defined(MBEDTLS_HAVE_INT32)
-        #define MBEDTLS_HAVE_INT32
-    #endif /* !MBEDTLS_HAVE_INT32 */
-    typedef  int32_t mbedtls_mpi_sint;
-    typedef uint32_t mbedtls_mpi_uint;
-    #if !defined(MBEDTLS_NO_UDBL_DIVISION)
-        typedef uint64_t mbedtls_t_udbl;
-        #define MBEDTLS_HAVE_UDBL
-    #endif /* !MBEDTLS_NO_UDBL_DIVISION */
+/* Default to 32-bit compilation */
+#    if !defined(MBEDTLS_HAVE_INT32)
+#        define MBEDTLS_HAVE_INT32
+#    endif /* !MBEDTLS_HAVE_INT32 */
+typedef int32_t mbedtls_mpi_sint;
+typedef uint32_t mbedtls_mpi_uint;
+#    if !defined(MBEDTLS_NO_UDBL_DIVISION)
+typedef uint64_t mbedtls_t_udbl;
+#        define MBEDTLS_HAVE_UDBL
+#    endif /* !MBEDTLS_NO_UDBL_DIVISION */
 #endif /* !MBEDTLS_HAVE_INT64 */
 
 #ifdef __cplusplus
@@ -188,13 +188,12 @@
 /**
  * \brief          MPI structure
  */
-typedef struct mbedtls_mpi
-{
-    int MBEDTLS_PRIVATE(s);              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
-    size_t MBEDTLS_PRIVATE(n);           /*!<  total # of limbs  */
-    mbedtls_mpi_uint *MBEDTLS_PRIVATE(p);          /*!<  pointer to limbs  */
-}
-mbedtls_mpi;
+typedef struct mbedtls_mpi {
+    int MBEDTLS_PRIVATE(s); /*!<  Sign: -1 if the mpi is negative, 1 otherwise
+                             */
+    size_t MBEDTLS_PRIVATE(n); /*!<  total # of limbs  */
+    mbedtls_mpi_uint *MBEDTLS_PRIVATE(p); /*!<  pointer to limbs  */
+} mbedtls_mpi;
 
 /**
  * \brief           Initialize an MPI context.
@@ -204,7 +203,7 @@
  *
  * \param X         The MPI context to initialize. This must not be \c NULL.
  */
-void mbedtls_mpi_init( mbedtls_mpi *X );
+void mbedtls_mpi_init(mbedtls_mpi *X);
 
 /**
  * \brief          This function frees the components of an MPI context.
@@ -213,7 +212,7 @@
  *                 in which case this function is a no-op. If it is
  *                 not \c NULL, it must point to an initialized MPI.
  */
-void mbedtls_mpi_free( mbedtls_mpi *X );
+void mbedtls_mpi_free(mbedtls_mpi *X);
 
 /**
  * \brief          Enlarge an MPI to the specified number of limbs.
@@ -228,7 +227,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_grow( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_grow(mbedtls_mpi *X, size_t nblimbs);
 
 /**
  * \brief          This function resizes an MPI downwards, keeping at least the
@@ -245,7 +244,7 @@
  *                 (this can only happen when resizing up).
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_shrink( mbedtls_mpi *X, size_t nblimbs );
+int mbedtls_mpi_shrink(mbedtls_mpi *X, size_t nblimbs);
 
 /**
  * \brief          Make a copy of an MPI.
@@ -260,7 +259,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_copy( mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_copy(mbedtls_mpi *X, const mbedtls_mpi *Y);
 
 /**
  * \brief          Swap the contents of two MPIs.
@@ -268,7 +267,7 @@
  * \param X        The first MPI. It must be initialized.
  * \param Y        The second MPI. It must be initialized.
  */
-void mbedtls_mpi_swap( mbedtls_mpi *X, mbedtls_mpi *Y );
+void mbedtls_mpi_swap(mbedtls_mpi *X, mbedtls_mpi *Y);
 
 /**
  * \brief          Perform a safe conditional copy of MPI which doesn't
@@ -294,7 +293,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_safe_cond_assign( mbedtls_mpi *X, const mbedtls_mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_assign(mbedtls_mpi *X,
+                                 const mbedtls_mpi *Y,
+                                 unsigned char assign);
 
 /**
  * \brief          Perform a safe conditional swap which doesn't
@@ -319,7 +320,9 @@
  * \return         Another negative error code on other kinds of failure.
  *
  */
-int mbedtls_mpi_safe_cond_swap( mbedtls_mpi *X, mbedtls_mpi *Y, unsigned char assign );
+int mbedtls_mpi_safe_cond_swap(mbedtls_mpi *X,
+                               mbedtls_mpi *Y,
+                               unsigned char assign);
 
 /**
  * \brief          Store integer value in MPI.
@@ -331,7 +334,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_lset( mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_lset(mbedtls_mpi *X, mbedtls_mpi_sint z);
 
 /**
  * \brief          Get a specific bit from an MPI.
@@ -343,7 +346,7 @@
  *                 of \c X is unset or set.
  * \return         A negative error code on failure.
  */
-int mbedtls_mpi_get_bit( const mbedtls_mpi *X, size_t pos );
+int mbedtls_mpi_get_bit(const mbedtls_mpi *X, size_t pos);
 
 /**
  * \brief          Modify a specific bit in an MPI.
@@ -360,7 +363,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_set_bit( mbedtls_mpi *X, size_t pos, unsigned char val );
+int mbedtls_mpi_set_bit(mbedtls_mpi *X, size_t pos, unsigned char val);
 
 /**
  * \brief          Return the number of bits of value \c 0 before the
@@ -374,7 +377,7 @@
  * \return         The number of bits of value \c 0 before the least significant
  *                 bit of value \c 1 in \p X.
  */
-size_t mbedtls_mpi_lsb( const mbedtls_mpi *X );
+size_t mbedtls_mpi_lsb(const mbedtls_mpi *X);
 
 /**
  * \brief          Return the number of bits up to and including the most
@@ -388,7 +391,7 @@
  * \return         The number of bits up to and including the most
  *                 significant bit of value \c 1.
  */
-size_t mbedtls_mpi_bitlen( const mbedtls_mpi *X );
+size_t mbedtls_mpi_bitlen(const mbedtls_mpi *X);
 
 /**
  * \brief          Return the total size of an MPI value in bytes.
@@ -403,7 +406,7 @@
  * \return         The least number of bytes capable of storing
  *                 the absolute value of \p X.
  */
-size_t mbedtls_mpi_size( const mbedtls_mpi *X );
+size_t mbedtls_mpi_size(const mbedtls_mpi *X);
 
 /**
  * \brief          Import an MPI from an ASCII string.
@@ -415,7 +418,7 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s );
+int mbedtls_mpi_read_string(mbedtls_mpi *X, int radix, const char *s);
 
 /**
  * \brief          Export an MPI to an ASCII string.
@@ -439,8 +442,11 @@
  *                 size of \p buf required for a successful call.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_write_string( const mbedtls_mpi *X, int radix,
-                              char *buf, size_t buflen, size_t *olen );
+int mbedtls_mpi_write_string(const mbedtls_mpi *X,
+                             int radix,
+                             char *buf,
+                             size_t buflen,
+                             size_t *olen);
 
 #if defined(MBEDTLS_FS_IO)
 /**
@@ -464,7 +470,7 @@
  *                 is too small.
  * \return         Another negative error code on failure.
  */
-int mbedtls_mpi_read_file( mbedtls_mpi *X, int radix, FILE *fin );
+int mbedtls_mpi_read_file(mbedtls_mpi *X, int radix, FILE *fin);
 
 /**
  * \brief          Export an MPI into an opened file.
@@ -481,8 +487,10 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_mpi_write_file( const char *p, const mbedtls_mpi *X,
-                            int radix, FILE *fout );
+int mbedtls_mpi_write_file(const char *p,
+                           const mbedtls_mpi *X,
+                           int radix,
+                           FILE *fout);
 #endif /* MBEDTLS_FS_IO */
 
 /**
@@ -497,8 +505,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_read_binary( mbedtls_mpi *X, const unsigned char *buf,
-                             size_t buflen );
+int mbedtls_mpi_read_binary(mbedtls_mpi *X,
+                            const unsigned char *buf,
+                            size_t buflen);
 
 /**
  * \brief          Import X from unsigned binary data, little endian
@@ -512,8 +521,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_read_binary_le( mbedtls_mpi *X,
-                                const unsigned char *buf, size_t buflen );
+int mbedtls_mpi_read_binary_le(mbedtls_mpi *X,
+                               const unsigned char *buf,
+                               size_t buflen);
 
 /**
  * \brief          Export X into unsigned binary data, big endian.
@@ -530,8 +540,9 @@
  *                 large enough to hold the value of \p X.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_write_binary( const mbedtls_mpi *X, unsigned char *buf,
-                              size_t buflen );
+int mbedtls_mpi_write_binary(const mbedtls_mpi *X,
+                             unsigned char *buf,
+                             size_t buflen);
 
 /**
  * \brief          Export X into unsigned binary data, little endian.
@@ -548,8 +559,9 @@
  *                 large enough to hold the value of \p X.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_write_binary_le( const mbedtls_mpi *X,
-                                 unsigned char *buf, size_t buflen );
+int mbedtls_mpi_write_binary_le(const mbedtls_mpi *X,
+                                unsigned char *buf,
+                                size_t buflen);
 
 /**
  * \brief          Perform a left-shift on an MPI: X <<= count
@@ -561,7 +573,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_shift_l( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_l(mbedtls_mpi *X, size_t count);
 
 /**
  * \brief          Perform a right-shift on an MPI: X >>= count
@@ -573,7 +585,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_shift_r( mbedtls_mpi *X, size_t count );
+int mbedtls_mpi_shift_r(mbedtls_mpi *X, size_t count);
 
 /**
  * \brief          Compare the absolute values of two MPIs.
@@ -585,7 +597,7 @@
  * \return         \c -1 if `|X|` is lesser than `|Y|`.
  * \return         \c 0 if `|X|` is equal to `|Y|`.
  */
-int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_abs(const mbedtls_mpi *X, const mbedtls_mpi *Y);
 
 /**
  * \brief          Compare two MPIs.
@@ -597,7 +609,7 @@
  * \return         \c -1 if \p X is lesser than \p Y.
  * \return         \c 0 if \p X is equal to \p Y.
  */
-int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
+int mbedtls_mpi_cmp_mpi(const mbedtls_mpi *X, const mbedtls_mpi *Y);
 
 /**
  * \brief          Check if an MPI is less than the other in constant time.
@@ -614,8 +626,9 @@
  * \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
  *                 the two input MPIs is not the same.
  */
-int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
-        unsigned *ret );
+int mbedtls_mpi_lt_mpi_ct(const mbedtls_mpi *X,
+                          const mbedtls_mpi *Y,
+                          unsigned *ret);
 
 /**
  * \brief          Compare an MPI with an integer.
@@ -627,7 +640,7 @@
  * \return         \c -1 if \p X is lesser than \p z.
  * \return         \c 0 if \p X is equal to \p z.
  */
-int mbedtls_mpi_cmp_int( const mbedtls_mpi *X, mbedtls_mpi_sint z );
+int mbedtls_mpi_cmp_int(const mbedtls_mpi *X, mbedtls_mpi_sint z);
 
 /**
  * \brief          Perform an unsigned addition of MPIs: X = |A| + |B|
@@ -640,8 +653,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_add_abs(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform an unsigned subtraction of MPIs: X = |A| - |B|
@@ -655,8 +669,9 @@
  * \return         Another negative error code on different kinds of failure.
  *
  */
-int mbedtls_mpi_sub_abs( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_sub_abs(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a signed addition of MPIs: X = A + B
@@ -669,8 +684,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_add_mpi(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a signed subtraction of MPIs: X = A - B
@@ -683,8 +699,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_sub_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_sub_mpi(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a signed addition of an MPI and an integer: X = A + b
@@ -697,8 +714,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_add_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
+int mbedtls_mpi_add_int(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_sint b);
 
 /**
  * \brief          Perform a signed subtraction of an MPI and an integer:
@@ -712,8 +730,9 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_sub_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
+int mbedtls_mpi_sub_int(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_sint b);
 
 /**
  * \brief          Perform a multiplication of two MPIs: X = A * B
@@ -727,8 +746,9 @@
  * \return         Another negative error code on different kinds of failure.
  *
  */
-int mbedtls_mpi_mul_mpi( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_mul_mpi(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a multiplication of an MPI with an unsigned integer:
@@ -743,8 +763,9 @@
  * \return         Another negative error code on different kinds of failure.
  *
  */
-int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         mbedtls_mpi_uint b );
+int mbedtls_mpi_mul_int(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_uint b);
 
 /**
  * \brief          Perform a division with remainder of two MPIs:
@@ -764,8 +785,10 @@
  * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p B equals zero.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_div_mpi(mbedtls_mpi *Q,
+                        mbedtls_mpi *R,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a division with remainder of an MPI by an integer:
@@ -785,8 +808,10 @@
  * \return         #MBEDTLS_ERR_MPI_DIVISION_BY_ZERO if \p b equals zero.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_div_int( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
+int mbedtls_mpi_div_int(mbedtls_mpi *Q,
+                        mbedtls_mpi *R,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_sint b);
 
 /**
  * \brief          Perform a modular reduction. R = A mod B
@@ -805,8 +830,9 @@
  * \return         Another negative error code on different kinds of failure.
  *
  */
-int mbedtls_mpi_mod_mpi( mbedtls_mpi *R, const mbedtls_mpi *A,
-                         const mbedtls_mpi *B );
+int mbedtls_mpi_mod_mpi(mbedtls_mpi *R,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *B);
 
 /**
  * \brief          Perform a modular reduction with respect to an integer.
@@ -824,8 +850,9 @@
  * \return         #MBEDTLS_ERR_MPI_NEGATIVE_VALUE if \p b is negative.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
-                         mbedtls_mpi_sint b );
+int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r,
+                        const mbedtls_mpi *A,
+                        mbedtls_mpi_sint b);
 
 /**
  * \brief          Perform a sliding-window exponentiation: X = A^E mod N
@@ -853,9 +880,11 @@
  * \return         Another negative error code on different kinds of failures.
  *
  */
-int mbedtls_mpi_exp_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *E, const mbedtls_mpi *N,
-                         mbedtls_mpi *prec_RR );
+int mbedtls_mpi_exp_mod(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *E,
+                        const mbedtls_mpi *N,
+                        mbedtls_mpi *prec_RR);
 
 /**
  * \brief          Fill an MPI with a number of random bytes.
@@ -874,9 +903,10 @@
  *                 as a big-endian representation of an MPI; this can
  *                 be relevant in applications like deterministic ECDSA.
  */
-int mbedtls_mpi_fill_random( mbedtls_mpi *X, size_t size,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_mpi_fill_random(mbedtls_mpi *X,
+                            size_t size,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /** Generate a random number uniformly in a range.
  *
@@ -910,11 +940,11 @@
  *                 for all usual cryptographic applications.
  * \return         Another negative error code on failure.
  */
-int mbedtls_mpi_random( mbedtls_mpi *X,
-                        mbedtls_mpi_sint min,
-                        const mbedtls_mpi *N,
-                        int (*f_rng)(void *, unsigned char *, size_t),
-                        void *p_rng );
+int mbedtls_mpi_random(mbedtls_mpi *X,
+                       mbedtls_mpi_sint min,
+                       const mbedtls_mpi *N,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng);
 
 /**
  * \brief          Compute the greatest common divisor: G = gcd(A, B)
@@ -927,8 +957,7 @@
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
  * \return         Another negative error code on different kinds of failure.
  */
-int mbedtls_mpi_gcd( mbedtls_mpi *G, const mbedtls_mpi *A,
-                     const mbedtls_mpi *B );
+int mbedtls_mpi_gcd(mbedtls_mpi *G, const mbedtls_mpi *A, const mbedtls_mpi *B);
 
 /**
  * \brief          Compute the modular inverse: X = A^-1 mod N
@@ -946,8 +975,9 @@
  * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
  *                 with respect to \p N.
  */
-int mbedtls_mpi_inv_mod( mbedtls_mpi *X, const mbedtls_mpi *A,
-                         const mbedtls_mpi *N );
+int mbedtls_mpi_inv_mod(mbedtls_mpi *X,
+                        const mbedtls_mpi *A,
+                        const mbedtls_mpi *N);
 
 /**
  * \brief          Miller-Rabin primality test.
@@ -976,18 +1006,22 @@
  * \return         #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p X is not prime.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_mpi_is_prime_ext( const mbedtls_mpi *X, int rounds,
-                              int (*f_rng)(void *, unsigned char *, size_t),
-                              void *p_rng );
+int mbedtls_mpi_is_prime_ext(const mbedtls_mpi *X,
+                             int rounds,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 /**
  * \brief Flags for mbedtls_mpi_gen_prime()
  *
  * Each of these flags is a constraint on the result X returned by
  * mbedtls_mpi_gen_prime().
  */
-typedef enum {
-    MBEDTLS_MPI_GEN_PRIME_FLAG_DH =      0x0001, /**< (X-1)/2 is prime too */
-    MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from 2<sup>-80</sup> to 2<sup>-128</sup> */
+typedef enum
+{
+    MBEDTLS_MPI_GEN_PRIME_FLAG_DH = 0x0001, /**< (X-1)/2 is prime too */
+    MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR = 0x0002, /**< lower error rate from
+                                                    2<sup>-80</sup> to
+                                                    2<sup>-128</sup> */
 } mbedtls_mpi_gen_prime_flag_t;
 
 /**
@@ -1009,9 +1043,11 @@
  * \return         #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if `nbits` is not between
  *                 \c 3 and #MBEDTLS_MPI_MAX_BITS.
  */
-int mbedtls_mpi_gen_prime( mbedtls_mpi *X, size_t nbits, int flags,
-                   int (*f_rng)(void *, unsigned char *, size_t),
-                   void *p_rng );
+int mbedtls_mpi_gen_prime(mbedtls_mpi *X,
+                          size_t nbits,
+                          int flags,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -1020,7 +1056,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_mpi_self_test( int verbose );
+int mbedtls_mpi_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 23f85ba..63fb976 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -6,22 +6,22 @@
  *  Include this file if you need to depend on the
  *  configuration options defined in mbedtls_config.h or MBEDTLS_CONFIG_FILE
  */
- /*
-  *  Copyright The Mbed TLS Contributors
-  *  SPDX-License-Identifier: Apache-2.0
-  *
-  *  Licensed under the Apache License, Version 2.0 (the "License"); you may
-  *  not use this file except in compliance with the License.
-  *  You may obtain a copy of the License at
-  *
-  *  http://www.apache.org/licenses/LICENSE-2.0
-  *
-  *  Unless required by applicable law or agreed to in writing, software
-  *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-  *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  *  See the License for the specific language governing permissions and
-  *  limitations under the License.
-  */
+/*
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License"); you may
+ *  not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ */
 
 #ifndef MBEDTLS_BUILD_INFO_H
 #define MBEDTLS_BUILD_INFO_H
@@ -36,33 +36,34 @@
  * The version number x.y.z is split into three parts.
  * Major, Minor, Patchlevel
  */
-#define MBEDTLS_VERSION_MAJOR  3
-#define MBEDTLS_VERSION_MINOR  0
-#define MBEDTLS_VERSION_PATCH  0
+#define MBEDTLS_VERSION_MAJOR 3
+#define MBEDTLS_VERSION_MINOR 0
+#define MBEDTLS_VERSION_PATCH 0
 
 /**
  * The single version number has the following structure:
  *    MMNNPP00
  *    Major version | Minor version | Patch version
  */
-#define MBEDTLS_VERSION_NUMBER         0x03000000
-#define MBEDTLS_VERSION_STRING         "3.0.0"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 3.0.0"
+#define MBEDTLS_VERSION_NUMBER      0x03000000
+#define MBEDTLS_VERSION_STRING      "3.0.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.0.0"
 
 #if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
+#    define _CRT_SECURE_NO_DEPRECATE 1
 #endif
 
 #if !defined(MBEDTLS_CONFIG_FILE)
-#include "mbedtls/mbedtls_config.h"
+#    include "mbedtls/mbedtls_config.h"
 #else
-#include MBEDTLS_CONFIG_FILE
+#    include MBEDTLS_CONFIG_FILE
 #endif
 
-#if defined(MBEDTLS_CONFIG_VERSION) && ( \
-    MBEDTLS_CONFIG_VERSION < 0x03000000 || \
-    MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER )
-#error "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
+#if defined(MBEDTLS_CONFIG_VERSION) &&      \
+    (MBEDTLS_CONFIG_VERSION < 0x03000000 || \
+     MBEDTLS_CONFIG_VERSION > MBEDTLS_VERSION_NUMBER)
+#    error \
+        "Invalid config version, defined value of MBEDTLS_CONFIG_VERSION is unsupported"
 #endif
 
 /* Target and application specific configurations
@@ -71,11 +72,11 @@
  *
  */
 #if defined(MBEDTLS_USER_CONFIG_FILE)
-#include MBEDTLS_USER_CONFIG_FILE
+#    include MBEDTLS_USER_CONFIG_FILE
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "mbedtls/config_psa.h"
+#    include "mbedtls/config_psa.h"
 #endif
 
 #include "mbedtls/check_config.h"
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 6feeaf0..fe5211e 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -30,8 +30,8 @@
 
 #include "mbedtls/platform_util.h"
 
-#define MBEDTLS_CAMELLIA_ENCRYPT     1
-#define MBEDTLS_CAMELLIA_DECRYPT     0
+#define MBEDTLS_CAMELLIA_ENCRYPT 1
+#define MBEDTLS_CAMELLIA_DECRYPT 0
 
 /** Bad input data. */
 #define MBEDTLS_ERR_CAMELLIA_BAD_INPUT_DATA -0x0024
@@ -50,15 +50,13 @@
 /**
  * \brief          CAMELLIA context structure
  */
-typedef struct mbedtls_camellia_context
-{
-    int MBEDTLS_PRIVATE(nr);                     /*!<  number of rounds  */
-    uint32_t MBEDTLS_PRIVATE(rk)[68];            /*!<  CAMELLIA round keys    */
-}
-mbedtls_camellia_context;
+typedef struct mbedtls_camellia_context {
+    int MBEDTLS_PRIVATE(nr); /*!<  number of rounds  */
+    uint32_t MBEDTLS_PRIVATE(rk)[68]; /*!<  CAMELLIA round keys    */
+} mbedtls_camellia_context;
 
-#else  /* MBEDTLS_CAMELLIA_ALT */
-#include "camellia_alt.h"
+#else /* MBEDTLS_CAMELLIA_ALT */
+#    include "camellia_alt.h"
 #endif /* MBEDTLS_CAMELLIA_ALT */
 
 /**
@@ -67,7 +65,7 @@
  * \param ctx      The CAMELLIA context to be initialized.
  *                 This must not be \c NULL.
  */
-void mbedtls_camellia_init( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_init(mbedtls_camellia_context *ctx);
 
 /**
  * \brief          Clear a CAMELLIA context.
@@ -76,7 +74,7 @@
  *                 in which case this function returns immediately. If it is not
  *                 \c NULL, it must be initialized.
  */
-void mbedtls_camellia_free( mbedtls_camellia_context *ctx );
+void mbedtls_camellia_free(mbedtls_camellia_context *ctx);
 
 /**
  * \brief          Perform a CAMELLIA key schedule operation for encryption.
@@ -90,9 +88,9 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_camellia_setkey_enc( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
+int mbedtls_camellia_setkey_enc(mbedtls_camellia_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits);
 
 /**
  * \brief          Perform a CAMELLIA key schedule operation for decryption.
@@ -106,9 +104,9 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_camellia_setkey_dec( mbedtls_camellia_context *ctx,
-                                 const unsigned char *key,
-                                 unsigned int keybits );
+int mbedtls_camellia_setkey_dec(mbedtls_camellia_context *ctx,
+                                const unsigned char *key,
+                                unsigned int keybits);
 
 /**
  * \brief          Perform a CAMELLIA-ECB block encryption/decryption operation.
@@ -125,10 +123,10 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_camellia_crypt_ecb( mbedtls_camellia_context *ctx,
-                    int mode,
-                    const unsigned char input[16],
-                    unsigned char output[16] );
+int mbedtls_camellia_crypt_ecb(mbedtls_camellia_context *ctx,
+                               int mode,
+                               const unsigned char input[16],
+                               unsigned char output[16]);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
@@ -159,12 +157,12 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_camellia_crypt_cbc( mbedtls_camellia_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[16],
-                    const unsigned char *input,
-                    unsigned char *output );
+int mbedtls_camellia_crypt_cbc(mbedtls_camellia_context *ctx,
+                               int mode,
+                               size_t length,
+                               unsigned char iv[16],
+                               const unsigned char *input,
+                               unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 #if defined(MBEDTLS_CIPHER_MODE_CFB)
@@ -205,13 +203,13 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_camellia_crypt_cfb128( mbedtls_camellia_context *ctx,
-                       int mode,
-                       size_t length,
-                       size_t *iv_off,
-                       unsigned char iv[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_camellia_crypt_cfb128(mbedtls_camellia_context *ctx,
+                                  int mode,
+                                  size_t length,
+                                  size_t *iv_off,
+                                  unsigned char iv[16],
+                                  const unsigned char *input,
+                                  unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CFB */
 
 #if defined(MBEDTLS_CIPHER_MODE_CTR)
@@ -289,13 +287,13 @@
  * \return              \c 0 if successful.
  * \return              A negative error code on failure.
  */
-int mbedtls_camellia_crypt_ctr( mbedtls_camellia_context *ctx,
-                       size_t length,
-                       size_t *nc_off,
-                       unsigned char nonce_counter[16],
-                       unsigned char stream_block[16],
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_camellia_crypt_ctr(mbedtls_camellia_context *ctx,
+                               size_t length,
+                               size_t *nc_off,
+                               unsigned char nonce_counter[16],
+                               unsigned char stream_block[16],
+                               const unsigned char *input,
+                               unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CTR */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -305,7 +303,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_camellia_self_test( int verbose );
+int mbedtls_camellia_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h
index b3adecc..77fc72a 100644
--- a/include/mbedtls/ccm.h
+++ b/include/mbedtls/ccm.h
@@ -52,15 +52,15 @@
 
 #include "mbedtls/cipher.h"
 
-#define MBEDTLS_CCM_DECRYPT       0
-#define MBEDTLS_CCM_ENCRYPT       1
-#define MBEDTLS_CCM_STAR_DECRYPT  2
-#define MBEDTLS_CCM_STAR_ENCRYPT  3
+#define MBEDTLS_CCM_DECRYPT      0
+#define MBEDTLS_CCM_ENCRYPT      1
+#define MBEDTLS_CCM_STAR_DECRYPT 2
+#define MBEDTLS_CCM_STAR_ENCRYPT 3
 
 /** Bad input parameters to the function. */
-#define MBEDTLS_ERR_CCM_BAD_INPUT       -0x000D
+#define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D
 /** Authenticated decryption failed. */
-#define MBEDTLS_ERR_CCM_AUTH_FAILED     -0x000F
+#define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F
 
 #ifdef __cplusplus
 extern "C" {
@@ -74,14 +74,13 @@
  * \brief    The CCM context-type definition. The CCM context is passed
  *           to the APIs called.
  */
-typedef struct mbedtls_ccm_context
-{
-    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
-}
-mbedtls_ccm_context;
+typedef struct mbedtls_ccm_context {
+    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+                                                             context used. */
+} mbedtls_ccm_context;
 
-#else  /* MBEDTLS_CCM_ALT */
-#include "ccm_alt.h"
+#else /* MBEDTLS_CCM_ALT */
+#    include "ccm_alt.h"
 #endif /* MBEDTLS_CCM_ALT */
 
 /**
@@ -91,7 +90,7 @@
  *
  * \param ctx       The CCM context to initialize. This must not be \c NULL.
  */
-void mbedtls_ccm_init( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_init(mbedtls_ccm_context *ctx);
 
 /**
  * \brief           This function initializes the CCM context set in the
@@ -106,10 +105,10 @@
  * \return          \c 0 on success.
  * \return          A CCM or cipher-specific error code on failure.
  */
-int mbedtls_ccm_setkey( mbedtls_ccm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
+int mbedtls_ccm_setkey(mbedtls_ccm_context *ctx,
+                       mbedtls_cipher_id_t cipher,
+                       const unsigned char *key,
+                       unsigned int keybits);
 
 /**
  * \brief   This function releases and clears the specified CCM context
@@ -118,7 +117,7 @@
  * \param ctx       The CCM context to clear. If this is \c NULL, the function
  *                  has no effect. Otherwise, this must be initialized.
  */
-void mbedtls_ccm_free( mbedtls_ccm_context *ctx );
+void mbedtls_ccm_free(mbedtls_ccm_context *ctx);
 
 /**
  * \brief           This function encrypts a buffer using CCM.
@@ -156,11 +155,16 @@
  * \return          \c 0 on success.
  * \return          A CCM or cipher-specific error code on failure.
  */
-int mbedtls_ccm_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_encrypt_and_tag(mbedtls_ccm_context *ctx,
+                                size_t length,
+                                const unsigned char *iv,
+                                size_t iv_len,
+                                const unsigned char *ad,
+                                size_t ad_len,
+                                const unsigned char *input,
+                                unsigned char *output,
+                                unsigned char *tag,
+                                size_t tag_len);
 
 /**
  * \brief           This function encrypts a buffer using CCM*.
@@ -204,11 +208,16 @@
  * \return          \c 0 on success.
  * \return          A CCM or cipher-specific error code on failure.
  */
-int mbedtls_ccm_star_encrypt_and_tag( mbedtls_ccm_context *ctx, size_t length,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, unsigned char *output,
-                         unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_encrypt_and_tag(mbedtls_ccm_context *ctx,
+                                     size_t length,
+                                     const unsigned char *iv,
+                                     size_t iv_len,
+                                     const unsigned char *ad,
+                                     size_t ad_len,
+                                     const unsigned char *input,
+                                     unsigned char *output,
+                                     unsigned char *tag,
+                                     size_t tag_len);
 
 /**
  * \brief           This function performs a CCM authenticated decryption of a
@@ -241,11 +250,16 @@
  * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
  * \return          A cipher-specific error code on calculation failure.
  */
-int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *ad, size_t ad_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_auth_decrypt(mbedtls_ccm_context *ctx,
+                             size_t length,
+                             const unsigned char *iv,
+                             size_t iv_len,
+                             const unsigned char *ad,
+                             size_t ad_len,
+                             const unsigned char *input,
+                             unsigned char *output,
+                             const unsigned char *tag,
+                             size_t tag_len);
 
 /**
  * \brief           This function performs a CCM* authenticated decryption of a
@@ -286,11 +300,16 @@
  * \return          #MBEDTLS_ERR_CCM_AUTH_FAILED if the tag does not match.
  * \return          A cipher-specific error code on calculation failure.
  */
-int mbedtls_ccm_star_auth_decrypt( mbedtls_ccm_context *ctx, size_t length,
-                      const unsigned char *iv, size_t iv_len,
-                      const unsigned char *ad, size_t ad_len,
-                      const unsigned char *input, unsigned char *output,
-                      const unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_star_auth_decrypt(mbedtls_ccm_context *ctx,
+                                  size_t length,
+                                  const unsigned char *iv,
+                                  size_t iv_len,
+                                  const unsigned char *ad,
+                                  size_t ad_len,
+                                  const unsigned char *input,
+                                  unsigned char *output,
+                                  const unsigned char *tag,
+                                  size_t tag_len);
 
 /**
  * \brief           This function starts a CCM encryption or decryption
@@ -320,10 +339,10 @@
  *                  \p iv_len is invalid (lower than \c 7 or greater than
  *                  \c 13).
  */
-int mbedtls_ccm_starts( mbedtls_ccm_context *ctx,
-                        int mode,
-                        const unsigned char *iv,
-                        size_t iv_len );
+int mbedtls_ccm_starts(mbedtls_ccm_context *ctx,
+                       int mode,
+                       const unsigned char *iv,
+                       size_t iv_len);
 
 /**
  * \brief           This function declares the lengths of the message
@@ -352,10 +371,10 @@
  *                  \p ctx is in an invalid state,
  *                  \p total_ad_len is greater than \c 0xFF00.
  */
-int mbedtls_ccm_set_lengths( mbedtls_ccm_context *ctx,
-                             size_t total_ad_len,
-                             size_t plaintext_len,
-                             size_t tag_len );
+int mbedtls_ccm_set_lengths(mbedtls_ccm_context *ctx,
+                            size_t total_ad_len,
+                            size_t plaintext_len,
+                            size_t tag_len);
 
 /**
  * \brief           This function feeds an input buffer as associated data
@@ -387,9 +406,9 @@
  *                  \p ctx is in an invalid state,
  *                  total input length too long.
  */
-int mbedtls_ccm_update_ad( mbedtls_ccm_context *ctx,
-                           const unsigned char *ad,
-                           size_t ad_len );
+int mbedtls_ccm_update_ad(mbedtls_ccm_context *ctx,
+                          const unsigned char *ad,
+                          size_t ad_len);
 
 /**
  * \brief           This function feeds an input buffer into an ongoing CCM
@@ -454,10 +473,12 @@
  *                 total input length too long,
  *                 or \p output_size too small.
  */
-int mbedtls_ccm_update( mbedtls_ccm_context *ctx,
-                        const unsigned char *input, size_t input_len,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_len );
+int mbedtls_ccm_update(mbedtls_ccm_context *ctx,
+                       const unsigned char *input,
+                       size_t input_len,
+                       unsigned char *output,
+                       size_t output_size,
+                       size_t *output_len);
 
 /**
  * \brief           This function finishes the CCM operation and generates
@@ -490,8 +511,9 @@
  *                  mbedtls_ccm_update() was lower than the plaintext length
  *                  \c plaintext_len passed to mbedtls_ccm_set_lengths().
  */
-int mbedtls_ccm_finish( mbedtls_ccm_context *ctx,
-                        unsigned char *tag, size_t tag_len );
+int mbedtls_ccm_finish(mbedtls_ccm_context *ctx,
+                       unsigned char *tag,
+                       size_t tag_len);
 
 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
 /**
@@ -500,7 +522,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_ccm_self_test( int verbose );
+int mbedtls_ccm_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/chacha20.h b/include/mbedtls/chacha20.h
index 8af16ed..dd5c7bf 100644
--- a/include/mbedtls/chacha20.h
+++ b/include/mbedtls/chacha20.h
@@ -39,7 +39,7 @@
 #include <stddef.h>
 
 /** Invalid input parameter(s). */
-#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA         -0x0051
+#define MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA -0x0051
 
 #ifdef __cplusplus
 extern "C" {
@@ -47,16 +47,16 @@
 
 #if !defined(MBEDTLS_CHACHA20_ALT)
 
-typedef struct mbedtls_chacha20_context
-{
-    uint32_t MBEDTLS_PRIVATE(state)[16];          /*! The state (before round operations). */
-    uint8_t  MBEDTLS_PRIVATE(keystream8)[64];     /*! Leftover keystream bytes. */
-    size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes already used. */
-}
-mbedtls_chacha20_context;
+typedef struct mbedtls_chacha20_context {
+    uint32_t MBEDTLS_PRIVATE(state)[16]; /*! The state (before round
+                                            operations). */
+    uint8_t MBEDTLS_PRIVATE(keystream8)[64]; /*! Leftover keystream bytes. */
+    size_t MBEDTLS_PRIVATE(keystream_bytes_used); /*! Number of keystream bytes
+                                                     already used. */
+} mbedtls_chacha20_context;
 
-#else  /* MBEDTLS_CHACHA20_ALT */
-#include "chacha20_alt.h"
+#else /* MBEDTLS_CHACHA20_ALT */
+#    include "chacha20_alt.h"
 #endif /* MBEDTLS_CHACHA20_ALT */
 
 /**
@@ -74,7 +74,7 @@
  * \param ctx       The ChaCha20 context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_chacha20_init( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_init(mbedtls_chacha20_context *ctx);
 
 /**
  * \brief           This function releases and clears the specified
@@ -85,7 +85,7 @@
  *                  \c NULL, it must point to an initialized context.
  *
  */
-void mbedtls_chacha20_free( mbedtls_chacha20_context *ctx );
+void mbedtls_chacha20_free(mbedtls_chacha20_context *ctx);
 
 /**
  * \brief           This function sets the encryption/decryption key.
@@ -103,8 +103,8 @@
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or key is NULL.
  */
-int mbedtls_chacha20_setkey( mbedtls_chacha20_context *ctx,
-                             const unsigned char key[32] );
+int mbedtls_chacha20_setkey(mbedtls_chacha20_context *ctx,
+                            const unsigned char key[32]);
 
 /**
  * \brief           This function sets the nonce and initial counter value.
@@ -125,9 +125,9 @@
  * \return          #MBEDTLS_ERR_CHACHA20_BAD_INPUT_DATA if ctx or nonce is
  *                  NULL.
  */
-int mbedtls_chacha20_starts( mbedtls_chacha20_context* ctx,
-                             const unsigned char nonce[12],
-                             uint32_t counter );
+int mbedtls_chacha20_starts(mbedtls_chacha20_context *ctx,
+                            const unsigned char nonce[12],
+                            uint32_t counter);
 
 /**
  * \brief           This function encrypts or decrypts data.
@@ -158,10 +158,10 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_chacha20_update( mbedtls_chacha20_context *ctx,
-                             size_t size,
-                             const unsigned char *input,
-                             unsigned char *output );
+int mbedtls_chacha20_update(mbedtls_chacha20_context *ctx,
+                            size_t size,
+                            const unsigned char *input,
+                            unsigned char *output);
 
 /**
  * \brief           This function encrypts or decrypts data with ChaCha20 and
@@ -191,12 +191,12 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_chacha20_crypt( const unsigned char key[32],
-                            const unsigned char nonce[12],
-                            uint32_t counter,
-                            size_t size,
-                            const unsigned char* input,
-                            unsigned char* output );
+int mbedtls_chacha20_crypt(const unsigned char key[32],
+                           const unsigned char nonce[12],
+                           uint32_t counter,
+                           size_t size,
+                           const unsigned char *input,
+                           unsigned char *output);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -205,7 +205,7 @@
  * \return          \c 0 on success.
  * \return          \c 1 on failure.
  */
-int mbedtls_chacha20_self_test( int verbose );
+int mbedtls_chacha20_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/chachapoly.h b/include/mbedtls/chachapoly.h
index 3f4318f..30fc91b 100644
--- a/include/mbedtls/chachapoly.h
+++ b/include/mbedtls/chachapoly.h
@@ -39,9 +39,9 @@
 #include "mbedtls/poly1305.h"
 
 /** The requested operation is not permitted in the current state. */
-#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE            -0x0054
+#define MBEDTLS_ERR_CHACHAPOLY_BAD_STATE -0x0054
 /** Authenticated decryption failed: data was not authentic. */
-#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED          -0x0056
+#define MBEDTLS_ERR_CHACHAPOLY_AUTH_FAILED -0x0056
 
 #ifdef __cplusplus
 extern "C" {
@@ -49,28 +49,31 @@
 
 typedef enum
 {
-    MBEDTLS_CHACHAPOLY_ENCRYPT,     /**< The mode value for performing encryption. */
-    MBEDTLS_CHACHAPOLY_DECRYPT      /**< The mode value for performing decryption. */
-}
-mbedtls_chachapoly_mode_t;
+    MBEDTLS_CHACHAPOLY_ENCRYPT, /**< The mode value for performing encryption.
+                                 */
+    MBEDTLS_CHACHAPOLY_DECRYPT /**< The mode value for performing decryption. */
+} mbedtls_chachapoly_mode_t;
 
 #if !defined(MBEDTLS_CHACHAPOLY_ALT)
 
-#include "mbedtls/chacha20.h"
+#    include "mbedtls/chacha20.h"
 
-typedef struct mbedtls_chachapoly_context
-{
-    mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx);  /**< The ChaCha20 context. */
-    mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx);  /**< The Poly1305 context. */
-    uint64_t MBEDTLS_PRIVATE(aad_len);                       /**< The length (bytes) of the Additional Authenticated Data. */
-    uint64_t MBEDTLS_PRIVATE(ciphertext_len);                /**< The length (bytes) of the ciphertext. */
-    int MBEDTLS_PRIVATE(state);                              /**< The current state of the context. */
-    mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode);         /**< Cipher mode (encrypt or decrypt). */
-}
-mbedtls_chachapoly_context;
+typedef struct mbedtls_chachapoly_context {
+    mbedtls_chacha20_context MBEDTLS_PRIVATE(chacha20_ctx); /**< The ChaCha20
+                                                               context. */
+    mbedtls_poly1305_context MBEDTLS_PRIVATE(poly1305_ctx); /**< The Poly1305
+                                                               context. */
+    uint64_t MBEDTLS_PRIVATE(aad_len); /**< The length (bytes) of the Additional
+                                          Authenticated Data. */
+    uint64_t MBEDTLS_PRIVATE(ciphertext_len); /**< The length (bytes) of the
+                                                 ciphertext. */
+    int MBEDTLS_PRIVATE(state); /**< The current state of the context. */
+    mbedtls_chachapoly_mode_t MBEDTLS_PRIVATE(mode); /**< Cipher mode (encrypt
+                                                        or decrypt). */
+} mbedtls_chachapoly_context;
 
 #else /* !MBEDTLS_CHACHAPOLY_ALT */
-#include "chachapoly_alt.h"
+#    include "chachapoly_alt.h"
 #endif /* !MBEDTLS_CHACHAPOLY_ALT */
 
 /**
@@ -115,7 +118,7 @@
  *
  * \param ctx       The ChachaPoly context to initialize. Must not be \c NULL.
  */
-void mbedtls_chachapoly_init( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_init(mbedtls_chachapoly_context *ctx);
 
 /**
  * \brief           This function releases and clears the specified
@@ -124,7 +127,7 @@
  * \param ctx       The ChachaPoly context to clear. This may be \c NULL, in which
  *                  case this function is a no-op.
  */
-void mbedtls_chachapoly_free( mbedtls_chachapoly_context *ctx );
+void mbedtls_chachapoly_free(mbedtls_chachapoly_context *ctx);
 
 /**
  * \brief           This function sets the ChaCha20-Poly1305
@@ -137,8 +140,8 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_chachapoly_setkey( mbedtls_chachapoly_context *ctx,
-                               const unsigned char key[32] );
+int mbedtls_chachapoly_setkey(mbedtls_chachapoly_context *ctx,
+                              const unsigned char key[32]);
 
 /**
  * \brief           This function starts a ChaCha20-Poly1305 encryption or
@@ -165,9 +168,9 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_chachapoly_starts( mbedtls_chachapoly_context *ctx,
-                               const unsigned char nonce[12],
-                               mbedtls_chachapoly_mode_t mode );
+int mbedtls_chachapoly_starts(mbedtls_chachapoly_context *ctx,
+                              const unsigned char nonce[12],
+                              mbedtls_chachapoly_mode_t mode);
 
 /**
  * \brief           This function feeds additional data to be authenticated
@@ -208,9 +211,9 @@
  *                  if the operations has not been started or has been
  *                  finished, or if the AAD has been finished.
  */
-int mbedtls_chachapoly_update_aad( mbedtls_chachapoly_context *ctx,
-                                   const unsigned char *aad,
-                                   size_t aad_len );
+int mbedtls_chachapoly_update_aad(mbedtls_chachapoly_context *ctx,
+                                  const unsigned char *aad,
+                                  size_t aad_len);
 
 /**
  * \brief           Thus function feeds data to be encrypted or decrypted
@@ -243,10 +246,10 @@
  *                  finished.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_chachapoly_update( mbedtls_chachapoly_context *ctx,
-                               size_t len,
-                               const unsigned char *input,
-                               unsigned char *output );
+int mbedtls_chachapoly_update(mbedtls_chachapoly_context *ctx,
+                              size_t len,
+                              const unsigned char *input,
+                              unsigned char *output);
 
 /**
  * \brief           This function finished the ChaCha20-Poly1305 operation and
@@ -264,8 +267,8 @@
  *                  finished.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_chachapoly_finish( mbedtls_chachapoly_context *ctx,
-                               unsigned char mac[16] );
+int mbedtls_chachapoly_finish(mbedtls_chachapoly_context *ctx,
+                              unsigned char mac[16]);
 
 /**
  * \brief           This function performs a complete ChaCha20-Poly1305
@@ -296,14 +299,14 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_chachapoly_encrypt_and_tag( mbedtls_chachapoly_context *ctx,
-                                        size_t length,
-                                        const unsigned char nonce[12],
-                                        const unsigned char *aad,
-                                        size_t aad_len,
-                                        const unsigned char *input,
-                                        unsigned char *output,
-                                        unsigned char tag[16] );
+int mbedtls_chachapoly_encrypt_and_tag(mbedtls_chachapoly_context *ctx,
+                                       size_t length,
+                                       const unsigned char nonce[12],
+                                       const unsigned char *aad,
+                                       size_t aad_len,
+                                       const unsigned char *input,
+                                       unsigned char *output,
+                                       unsigned char tag[16]);
 
 /**
  * \brief           This function performs a complete ChaCha20-Poly1305
@@ -330,14 +333,14 @@
  *                  if the data was not authentic.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_chachapoly_auth_decrypt( mbedtls_chachapoly_context *ctx,
-                                     size_t length,
-                                     const unsigned char nonce[12],
-                                     const unsigned char *aad,
-                                     size_t aad_len,
-                                     const unsigned char tag[16],
-                                     const unsigned char *input,
-                                     unsigned char *output );
+int mbedtls_chachapoly_auth_decrypt(mbedtls_chachapoly_context *ctx,
+                                    size_t length,
+                                    const unsigned char nonce[12],
+                                    const unsigned char *aad,
+                                    size_t aad_len,
+                                    const unsigned char tag[16],
+                                    const unsigned char *input,
+                                    unsigned char *output);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -346,7 +349,7 @@
  * \return          \c 0 on success.
  * \return          \c 1 on failure.
  */
-int mbedtls_chachapoly_self_test( int verbose );
+int mbedtls_chachapoly_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 84afcf0..f873d5a 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -29,791 +29,830 @@
  */
 #include <limits.h>
 #if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#    error "mbed TLS requires a platform with 8-bit chars"
 #endif
 
 #if defined(_WIN32)
-#if !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_C is required on Windows"
-#endif
+#    if !defined(MBEDTLS_PLATFORM_C)
+#        error "MBEDTLS_PLATFORM_C is required on Windows"
+#    endif
 
-/* Fix the config here. Not convenient to put an #ifdef _WIN32 in mbedtls_config.h as
- * it would confuse config.py. */
-#if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_SNPRINTF_ALT
-#endif
+/* Fix the config here. Not convenient to put an #ifdef _WIN32 in
+ * mbedtls_config.h as it would confuse config.py. */
+#    if !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && \
+        !defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#        define MBEDTLS_PLATFORM_SNPRINTF_ALT
+#    endif
 
-#if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
-    !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define MBEDTLS_PLATFORM_VSNPRINTF_ALT
-#endif
+#    if !defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT) && \
+        !defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#        define MBEDTLS_PLATFORM_VSNPRINTF_ALT
+#    endif
 #endif /* _WIN32 */
 
 #if defined(TARGET_LIKE_MBED) && defined(MBEDTLS_NET_C)
-#error "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
+#    error \
+        "The NET module is not available for mbed OS - please use the network functions provided by Mbed OS"
 #endif
 
-#if defined(MBEDTLS_DEPRECATED_WARNING) && \
-    !defined(__GNUC__) && !defined(__clang__)
-#error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
+#if defined(MBEDTLS_DEPRECATED_WARNING) && !defined(__GNUC__) && \
+    !defined(__clang__)
+#    error "MBEDTLS_DEPRECATED_WARNING only works with GCC and Clang"
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_HAVE_TIME)
-#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
+#    error \
+        "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
 #endif
 
 #if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
+#    error "MBEDTLS_AESNI_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
-#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
+#    error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_DHM_C) && !defined(MBEDTLS_BIGNUM_C)
-#error "MBEDTLS_DHM_C defined, but not all prerequisites"
+#    error "MBEDTLS_DHM_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_CMAC_C) && \
-    !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_DES_C)
-#error "MBEDTLS_CMAC_C defined, but not all prerequisites"
+#if defined(MBEDTLS_CMAC_C) && !defined(MBEDTLS_AES_C) && \
+    !defined(MBEDTLS_DES_C)
+#    error "MBEDTLS_CMAC_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_NIST_KW_C) && \
-    ( !defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C) )
-#error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
+    (!defined(MBEDTLS_AES_C) || !defined(MBEDTLS_CIPHER_C))
+#    error "MBEDTLS_NIST_KW_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECDH_C) && !defined(MBEDTLS_ECP_C)
-#error "MBEDTLS_ECDH_C defined, but not all prerequisites"
+#    error "MBEDTLS_ECDH_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECDSA_C) &&            \
-    ( !defined(MBEDTLS_ECP_C) ||           \
-      !( defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
-         defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) ||   \
-         defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) ||   \
-         defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ) || \
-      !defined(MBEDTLS_ASN1_PARSE_C) ||    \
-      !defined(MBEDTLS_ASN1_WRITE_C) )
-#error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECDSA_C) &&                     \
+    (!defined(MBEDTLS_ECP_C) ||                     \
+     !(defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || \
+       defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) ||   \
+       defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) ||   \
+       defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)) ||  \
+     !defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_ASN1_WRITE_C))
+#    error "MBEDTLS_ECDSA_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECJPAKE_C) &&           \
-    ( !defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECJPAKE_C) && \
+    (!defined(MBEDTLS_ECP_C) || !defined(MBEDTLS_MD_C))
+#    error "MBEDTLS_ECJPAKE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECP_RESTARTABLE)           && \
-    ( defined(MBEDTLS_USE_PSA_CRYPTO)          || \
-      defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) || \
-      defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT)     || \
-      defined(MBEDTLS_ECDSA_SIGN_ALT)          || \
-      defined(MBEDTLS_ECDSA_VERIFY_ALT)        || \
-      defined(MBEDTLS_ECDSA_GENKEY_ALT)        || \
-      defined(MBEDTLS_ECP_INTERNAL_ALT)        || \
-      defined(MBEDTLS_ECP_ALT) )
-#error "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
+#if defined(MBEDTLS_ECP_RESTARTABLE) &&                                        \
+    (defined(MBEDTLS_USE_PSA_CRYPTO) ||                                        \
+     defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) ||                               \
+     defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) ||                                   \
+     defined(MBEDTLS_ECDSA_SIGN_ALT) || defined(MBEDTLS_ECDSA_VERIFY_ALT) ||   \
+     defined(MBEDTLS_ECDSA_GENKEY_ALT) || defined(MBEDTLS_ECP_INTERNAL_ALT) || \
+     defined(MBEDTLS_ECP_ALT))
+#    error \
+        "MBEDTLS_ECP_RESTARTABLE defined, but it cannot coexist with an alternative or PSA-based ECP implementation"
 #endif
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC) && !defined(MBEDTLS_HMAC_DRBG_C)
-#error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
+#    error "MBEDTLS_ECDSA_DETERMINISTIC defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECP_C) && ( !defined(MBEDTLS_BIGNUM_C) || (    \
-    !defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) &&                 \
-    !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
-#error "MBEDTLS_ECP_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_C) && (!defined(MBEDTLS_BIGNUM_C) ||                   \
+                               (!defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) &&    \
+                                !defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) &&    \
+                                !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) &&    \
+                                !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) &&  \
+                                !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) && \
+                                !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)))
+#    error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_ASN1_PARSE_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
+#    error "MBEDTLS_PK_PARSE_C defined, but not all prerequesites"
 #endif
 
-#if defined(MBEDTLS_ENTROPY_C) && (!defined(MBEDTLS_SHA512_C) &&      \
-                                    !defined(MBEDTLS_SHA256_C))
-#error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && \
+    (!defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA256_C))
+#    error "MBEDTLS_ENTROPY_C defined, but not all prerequisites"
 #endif
-#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) &&         \
-    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_SHA512_C) && \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) &&                   \
+    (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 64)
+#    error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
 #endif
 #if defined(MBEDTLS_ENTROPY_C) &&                                            \
-    ( !defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256) ) \
-    && defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) && (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
-#error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
+    (!defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_ENTROPY_FORCE_SHA256)) && \
+    defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) &&                                 \
+    (MBEDTLS_CTR_DRBG_ENTROPY_LEN > 32)
+#    error "MBEDTLS_CTR_DRBG_ENTROPY_LEN value too high"
 #endif
-#if defined(MBEDTLS_ENTROPY_C) && \
-    defined(MBEDTLS_ENTROPY_FORCE_SHA256) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_C) && defined(MBEDTLS_ENTROPY_FORCE_SHA256) && \
+    !defined(MBEDTLS_SHA256_C)
+#    error "MBEDTLS_ENTROPY_FORCE_SHA256 defined, but not all prerequisites"
 #endif
 
 #if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#define MBEDTLS_HAS_MEMSAN
+#    if __has_feature(memory_sanitizer)
+#        define MBEDTLS_HAS_MEMSAN
+#    endif
 #endif
-#endif
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) &&  !defined(MBEDTLS_HAS_MEMSAN)
-#error "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
+#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) && !defined(MBEDTLS_HAS_MEMSAN)
+#    error \
+        "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN requires building with MemorySanitizer"
 #endif
 #undef MBEDTLS_HAS_MEMSAN
 
-#if defined(MBEDTLS_GCM_C) && (                                        \
-        !defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && !defined(MBEDTLS_ARIA_C) )
-#error "MBEDTLS_GCM_C defined, but not all prerequisites"
+#if defined(MBEDTLS_GCM_C) &&                                   \
+    (!defined(MBEDTLS_AES_C) && !defined(MBEDTLS_CAMELLIA_C) && \
+     !defined(MBEDTLS_ARIA_C))
+#    error "MBEDTLS_GCM_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && \
+    !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#    error \
+        "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && \
+    !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#    error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_ECP_NO_FALLBACK) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
-#error "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
+#    error \
+        "MBEDTLS_ECP_NO_FALLBACK defined, but no alternative implementation enabled"
 #endif
 
 #if defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HKDF_C defined, but not all prerequisites"
+#    error "MBEDTLS_HKDF_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_HMAC_DRBG_C) && !defined(MBEDTLS_MD_C)
-#error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
+#    error "MBEDTLS_HMAC_DRBG_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) &&       \
+    (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
+     !defined(MBEDTLS_X509_CRT_PARSE_C))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) &&       \
+    (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
+     !defined(MBEDTLS_X509_CRT_PARSE_C))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) && !defined(MBEDTLS_DHM_C)
-#error "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) &&                     \
-    !defined(MBEDTLS_ECDH_C)
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) && !defined(MBEDTLS_ECDH_C)
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&                   \
-    ( !defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) ||           \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) &&       \
+    (!defined(MBEDTLS_DHM_C) || !defined(MBEDTLS_RSA_C) || \
+     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) &&      \
+    (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_RSA_C) || \
+     !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_PKCS1_V15))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&                 \
-    ( !defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) ||          \
-      !defined(MBEDTLS_X509_CRT_PARSE_C) )
-#error "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) &&      \
+    (!defined(MBEDTLS_ECDH_C) || !defined(MBEDTLS_ECDSA_C) || \
+     !defined(MBEDTLS_X509_CRT_PARSE_C))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                   \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) &&                  \
+    (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+     !defined(MBEDTLS_PKCS1_V15))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                       \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
-      !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) &&                      \
+    (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_X509_CRT_PARSE_C) || \
+     !defined(MBEDTLS_PKCS1_V15))
+#    error "MBEDTLS_KEY_EXCHANGE_RSA_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&                    \
-    ( !defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) ||      \
-      !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) )
-#error "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
+#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) &&              \
+    (!defined(MBEDTLS_ECJPAKE_C) || !defined(MBEDTLS_SHA256_C) || \
+     !defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED))
+#    error \
+        "MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&        \
-    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) &&              \
-    ( !defined(MBEDTLS_SHA256_C) &&                             \
-      !defined(MBEDTLS_SHA512_C) &&                             \
-      !defined(MBEDTLS_SHA1_C) )
-#error "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&           \
+    !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE) &&               \
+    (!defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) && \
+     !defined(MBEDTLS_SHA1_C))
+#    error \
+        "!MBEDTLS_SSL_KEEP_PEER_CERTIFICATE requires MBEDTLS_SHA512_C, MBEDTLS_SHA256_C or MBEDTLS_SHA1_C"
 #endif
 
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) &&                          \
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
+#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+#    error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
+#    error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
 #endif
 
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
+#    error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
 #endif
 
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
+#    error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PEM_PARSE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
+#    error "MBEDTLS_PEM_PARSE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PEM_WRITE_C) && !defined(MBEDTLS_BASE64_C)
-#error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
+#    error "MBEDTLS_PEM_WRITE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PK_C) && \
-    ( !defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C) )
-#error "MBEDTLS_PK_C defined, but not all prerequisites"
+    (!defined(MBEDTLS_RSA_C) && !defined(MBEDTLS_ECP_C))
+#    error "MBEDTLS_PK_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PK_PARSE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
+#    error "MBEDTLS_PK_PARSE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PK_WRITE_C) && !defined(MBEDTLS_PK_C)
-#error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
+#    error "MBEDTLS_PK_WRITE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_EXIT_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_EXIT_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_EXIT_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_EXIT) ||\
-        defined(MBEDTLS_PLATFORM_EXIT_ALT) )
-#error "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_EXIT_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_EXIT) || defined(MBEDTLS_PLATFORM_EXIT_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_EXIT_MACRO and MBEDTLS_PLATFORM_STD_EXIT/MBEDTLS_PLATFORM_EXIT_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_TIME_ALT) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_ALT) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+#    error "MBEDTLS_PLATFORM_TIME_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+#    error "MBEDTLS_PLATFORM_TIME_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_HAVE_TIME))
+#    error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_TIME_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_TIME) || defined(MBEDTLS_PLATFORM_TIME_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_TIME_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_TIME) ||\
-        defined(MBEDTLS_PLATFORM_TIME_ALT) )
-#error "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_TIME_TYPE_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_TIME) || defined(MBEDTLS_PLATFORM_TIME_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_TIME_TYPE_MACRO and MBEDTLS_PLATFORM_STD_TIME/MBEDTLS_PLATFORM_TIME_ALT cannot be defined simultaneously"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_FPRINTF_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_FPRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_FPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_FPRINTF) ||  \
+     defined(MBEDTLS_PLATFORM_FPRINTF_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_FPRINTF_MACRO and MBEDTLS_PLATFORM_STD_FPRINTF/MBEDTLS_PLATFORM_FPRINTF_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+#    error "MBEDTLS_PLATFORM_FREE_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) &&\
-    defined(MBEDTLS_PLATFORM_STD_FREE)
-#error "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && defined(MBEDTLS_PLATFORM_STD_FREE)
+#    error \
+        "MBEDTLS_PLATFORM_FREE_MACRO and MBEDTLS_PLATFORM_STD_FREE cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
+#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+    !defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#    error \
+        "MBEDTLS_PLATFORM_CALLOC_MACRO must be defined if MBEDTLS_PLATFORM_FREE_MACRO is"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY) )
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_PLATFORM_MEMORY))
+#    error "MBEDTLS_PLATFORM_CALLOC_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) &&\
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
     defined(MBEDTLS_PLATFORM_STD_CALLOC)
-#error "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
+#    error \
+        "MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_STD_CALLOC cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && !defined(MBEDTLS_PLATFORM_FREE_MACRO)
-#error "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
+#if defined(MBEDTLS_PLATFORM_CALLOC_MACRO) && \
+    !defined(MBEDTLS_PLATFORM_FREE_MACRO)
+#    error \
+        "MBEDTLS_PLATFORM_FREE_MACRO must be defined if MBEDTLS_PLATFORM_CALLOC_MACRO is"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_MEMORY) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_MEMORY defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_PRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_PRINTF_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_PRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_PRINTF) ||\
-        defined(MBEDTLS_PLATFORM_PRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_PRINTF) ||  \
+     defined(MBEDTLS_PLATFORM_PRINTF_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_PRINTF_MACRO and MBEDTLS_PLATFORM_STD_PRINTF/MBEDTLS_PLATFORM_PRINTF_ALT cannot be defined simultaneously"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_SNPRINTF_ALT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && !defined(MBEDTLS_PLATFORM_C)
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_SNPRINTF_MACRO defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||\
-        defined(MBEDTLS_PLATFORM_SNPRINTF_ALT) )
-#error "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_SNPRINTF) ||  \
+     defined(MBEDTLS_PLATFORM_SNPRINTF_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_SNPRINTF_MACRO and MBEDTLS_PLATFORM_STD_SNPRINTF/MBEDTLS_PLATFORM_SNPRINTF_ALT cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) &&\
+#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR) && \
     !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_MEM_HDR defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_STD_CALLOC) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_CALLOC defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PLATFORM_STD_FREE) && !defined(MBEDTLS_PLATFORM_MEMORY)
-#error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_FREE defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_EXIT) &&\
-    !defined(MBEDTLS_PLATFORM_EXIT_ALT)
-#error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_EXIT) && !defined(MBEDTLS_PLATFORM_EXIT_ALT)
+#    error "MBEDTLS_PLATFORM_STD_EXIT defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_TIME) &&\
-    ( !defined(MBEDTLS_PLATFORM_TIME_ALT) ||\
-        !defined(MBEDTLS_HAVE_TIME) )
-#error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_STD_TIME) && \
+    (!defined(MBEDTLS_PLATFORM_TIME_ALT) || !defined(MBEDTLS_HAVE_TIME))
+#    error "MBEDTLS_PLATFORM_STD_TIME defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_FPRINTF) && \
     !defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_FPRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_PRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_PRINTF) && \
     !defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_PRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) &&\
+#if defined(MBEDTLS_PLATFORM_STD_SNPRINTF) && \
     !defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-#error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
+#    error "MBEDTLS_PLATFORM_STD_SNPRINTF defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_ENTROPY_NV_SEED) &&\
-    ( !defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C) )
-#error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
+#if defined(MBEDTLS_ENTROPY_NV_SEED) && \
+    (!defined(MBEDTLS_PLATFORM_C) || !defined(MBEDTLS_ENTROPY_C))
+#    error "MBEDTLS_ENTROPY_NV_SEED defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) &&\
-    !defined(MBEDTLS_ENTROPY_NV_SEED)
-#error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) && !defined(MBEDTLS_ENTROPY_NV_SEED)
+#    error "MBEDTLS_PLATFORM_NV_SEED_ALT defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) &&\
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) && \
     !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
+#    error \
+        "MBEDTLS_PLATFORM_STD_NV_SEED_READ defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) &&\
+#if defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) && \
     !defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-#error "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
+#    error \
+        "MBEDTLS_PLATFORM_STD_NV_SEED_WRITE defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ) ||  \
+     defined(MBEDTLS_PLATFORM_NV_SEED_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_NV_SEED_READ_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_READ cannot be defined simultaneously"
 #endif
 
-#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) &&\
-    ( defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||\
-      defined(MBEDTLS_PLATFORM_NV_SEED_ALT) )
-#error "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
+#if defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO) && \
+    (defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE) ||  \
+     defined(MBEDTLS_PLATFORM_NV_SEED_ALT))
+#    error \
+        "MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO and MBEDTLS_PLATFORM_STD_NV_SEED_WRITE cannot be defined simultaneously"
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_C) &&                                    \
-    !( ( ( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) ) && \
-         defined(MBEDTLS_ENTROPY_C) ) ||                                \
-       defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) )
-#error "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
+    !(((defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C)) && \
+       defined(MBEDTLS_ENTROPY_C)) ||                                   \
+      defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG))
+#    error \
+        "MBEDTLS_PSA_CRYPTO_C defined, but not all prerequisites (missing RNG)"
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_SPM) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
+#    error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C) &&    \
-    ! ( defined(MBEDTLS_PSA_CRYPTO_C) && \
-        defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) )
-#error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_CRYPTO_SE_C) && \
+    !(defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_C))
+#    error "MBEDTLS_PSA_CRYPTO_SE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) &&            \
-    ! defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && !defined(MBEDTLS_PSA_CRYPTO_C)
+#    error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&      \
-    !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
-       defined(MBEDTLS_ENTROPY_NV_SEED) )
-#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&     \
+    !(defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \
+      defined(MBEDTLS_ENTROPY_NV_SEED))
+#    error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
     !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
+#    error \
+        "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources"
 #endif
 
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY) &&              \
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \
     defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
+#    error \
+        "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
 #endif
 
-#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
-    !defined(MBEDTLS_FS_IO)
-#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_PSA_ITS_FILE_C) && !defined(MBEDTLS_FS_IO)
+#    error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER) && \
     defined(MBEDTLS_USE_PSA_CRYPTO)
-#error "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
+#    error \
+        "MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER defined, but it cannot coexist with MBEDTLS_USE_PSA_CRYPTO."
 #endif
 
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) ||         \
-    !defined(MBEDTLS_OID_C) )
-#error "MBEDTLS_RSA_C defined, but not all prerequisites"
+#if defined(MBEDTLS_RSA_C) && \
+    (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C))
+#    error "MBEDTLS_RSA_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_PKCS1_V21) &&         \
-    !defined(MBEDTLS_PKCS1_V15) )
-#error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
+#if defined(MBEDTLS_RSA_C) && \
+    (!defined(MBEDTLS_PKCS1_V21) && !defined(MBEDTLS_PKCS1_V15))
+#    error "MBEDTLS_RSA_C defined, but none of the PKCS1 versions enabled"
 #endif
 
-#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) &&                        \
-    ( !defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21) )
-#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) && \
+    (!defined(MBEDTLS_RSA_C) || !defined(MBEDTLS_PKCS1_V21))
+#    error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
-#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
+#    error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
 #endif
 
 #if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
-#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
+#    error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
 #endif
 
 #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
-#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
+#    error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && ( !defined(MBEDTLS_SHA1_C) &&     \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                       \
+    (!defined(MBEDTLS_SHA1_C) && !defined(MBEDTLS_SHA256_C) && \
+     !defined(MBEDTLS_SHA512_C))
+#    error "MBEDTLS_SSL_PROTO_TLS1_2 defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) && ( !defined(MBEDTLS_HKDF_C) && \
-    !defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA512_C) )
-#error "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL) &&          \
+    (!defined(MBEDTLS_HKDF_C) && !defined(MBEDTLS_SHA256_C) && \
+     !defined(MBEDTLS_SHA512_C))
+#    error \
+        "MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                                    \
-    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) ||                  \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||                     \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||                   \
-      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||                          \
-      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||                      \
-      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||                    \
-      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) )
-#error "One or more versions of the TLS protocol are enabled " \
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) &&                   \
+    !(defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||         \
+      defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||     \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||   \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||    \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) ||  \
+      defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||         \
+      defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||     \
+      defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||     \
+      defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||   \
+      defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED))
+#    error "One or more versions of the TLS protocol are enabled " \
         "but no key exchange methods defined with MBEDTLS_KEY_EXCHANGE_xxxx"
 #endif
 
-#if defined(MBEDTLS_SSL_PROTO_DTLS)     && \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#    error "MBEDTLS_SSL_PROTO_DTLS defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_CLI_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
+#    error "MBEDTLS_SSL_CLI_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_TLS_C) && ( !defined(MBEDTLS_CIPHER_C) ||     \
-    !defined(MBEDTLS_MD_C) )
-#error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_TLS_C) && \
+    (!defined(MBEDTLS_CIPHER_C) || !defined(MBEDTLS_MD_C))
+#    error "MBEDTLS_SSL_TLS_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_SRV_C) && !defined(MBEDTLS_SSL_TLS_C)
-#error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
+#    error "MBEDTLS_SSL_SRV_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_TLS_C) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
+#    error "MBEDTLS_SSL_TLS_C defined, but no protocols are active"
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && !defined(MBEDTLS_SSL_PROTO_DTLS)
-#error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
+#    error "MBEDTLS_SSL_DTLS_HELLO_VERIFY  defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE) && \
     !defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY)
-#error "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
+#    error \
+        "MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE  defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY) && \
+    (!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS))
+#    error "MBEDTLS_SSL_DTLS_ANTI_REPLAY  defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) &&                              \
-    ( !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_CONNECTION_ID  defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    (!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_PROTO_DTLS))
+#    error "MBEDTLS_SSL_DTLS_CONNECTION_ID  defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                 \
-    defined(MBEDTLS_SSL_CID_IN_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_IN_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    defined(MBEDTLS_SSL_CID_IN_LEN_MAX) && MBEDTLS_SSL_CID_IN_LEN_MAX > 255
+#    error "MBEDTLS_SSL_CID_IN_LEN_MAX too large (max 255)"
 #endif
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)            &&                  \
-    defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) &&                 \
-    MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
-#error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) && \
+    defined(MBEDTLS_SSL_CID_OUT_LEN_MAX) && MBEDTLS_SSL_CID_OUT_LEN_MAX > 255
+#    error "MBEDTLS_SSL_CID_OUT_LEN_MAX too large (max 255)"
 #endif
 
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) &&   \
-    !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && !defined(MBEDTLS_SSL_PROTO_TLS1_2)
+#    error "MBEDTLS_SSL_ENCRYPT_THEN_MAC defined, but not all prerequsites"
 #endif
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) && \
     !defined(MBEDTLS_SSL_PROTO_TLS1_2)
-#error "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
+#    error \
+        "MBEDTLS_SSL_EXTENDED_MASTER_SECRET defined, but not all prerequsites"
 #endif
 
 #if defined(MBEDTLS_SSL_TICKET_C) && !defined(MBEDTLS_CIPHER_C)
-#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
+#    error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
-        !defined(MBEDTLS_X509_CRT_PARSE_C)
-#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
+    !defined(MBEDTLS_X509_CRT_PARSE_C)
+#    error \
+        "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
+#    if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#        error "MBEDTLS_THREADING_PTHREAD defined, but not all prerequisites"
+#    endif
+#    define MBEDTLS_THREADING_IMPL
 #endif
 
 #if defined(MBEDTLS_THREADING_ALT)
-#if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
-#endif
-#define MBEDTLS_THREADING_IMPL
+#    if !defined(MBEDTLS_THREADING_C) || defined(MBEDTLS_THREADING_IMPL)
+#        error "MBEDTLS_THREADING_ALT defined, but not all prerequisites"
+#    endif
+#    define MBEDTLS_THREADING_IMPL
 #endif
 
 #if defined(MBEDTLS_THREADING_C) && !defined(MBEDTLS_THREADING_IMPL)
-#error "MBEDTLS_THREADING_C defined, single threading implementation required"
+#    error \
+        "MBEDTLS_THREADING_C defined, single threading implementation required"
 #endif
 #undef MBEDTLS_THREADING_IMPL
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO) && !defined(MBEDTLS_PSA_CRYPTO_C)
-#error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
+#    error "MBEDTLS_USE_PSA_CRYPTO defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_VERSION_FEATURES) && !defined(MBEDTLS_VERSION_C)
-#error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
+#    error "MBEDTLS_VERSION_FEATURES defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_USE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_PARSE_C) ||      \
-    !defined(MBEDTLS_PK_PARSE_C) )
-#error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_USE_C) &&                            \
+    (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C) || \
+     !defined(MBEDTLS_ASN1_PARSE_C) || !defined(MBEDTLS_PK_PARSE_C))
+#    error "MBEDTLS_X509_USE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CREATE_C) && ( !defined(MBEDTLS_BIGNUM_C) ||  \
-    !defined(MBEDTLS_OID_C) || !defined(MBEDTLS_ASN1_WRITE_C) ||       \
-    !defined(MBEDTLS_PK_WRITE_C) )
-#error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CREATE_C) &&                         \
+    (!defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_OID_C) || \
+     !defined(MBEDTLS_ASN1_WRITE_C) || !defined(MBEDTLS_PK_WRITE_C))
+#    error "MBEDTLS_X509_CREATE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+#    error "MBEDTLS_X509_CRT_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CRL_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRL_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+#    error "MBEDTLS_X509_CRL_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CSR_PARSE_C) && ( !defined(MBEDTLS_X509_USE_C) )
-#error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_PARSE_C) && (!defined(MBEDTLS_X509_USE_C))
+#    error "MBEDTLS_X509_CSR_PARSE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CRT_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CRT_WRITE_C) && (!defined(MBEDTLS_X509_CREATE_C))
+#    error "MBEDTLS_X509_CRT_WRITE_C defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_X509_CSR_WRITE_C) && ( !defined(MBEDTLS_X509_CREATE_C) )
-#error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
+#if defined(MBEDTLS_X509_CSR_WRITE_C) && (!defined(MBEDTLS_X509_CREATE_C))
+#    error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites"
 #endif
 
 #if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64)
-#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
+#    error \
+        "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously"
 #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */
 
-#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \
+#if (defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64)) && \
     defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
+#    error \
+        "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously"
 #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */
 
-#if defined(MBEDTLS_SSL_DTLS_SRTP) && ( !defined(MBEDTLS_SSL_PROTO_DTLS) )
-#error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_DTLS_SRTP) && (!defined(MBEDTLS_SSL_PROTO_DTLS))
+#    error "MBEDTLS_SSL_DTLS_SRTP defined, but not all prerequisites"
 #endif
 
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && ( !defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) )
-#error "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) && \
+    (!defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH))
+#    error \
+        "MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH defined, but not all prerequisites"
 #endif
 
-
-
 /* Reject attempts to enable options that have been removed and that could
  * cause a build to succeed but with features removed. */
 
 #if defined(MBEDTLS_HAVEGE_C) //no-check-names
-#error "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
+#    error \
+        "MBEDTLS_HAVEGE_C was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/2599"
 #endif
 
 #if defined(MBEDTLS_SSL_HW_RECORD_ACCEL) //no-check-names
-#error "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#    error \
+        "MBEDTLS_SSL_HW_RECORD_ACCEL was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 
 #if defined(MBEDTLS_SSL_PROTO_SSL3) //no-check-names
-#error "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#    error \
+        "MBEDTLS_SSL_PROTO_SSL3 (SSL v3.0 support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 
 #if defined(MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO) //no-check-names
-#error "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#    error \
+        "MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO (SSL v2 ClientHello support) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#    error \
+        "MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT (compatibility with the buggy implementation of truncated HMAC in Mbed TLS up to 2.7) was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 
 #if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES) //no-check-names
-#error "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
+#    error \
+        "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES was removed in Mbed TLS 3.0. See the ChangeLog entry if you really need SHA-1-signed certificates."
 #endif
 
 #if defined(MBEDTLS_ZLIB_SUPPORT) //no-check-names
-#error "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
+#    error \
+        "MBEDTLS_ZLIB_SUPPORT was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4031"
 #endif
 
 #if defined(MBEDTLS_CHECK_PARAMS) //no-check-names
-#error "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
+#    error \
+        "MBEDTLS_CHECK_PARAMS was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4313"
 #endif
 
 #if defined(MBEDTLS_SSL_CID_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#    error \
+        "MBEDTLS_SSL_CID_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
 #endif
 
 #if defined(MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY) //no-check-names
-#error "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
+#    error \
+        "MBEDTLS_SSL_TLS1_3_PADDING_GRANULARITY was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4335"
 #endif
 
 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC) //no-check-names
-#error "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
+#    error \
+        "MBEDTLS_SSL_TRUNCATED_HMAC was removed in Mbed TLS 3.0. See https://github.com/ARMmbed/mbedtls/issues/4341"
 #endif
 
 /*
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index d432830..4dbfa9d 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -33,43 +33,43 @@
 #include <stddef.h>
 #include "mbedtls/platform_util.h"
 
-#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
-#define MBEDTLS_CIPHER_MODE_AEAD
+#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CCM_C) || \
+    defined(MBEDTLS_CHACHAPOLY_C)
+#    define MBEDTLS_CIPHER_MODE_AEAD
 #endif
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_CIPHER_MODE_WITH_PADDING
+#    define MBEDTLS_CIPHER_MODE_WITH_PADDING
 #endif
 
-#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || \
-    defined(MBEDTLS_CHACHA20_C)
-#define MBEDTLS_CIPHER_MODE_STREAM
+#if defined(MBEDTLS_CIPHER_NULL_CIPHER) || defined(MBEDTLS_CHACHA20_C)
+#    define MBEDTLS_CIPHER_MODE_STREAM
 #endif
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+    !defined(__cplusplus)
+#    define inline __inline
 #endif
 
 /** The selected feature is not available. */
-#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE  -0x6080
+#define MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE -0x6080
 /** Bad input parameters. */
-#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA       -0x6100
+#define MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA -0x6100
 /** Failed to allocate memory. */
-#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180
+#define MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
 /** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_CIPHER_INVALID_PADDING      -0x6200
+#define MBEDTLS_ERR_CIPHER_INVALID_PADDING -0x6200
 /** Decryption of block requires a full block. */
-#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED  -0x6280
+#define MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED -0x6280
 /** Authentication failed (for AEAD modes). */
-#define MBEDTLS_ERR_CIPHER_AUTH_FAILED          -0x6300
+#define MBEDTLS_ERR_CIPHER_AUTH_FAILED -0x6300
 /** The context is invalid. For example, because it was freed. */
-#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT      -0x6380
+#define MBEDTLS_ERR_CIPHER_INVALID_CONTEXT -0x6380
 
 /** Cipher accepts IVs of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_IV_LEN     0x01
+#define MBEDTLS_CIPHER_VARIABLE_IV_LEN 0x01
 /** Cipher accepts keys of variable length. */
-#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN    0x02
+#define MBEDTLS_CIPHER_VARIABLE_KEY_LEN 0x02
 
 #ifdef __cplusplus
 extern "C" {
@@ -82,15 +82,18 @@
  *            constitutes a security risk. Arm recommends considering stronger
  *            ciphers instead.
  */
-typedef enum {
-    MBEDTLS_CIPHER_ID_NONE = 0,  /**< Placeholder to mark the end of cipher ID lists. */
-    MBEDTLS_CIPHER_ID_NULL,      /**< The identity cipher, treated as a stream cipher. */
-    MBEDTLS_CIPHER_ID_AES,       /**< The AES cipher. */
-    MBEDTLS_CIPHER_ID_DES,       /**< The DES cipher. */
-    MBEDTLS_CIPHER_ID_3DES,      /**< The Triple DES cipher. */
-    MBEDTLS_CIPHER_ID_CAMELLIA,  /**< The Camellia cipher. */
-    MBEDTLS_CIPHER_ID_ARIA,      /**< The Aria cipher. */
-    MBEDTLS_CIPHER_ID_CHACHA20,  /**< The ChaCha20 cipher. */
+typedef enum
+{
+    MBEDTLS_CIPHER_ID_NONE = 0, /**< Placeholder to mark the end of cipher ID
+                                   lists. */
+    MBEDTLS_CIPHER_ID_NULL, /**< The identity cipher, treated as a stream
+                               cipher. */
+    MBEDTLS_CIPHER_ID_AES, /**< The AES cipher. */
+    MBEDTLS_CIPHER_ID_DES, /**< The DES cipher. */
+    MBEDTLS_CIPHER_ID_3DES, /**< The Triple DES cipher. */
+    MBEDTLS_CIPHER_ID_CAMELLIA, /**< The Camellia cipher. */
+    MBEDTLS_CIPHER_ID_ARIA, /**< The Aria cipher. */
+    MBEDTLS_CIPHER_ID_CHACHA20, /**< The ChaCha20 cipher. */
 } mbedtls_cipher_id_t;
 
 /**
@@ -100,122 +103,164 @@
  *            constitutes a security risk. Arm recommends considering stronger
  *            ciphers instead.
  */
-typedef enum {
-    MBEDTLS_CIPHER_NONE = 0,             /**< Placeholder to mark the end of cipher-pair lists. */
-    MBEDTLS_CIPHER_NULL,                 /**< The identity stream cipher. */
-    MBEDTLS_CIPHER_AES_128_ECB,          /**< AES cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_192_ECB,          /**< AES cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_256_ECB,          /**< AES cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_AES_128_CBC,          /**< AES cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_192_CBC,          /**< AES cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_256_CBC,          /**< AES cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_AES_128_CFB128,       /**< AES cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_192_CFB128,       /**< AES cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_256_CFB128,       /**< AES cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_AES_128_CTR,          /**< AES cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_192_CTR,          /**< AES cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_256_CTR,          /**< AES cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_AES_128_GCM,          /**< AES cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_192_GCM,          /**< AES cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_AES_256_GCM,          /**< AES cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_ECB,     /**< Camellia cipher with 128-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_ECB,     /**< Camellia cipher with 192-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_ECB,     /**< Camellia cipher with 256-bit ECB mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CBC,     /**< Camellia cipher with 128-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CBC,     /**< Camellia cipher with 192-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CBC,     /**< Camellia cipher with 256-bit CBC mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CFB128,  /**< Camellia cipher with 128-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CFB128,  /**< Camellia cipher with 192-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CFB128,  /**< Camellia cipher with 256-bit CFB128 mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CTR,     /**< Camellia cipher with 128-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CTR,     /**< Camellia cipher with 192-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CTR,     /**< Camellia cipher with 256-bit CTR mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_GCM,     /**< Camellia cipher with 128-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_GCM,     /**< Camellia cipher with 192-bit GCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_GCM,     /**< Camellia cipher with 256-bit GCM mode. */
-    MBEDTLS_CIPHER_DES_ECB,              /**< DES cipher with ECB mode. */
-    MBEDTLS_CIPHER_DES_CBC,              /**< DES cipher with CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE_ECB,          /**< DES cipher with EDE ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE_CBC,          /**< DES cipher with EDE CBC mode. */
-    MBEDTLS_CIPHER_DES_EDE3_ECB,         /**< DES cipher with EDE3 ECB mode. */
-    MBEDTLS_CIPHER_DES_EDE3_CBC,         /**< DES cipher with EDE3 CBC mode. */
-    MBEDTLS_CIPHER_AES_128_CCM,          /**< AES cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_192_CCM,          /**< AES cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_AES_256_CCM,          /**< AES cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_128_CCM,     /**< Camellia cipher with 128-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_192_CCM,     /**< Camellia cipher with 192-bit CCM mode. */
-    MBEDTLS_CIPHER_CAMELLIA_256_CCM,     /**< Camellia cipher with 256-bit CCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_ECB,         /**< Aria cipher with 128-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_192_ECB,         /**< Aria cipher with 192-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_256_ECB,         /**< Aria cipher with 256-bit key and ECB mode. */
-    MBEDTLS_CIPHER_ARIA_128_CBC,         /**< Aria cipher with 128-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_192_CBC,         /**< Aria cipher with 192-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_256_CBC,         /**< Aria cipher with 256-bit key and CBC mode. */
-    MBEDTLS_CIPHER_ARIA_128_CFB128,      /**< Aria cipher with 128-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_192_CFB128,      /**< Aria cipher with 192-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_256_CFB128,      /**< Aria cipher with 256-bit key and CFB-128 mode. */
-    MBEDTLS_CIPHER_ARIA_128_CTR,         /**< Aria cipher with 128-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_192_CTR,         /**< Aria cipher with 192-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_256_CTR,         /**< Aria cipher with 256-bit key and CTR mode. */
-    MBEDTLS_CIPHER_ARIA_128_GCM,         /**< Aria cipher with 128-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_GCM,         /**< Aria cipher with 192-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_GCM,         /**< Aria cipher with 256-bit key and GCM mode. */
-    MBEDTLS_CIPHER_ARIA_128_CCM,         /**< Aria cipher with 128-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_192_CCM,         /**< Aria cipher with 192-bit key and CCM mode. */
-    MBEDTLS_CIPHER_ARIA_256_CCM,         /**< Aria cipher with 256-bit key and CCM mode. */
-    MBEDTLS_CIPHER_AES_128_OFB,          /**< AES 128-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_192_OFB,          /**< AES 192-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_256_OFB,          /**< AES 256-bit cipher in OFB mode. */
-    MBEDTLS_CIPHER_AES_128_XTS,          /**< AES 128-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_AES_256_XTS,          /**< AES 256-bit cipher in XTS block mode. */
-    MBEDTLS_CIPHER_CHACHA20,             /**< ChaCha20 stream cipher. */
-    MBEDTLS_CIPHER_CHACHA20_POLY1305,    /**< ChaCha20-Poly1305 AEAD cipher. */
-    MBEDTLS_CIPHER_AES_128_KW,           /**< AES cipher with 128-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_192_KW,           /**< AES cipher with 192-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_256_KW,           /**< AES cipher with 256-bit NIST KW mode. */
-    MBEDTLS_CIPHER_AES_128_KWP,          /**< AES cipher with 128-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_192_KWP,          /**< AES cipher with 192-bit NIST KWP mode. */
-    MBEDTLS_CIPHER_AES_256_KWP,          /**< AES cipher with 256-bit NIST KWP mode. */
+typedef enum
+{
+    MBEDTLS_CIPHER_NONE = 0, /**< Placeholder to mark the end of cipher-pair
+                                lists. */
+    MBEDTLS_CIPHER_NULL, /**< The identity stream cipher. */
+    MBEDTLS_CIPHER_AES_128_ECB, /**< AES cipher with 128-bit ECB mode. */
+    MBEDTLS_CIPHER_AES_192_ECB, /**< AES cipher with 192-bit ECB mode. */
+    MBEDTLS_CIPHER_AES_256_ECB, /**< AES cipher with 256-bit ECB mode. */
+    MBEDTLS_CIPHER_AES_128_CBC, /**< AES cipher with 128-bit CBC mode. */
+    MBEDTLS_CIPHER_AES_192_CBC, /**< AES cipher with 192-bit CBC mode. */
+    MBEDTLS_CIPHER_AES_256_CBC, /**< AES cipher with 256-bit CBC mode. */
+    MBEDTLS_CIPHER_AES_128_CFB128, /**< AES cipher with 128-bit CFB128 mode. */
+    MBEDTLS_CIPHER_AES_192_CFB128, /**< AES cipher with 192-bit CFB128 mode. */
+    MBEDTLS_CIPHER_AES_256_CFB128, /**< AES cipher with 256-bit CFB128 mode. */
+    MBEDTLS_CIPHER_AES_128_CTR, /**< AES cipher with 128-bit CTR mode. */
+    MBEDTLS_CIPHER_AES_192_CTR, /**< AES cipher with 192-bit CTR mode. */
+    MBEDTLS_CIPHER_AES_256_CTR, /**< AES cipher with 256-bit CTR mode. */
+    MBEDTLS_CIPHER_AES_128_GCM, /**< AES cipher with 128-bit GCM mode. */
+    MBEDTLS_CIPHER_AES_192_GCM, /**< AES cipher with 192-bit GCM mode. */
+    MBEDTLS_CIPHER_AES_256_GCM, /**< AES cipher with 256-bit GCM mode. */
+    MBEDTLS_CIPHER_CAMELLIA_128_ECB, /**< Camellia cipher with 128-bit ECB mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_192_ECB, /**< Camellia cipher with 192-bit ECB mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_256_ECB, /**< Camellia cipher with 256-bit ECB mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_128_CBC, /**< Camellia cipher with 128-bit CBC mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_192_CBC, /**< Camellia cipher with 192-bit CBC mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_256_CBC, /**< Camellia cipher with 256-bit CBC mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_128_CFB128, /**< Camellia cipher with 128-bit CFB128
+                                           mode. */
+    MBEDTLS_CIPHER_CAMELLIA_192_CFB128, /**< Camellia cipher with 192-bit CFB128
+                                           mode. */
+    MBEDTLS_CIPHER_CAMELLIA_256_CFB128, /**< Camellia cipher with 256-bit CFB128
+                                           mode. */
+    MBEDTLS_CIPHER_CAMELLIA_128_CTR, /**< Camellia cipher with 128-bit CTR mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_192_CTR, /**< Camellia cipher with 192-bit CTR mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_256_CTR, /**< Camellia cipher with 256-bit CTR mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_128_GCM, /**< Camellia cipher with 128-bit GCM mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_192_GCM, /**< Camellia cipher with 192-bit GCM mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_256_GCM, /**< Camellia cipher with 256-bit GCM mode.
+                                      */
+    MBEDTLS_CIPHER_DES_ECB, /**< DES cipher with ECB mode. */
+    MBEDTLS_CIPHER_DES_CBC, /**< DES cipher with CBC mode. */
+    MBEDTLS_CIPHER_DES_EDE_ECB, /**< DES cipher with EDE ECB mode. */
+    MBEDTLS_CIPHER_DES_EDE_CBC, /**< DES cipher with EDE CBC mode. */
+    MBEDTLS_CIPHER_DES_EDE3_ECB, /**< DES cipher with EDE3 ECB mode. */
+    MBEDTLS_CIPHER_DES_EDE3_CBC, /**< DES cipher with EDE3 CBC mode. */
+    MBEDTLS_CIPHER_AES_128_CCM, /**< AES cipher with 128-bit CCM mode. */
+    MBEDTLS_CIPHER_AES_192_CCM, /**< AES cipher with 192-bit CCM mode. */
+    MBEDTLS_CIPHER_AES_256_CCM, /**< AES cipher with 256-bit CCM mode. */
+    MBEDTLS_CIPHER_CAMELLIA_128_CCM, /**< Camellia cipher with 128-bit CCM mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_192_CCM, /**< Camellia cipher with 192-bit CCM mode.
+                                      */
+    MBEDTLS_CIPHER_CAMELLIA_256_CCM, /**< Camellia cipher with 256-bit CCM mode.
+                                      */
+    MBEDTLS_CIPHER_ARIA_128_ECB, /**< Aria cipher with 128-bit key and ECB mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_192_ECB, /**< Aria cipher with 192-bit key and ECB mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_256_ECB, /**< Aria cipher with 256-bit key and ECB mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_128_CBC, /**< Aria cipher with 128-bit key and CBC mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_192_CBC, /**< Aria cipher with 192-bit key and CBC mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_256_CBC, /**< Aria cipher with 256-bit key and CBC mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_128_CFB128, /**< Aria cipher with 128-bit key and
+                                       CFB-128 mode. */
+    MBEDTLS_CIPHER_ARIA_192_CFB128, /**< Aria cipher with 192-bit key and
+                                       CFB-128 mode. */
+    MBEDTLS_CIPHER_ARIA_256_CFB128, /**< Aria cipher with 256-bit key and
+                                       CFB-128 mode. */
+    MBEDTLS_CIPHER_ARIA_128_CTR, /**< Aria cipher with 128-bit key and CTR mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_192_CTR, /**< Aria cipher with 192-bit key and CTR mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_256_CTR, /**< Aria cipher with 256-bit key and CTR mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_128_GCM, /**< Aria cipher with 128-bit key and GCM mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_192_GCM, /**< Aria cipher with 192-bit key and GCM mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_256_GCM, /**< Aria cipher with 256-bit key and GCM mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_128_CCM, /**< Aria cipher with 128-bit key and CCM mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_192_CCM, /**< Aria cipher with 192-bit key and CCM mode.
+                                  */
+    MBEDTLS_CIPHER_ARIA_256_CCM, /**< Aria cipher with 256-bit key and CCM mode.
+                                  */
+    MBEDTLS_CIPHER_AES_128_OFB, /**< AES 128-bit cipher in OFB mode. */
+    MBEDTLS_CIPHER_AES_192_OFB, /**< AES 192-bit cipher in OFB mode. */
+    MBEDTLS_CIPHER_AES_256_OFB, /**< AES 256-bit cipher in OFB mode. */
+    MBEDTLS_CIPHER_AES_128_XTS, /**< AES 128-bit cipher in XTS block mode. */
+    MBEDTLS_CIPHER_AES_256_XTS, /**< AES 256-bit cipher in XTS block mode. */
+    MBEDTLS_CIPHER_CHACHA20, /**< ChaCha20 stream cipher. */
+    MBEDTLS_CIPHER_CHACHA20_POLY1305, /**< ChaCha20-Poly1305 AEAD cipher. */
+    MBEDTLS_CIPHER_AES_128_KW, /**< AES cipher with 128-bit NIST KW mode. */
+    MBEDTLS_CIPHER_AES_192_KW, /**< AES cipher with 192-bit NIST KW mode. */
+    MBEDTLS_CIPHER_AES_256_KW, /**< AES cipher with 256-bit NIST KW mode. */
+    MBEDTLS_CIPHER_AES_128_KWP, /**< AES cipher with 128-bit NIST KWP mode. */
+    MBEDTLS_CIPHER_AES_192_KWP, /**< AES cipher with 192-bit NIST KWP mode. */
+    MBEDTLS_CIPHER_AES_256_KWP, /**< AES cipher with 256-bit NIST KWP mode. */
 } mbedtls_cipher_type_t;
 
 /** Supported cipher modes. */
-typedef enum {
-    MBEDTLS_MODE_NONE = 0,               /**< None.                        */
-    MBEDTLS_MODE_ECB,                    /**< The ECB cipher mode.         */
-    MBEDTLS_MODE_CBC,                    /**< The CBC cipher mode.         */
-    MBEDTLS_MODE_CFB,                    /**< The CFB cipher mode.         */
-    MBEDTLS_MODE_OFB,                    /**< The OFB cipher mode.         */
-    MBEDTLS_MODE_CTR,                    /**< The CTR cipher mode.         */
-    MBEDTLS_MODE_GCM,                    /**< The GCM cipher mode.         */
-    MBEDTLS_MODE_STREAM,                 /**< The stream cipher mode.      */
-    MBEDTLS_MODE_CCM,                    /**< The CCM cipher mode.         */
-    MBEDTLS_MODE_XTS,                    /**< The XTS cipher mode.         */
-    MBEDTLS_MODE_CHACHAPOLY,             /**< The ChaCha-Poly cipher mode. */
-    MBEDTLS_MODE_KW,                     /**< The SP800-38F KW mode */
-    MBEDTLS_MODE_KWP,                    /**< The SP800-38F KWP mode */
+typedef enum
+{
+    MBEDTLS_MODE_NONE = 0, /**< None.                        */
+    MBEDTLS_MODE_ECB, /**< The ECB cipher mode.         */
+    MBEDTLS_MODE_CBC, /**< The CBC cipher mode.         */
+    MBEDTLS_MODE_CFB, /**< The CFB cipher mode.         */
+    MBEDTLS_MODE_OFB, /**< The OFB cipher mode.         */
+    MBEDTLS_MODE_CTR, /**< The CTR cipher mode.         */
+    MBEDTLS_MODE_GCM, /**< The GCM cipher mode.         */
+    MBEDTLS_MODE_STREAM, /**< The stream cipher mode.      */
+    MBEDTLS_MODE_CCM, /**< The CCM cipher mode.         */
+    MBEDTLS_MODE_XTS, /**< The XTS cipher mode.         */
+    MBEDTLS_MODE_CHACHAPOLY, /**< The ChaCha-Poly cipher mode. */
+    MBEDTLS_MODE_KW, /**< The SP800-38F KW mode */
+    MBEDTLS_MODE_KWP, /**< The SP800-38F KWP mode */
 } mbedtls_cipher_mode_t;
 
 /** Supported cipher padding types. */
-typedef enum {
-    MBEDTLS_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default).        */
+typedef enum
+{
+    MBEDTLS_PADDING_PKCS7 = 0, /**< PKCS7 padding (default).        */
     MBEDTLS_PADDING_ONE_AND_ZEROS, /**< ISO/IEC 7816-4 padding.         */
     MBEDTLS_PADDING_ZEROS_AND_LEN, /**< ANSI X.923 padding.             */
-    MBEDTLS_PADDING_ZEROS,         /**< Zero padding (not reversible). */
-    MBEDTLS_PADDING_NONE,          /**< Never pad (full blocks only).   */
+    MBEDTLS_PADDING_ZEROS, /**< Zero padding (not reversible). */
+    MBEDTLS_PADDING_NONE, /**< Never pad (full blocks only).   */
 } mbedtls_cipher_padding_t;
 
 /** Type of operation. */
-typedef enum {
+typedef enum
+{
     MBEDTLS_OPERATION_NONE = -1,
     MBEDTLS_DECRYPT = 0,
     MBEDTLS_ENCRYPT,
 } mbedtls_operation_t;
 
-enum {
+enum
+{
     /** Undefined key length. */
     MBEDTLS_KEY_LENGTH_NONE = 0,
     /** Key length, in bits (including parity), for DES keys. */
-    MBEDTLS_KEY_LENGTH_DES  = 64,
+    MBEDTLS_KEY_LENGTH_DES = 64,
     /** Key length in bits, including parity, for DES in two-key EDE. */
     MBEDTLS_KEY_LENGTH_DES_EDE = 128,
     /** Key length in bits, including parity, for DES in three-key EDE. */
@@ -226,13 +271,13 @@
 /* This should ideally be derived automatically from list of ciphers.
  * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
  * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_IV_LENGTH      16
+#define MBEDTLS_MAX_IV_LENGTH 16
 
 /** Maximum block size of any cipher, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
  * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
  * in library/ssl_misc.h. */
-#define MBEDTLS_MAX_BLOCK_LENGTH   16
+#define MBEDTLS_MAX_BLOCK_LENGTH 16
 
 /** Maximum key length, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
@@ -242,9 +287,9 @@
  * in library/ssl_misc.h, which however deliberately ignores the case of XTS
  * since the latter isn't used in SSL/TLS. */
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_MAX_KEY_LENGTH     64
+#    define MBEDTLS_MAX_KEY_LENGTH 64
 #else
-#define MBEDTLS_MAX_KEY_LENGTH     32
+#    define MBEDTLS_MAX_KEY_LENGTH 32
 #endif /* MBEDTLS_CIPHER_MODE_XTS */
 
 /**
@@ -261,8 +306,7 @@
  * Cipher information. Allows calling cipher functions
  * in a generic way.
  */
-typedef struct mbedtls_cipher_info_t
-{
+typedef struct mbedtls_cipher_info_t {
     /** Full cipher identifier. For example,
      * MBEDTLS_CIPHER_AES_256_CBC.
      */
@@ -278,7 +322,7 @@
     unsigned int MBEDTLS_PRIVATE(key_bitlen);
 
     /** Name of the cipher. */
-    const char * MBEDTLS_PRIVATE(name);
+    const char *MBEDTLS_PRIVATE(name);
 
     /** IV or nonce size, in Bytes.
      * For ciphers that accept variable IV sizes,
@@ -303,8 +347,7 @@
 /**
  * Generic cipher context.
  */
-typedef struct mbedtls_cipher_context_t
-{
+typedef struct mbedtls_cipher_context_t {
     /** Information about the associated cipher. */
     const mbedtls_cipher_info_t *MBEDTLS_PRIVATE(cipher_info);
 
@@ -320,8 +363,12 @@
     /** Padding functions to use, if relevant for
      * the specific cipher mode.
      */
-    void (*MBEDTLS_PRIVATE(add_padding))( unsigned char *output, size_t olen, size_t data_len );
-    int (*MBEDTLS_PRIVATE(get_padding))( unsigned char *input, size_t ilen, size_t *data_len );
+    void (*MBEDTLS_PRIVATE(add_padding))(unsigned char *output,
+                                         size_t olen,
+                                         size_t data_len);
+    int (*MBEDTLS_PRIVATE(get_padding))(unsigned char *input,
+                                        size_t ilen,
+                                        size_t *data_len);
 #endif
 
     /** Buffer for input that has not been processed yet. */
@@ -371,7 +418,7 @@
  * \return      A statically-allocated array of cipher identifiers
  *              of type cipher_type_t. The last entry is zero.
  */
-const int *mbedtls_cipher_list( void );
+const int *mbedtls_cipher_list(void);
 
 /**
  * \brief               This function retrieves the cipher-information
@@ -384,7 +431,8 @@
  *                      given \p cipher_name.
  * \return              \c NULL if the associated cipher information is not found.
  */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_string( const char *cipher_name );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_string(const char *cipher_name);
 
 /**
  * \brief               This function retrieves the cipher-information
@@ -396,7 +444,8 @@
  *                      given \p cipher_type.
  * \return              \c NULL if the associated cipher information is not found.
  */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_type( const mbedtls_cipher_type_t cipher_type );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_type(const mbedtls_cipher_type_t cipher_type);
 
 /**
  * \brief               This function retrieves the cipher-information
@@ -412,16 +461,17 @@
  *                      given \p cipher_id.
  * \return              \c NULL if the associated cipher information is not found.
  */
-const mbedtls_cipher_info_t *mbedtls_cipher_info_from_values( const mbedtls_cipher_id_t cipher_id,
-                                              int key_bitlen,
-                                              const mbedtls_cipher_mode_t mode );
+const mbedtls_cipher_info_t *
+mbedtls_cipher_info_from_values(const mbedtls_cipher_id_t cipher_id,
+                                int key_bitlen,
+                                const mbedtls_cipher_mode_t mode);
 
 /**
  * \brief               This function initializes a \p cipher_context as NONE.
  *
  * \param ctx           The context to be initialized. This must not be \c NULL.
  */
-void mbedtls_cipher_init( mbedtls_cipher_context_t *ctx );
+void mbedtls_cipher_init(mbedtls_cipher_context_t *ctx);
 
 /**
  * \brief               This function frees and clears the cipher-specific
@@ -432,8 +482,7 @@
  *                      function has no effect, otherwise this must point to an
  *                      initialized context.
  */
-void mbedtls_cipher_free( mbedtls_cipher_context_t *ctx );
-
+void mbedtls_cipher_free(mbedtls_cipher_context_t *ctx);
 
 /**
  * \brief               This function prepares a cipher context for
@@ -461,8 +510,8 @@
  * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
  *                      cipher-specific context fails.
  */
-int mbedtls_cipher_setup( mbedtls_cipher_context_t *ctx,
-                          const mbedtls_cipher_info_t *cipher_info );
+int mbedtls_cipher_setup(mbedtls_cipher_context_t *ctx,
+                         const mbedtls_cipher_info_t *cipher_info);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
@@ -486,9 +535,9 @@
  * \return              #MBEDTLS_ERR_CIPHER_ALLOC_FAILED if allocation of the
  *                      cipher-specific context fails.
  */
-int mbedtls_cipher_setup_psa( mbedtls_cipher_context_t *ctx,
-                              const mbedtls_cipher_info_t *cipher_info,
-                              size_t taglen );
+int mbedtls_cipher_setup_psa(mbedtls_cipher_context_t *ctx,
+                             const mbedtls_cipher_info_t *cipher_info,
+                             size_t taglen);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /**
@@ -499,11 +548,11 @@
  * \return       The block size of the underlying cipher.
  * \return       \c 0 if \p ctx has not been initialized.
  */
-static inline unsigned int mbedtls_cipher_get_block_size(
-    const mbedtls_cipher_context_t *ctx )
+static inline unsigned int
+mbedtls_cipher_get_block_size(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return 0;
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(block_size);
@@ -518,11 +567,11 @@
  * \return       The mode of operation.
  * \return       #MBEDTLS_MODE_NONE if \p ctx has not been initialized.
  */
-static inline mbedtls_cipher_mode_t mbedtls_cipher_get_cipher_mode(
-    const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_mode_t
+mbedtls_cipher_get_cipher_mode(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, MBEDTLS_MODE_NONE );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_MODE_NONE);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return MBEDTLS_MODE_NONE;
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(mode);
@@ -538,17 +587,17 @@
  * \return      \c 0 for ciphers not using an IV or a nonce.
  * \return      The actual size if an IV has been set.
  */
-static inline int mbedtls_cipher_get_iv_size(
-    const mbedtls_cipher_context_t *ctx )
+static inline int
+mbedtls_cipher_get_iv_size(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return 0;
 
-    if( ctx->MBEDTLS_PRIVATE(iv_size) != 0 )
-        return (int) ctx->MBEDTLS_PRIVATE(iv_size);
+    if (ctx->MBEDTLS_PRIVATE(iv_size) != 0)
+        return (int)ctx->MBEDTLS_PRIVATE(iv_size);
 
-    return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
+    return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(iv_size);
 }
 
 /**
@@ -559,12 +608,11 @@
  * \return              The type of the cipher.
  * \return              #MBEDTLS_CIPHER_NONE if \p ctx has not been initialized.
  */
-static inline mbedtls_cipher_type_t mbedtls_cipher_get_type(
-    const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_cipher_type_t
+mbedtls_cipher_get_type(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_CIPHER_NONE );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_CIPHER_NONE);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return MBEDTLS_CIPHER_NONE;
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(type);
@@ -579,11 +627,11 @@
  * \return              The name of the cipher.
  * \return              NULL if \p ctx has not been not initialized.
  */
-static inline const char *mbedtls_cipher_get_name(
-    const mbedtls_cipher_context_t *ctx )
+static inline const char *
+mbedtls_cipher_get_name(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET( ctx != NULL, 0 );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, 0);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return 0;
 
     return ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(name);
@@ -598,15 +646,14 @@
  * \return              #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
  *                      initialized.
  */
-static inline int mbedtls_cipher_get_key_bitlen(
-    const mbedtls_cipher_context_t *ctx )
+static inline int
+mbedtls_cipher_get_key_bitlen(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_KEY_LENGTH_NONE );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_KEY_LENGTH_NONE);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return MBEDTLS_KEY_LENGTH_NONE;
 
-    return (int) ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
+    return (int)ctx->MBEDTLS_PRIVATE(cipher_info)->MBEDTLS_PRIVATE(key_bitlen);
 }
 
 /**
@@ -617,12 +664,11 @@
  * \return         The type of operation: #MBEDTLS_ENCRYPT or #MBEDTLS_DECRYPT.
  * \return         #MBEDTLS_OPERATION_NONE if \p ctx has not been initialized.
  */
-static inline mbedtls_operation_t mbedtls_cipher_get_operation(
-    const mbedtls_cipher_context_t *ctx )
+static inline mbedtls_operation_t
+mbedtls_cipher_get_operation(const mbedtls_cipher_context_t *ctx)
 {
-    MBEDTLS_INTERNAL_VALIDATE_RET(
-        ctx != NULL, MBEDTLS_OPERATION_NONE );
-    if( ctx->MBEDTLS_PRIVATE(cipher_info) == NULL )
+    MBEDTLS_INTERNAL_VALIDATE_RET(ctx != NULL, MBEDTLS_OPERATION_NONE);
+    if (ctx->MBEDTLS_PRIVATE(cipher_info) == NULL)
         return MBEDTLS_OPERATION_NONE;
 
     return ctx->MBEDTLS_PRIVATE(operation);
@@ -644,10 +690,10 @@
  *                      parameter-verification failure.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_setkey( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *key,
-                           int key_bitlen,
-                           const mbedtls_operation_t operation );
+int mbedtls_cipher_setkey(mbedtls_cipher_context_t *ctx,
+                          const unsigned char *key,
+                          int key_bitlen,
+                          const mbedtls_operation_t operation);
 
 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
 /**
@@ -666,8 +712,8 @@
  * \return              #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA if the cipher mode
  *                      does not support padding.
  */
-int mbedtls_cipher_set_padding_mode( mbedtls_cipher_context_t *ctx,
-                                     mbedtls_cipher_padding_t mode );
+int mbedtls_cipher_set_padding_mode(mbedtls_cipher_context_t *ctx,
+                                    mbedtls_cipher_padding_t mode);
 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
 
 /**
@@ -688,9 +734,9 @@
  * \return          #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
  *                  parameter-verification failure.
  */
-int mbedtls_cipher_set_iv( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *iv,
-                           size_t iv_len );
+int mbedtls_cipher_set_iv(mbedtls_cipher_context_t *ctx,
+                          const unsigned char *iv,
+                          size_t iv_len);
 
 /**
  * \brief         This function resets the cipher state.
@@ -724,7 +770,7 @@
  * \return        #MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA on
  *                parameter-verification failure.
  */
-int mbedtls_cipher_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_reset(mbedtls_cipher_context_t *ctx);
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /**
@@ -739,8 +785,9 @@
  * \return              \c 0 on success.
  * \return              A specific error code on failure.
  */
-int mbedtls_cipher_update_ad( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *ad, size_t ad_len );
+int mbedtls_cipher_update_ad(mbedtls_cipher_context_t *ctx,
+                             const unsigned char *ad,
+                             size_t ad_len);
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /**
@@ -772,10 +819,11 @@
  *                      unsupported mode for a cipher.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_update( mbedtls_cipher_context_t *ctx,
-                           const unsigned char *input,
-                           size_t ilen, unsigned char *output,
-                           size_t *olen );
+int mbedtls_cipher_update(mbedtls_cipher_context_t *ctx,
+                          const unsigned char *input,
+                          size_t ilen,
+                          unsigned char *output,
+                          size_t *olen);
 
 /**
  * \brief               The generic cipher finalization function. If data still
@@ -799,8 +847,9 @@
  *                      while decrypting.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_finish( mbedtls_cipher_context_t *ctx,
-                   unsigned char *output, size_t *olen );
+int mbedtls_cipher_finish(mbedtls_cipher_context_t *ctx,
+                          unsigned char *output,
+                          size_t *olen);
 
 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
 /**
@@ -819,8 +868,9 @@
  * \return              \c 0 on success.
  * \return              A specific error code on failure.
  */
-int mbedtls_cipher_write_tag( mbedtls_cipher_context_t *ctx,
-                      unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_write_tag(mbedtls_cipher_context_t *ctx,
+                             unsigned char *tag,
+                             size_t tag_len);
 
 /**
  * \brief               This function checks the tag for AEAD ciphers.
@@ -835,8 +885,9 @@
  * \return              \c 0 on success.
  * \return              A specific error code on failure.
  */
-int mbedtls_cipher_check_tag( mbedtls_cipher_context_t *ctx,
-                      const unsigned char *tag, size_t tag_len );
+int mbedtls_cipher_check_tag(mbedtls_cipher_context_t *ctx,
+                             const unsigned char *tag,
+                             size_t tag_len);
 #endif /* MBEDTLS_GCM_C || MBEDTLS_CHACHAPOLY_C */
 
 /**
@@ -872,10 +923,13 @@
  *                      while decrypting.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_crypt( mbedtls_cipher_context_t *ctx,
-                  const unsigned char *iv, size_t iv_len,
-                  const unsigned char *input, size_t ilen,
-                  unsigned char *output, size_t *olen );
+int mbedtls_cipher_crypt(mbedtls_cipher_context_t *ctx,
+                         const unsigned char *iv,
+                         size_t iv_len,
+                         const unsigned char *input,
+                         size_t ilen,
+                         unsigned char *output,
+                         size_t *olen);
 
 #if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
 /**
@@ -922,12 +976,17 @@
  *                      parameter-verification failure.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_auth_encrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_encrypt_ext(mbedtls_cipher_context_t *ctx,
+                                    const unsigned char *iv,
+                                    size_t iv_len,
+                                    const unsigned char *ad,
+                                    size_t ad_len,
+                                    const unsigned char *input,
+                                    size_t ilen,
+                                    unsigned char *output,
+                                    size_t output_len,
+                                    size_t *olen,
+                                    size_t tag_len);
 
 /**
  * \brief               The authenticated encryption (AEAD/NIST_KW) function.
@@ -978,12 +1037,17 @@
  * \return              #MBEDTLS_ERR_CIPHER_AUTH_FAILED if data is not authentic.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_auth_decrypt_ext( mbedtls_cipher_context_t *ctx,
-                         const unsigned char *iv, size_t iv_len,
-                         const unsigned char *ad, size_t ad_len,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output, size_t output_len,
-                         size_t *olen, size_t tag_len );
+int mbedtls_cipher_auth_decrypt_ext(mbedtls_cipher_context_t *ctx,
+                                    const unsigned char *iv,
+                                    size_t iv_len,
+                                    const unsigned char *ad,
+                                    size_t ad_len,
+                                    const unsigned char *input,
+                                    size_t ilen,
+                                    unsigned char *output,
+                                    size_t output_len,
+                                    size_t *olen,
+                                    size_t tag_len);
 #endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h
index 887c7cc..938b6b4 100644
--- a/include/mbedtls/cmac.h
+++ b/include/mbedtls/cmac.h
@@ -35,15 +35,15 @@
 extern "C" {
 #endif
 
-#define MBEDTLS_AES_BLOCK_SIZE          16
-#define MBEDTLS_DES3_BLOCK_SIZE         8
+#define MBEDTLS_AES_BLOCK_SIZE  16
+#define MBEDTLS_DES3_BLOCK_SIZE 8
 
 #if defined(MBEDTLS_AES_C)
 /** The longest block used by CMAC is that of AES. */
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      16
+#    define MBEDTLS_CIPHER_BLKSIZE_MAX 16
 #else
 /** The longest block used by CMAC is that of 3DES. */
-#define MBEDTLS_CIPHER_BLKSIZE_MAX      8
+#    define MBEDTLS_CIPHER_BLKSIZE_MAX 8
 #endif
 
 #if !defined(MBEDTLS_CMAC_ALT)
@@ -51,21 +51,20 @@
 /**
  * The CMAC context structure.
  */
-struct mbedtls_cmac_context_t
-{
+struct mbedtls_cmac_context_t {
     /** The internal state of the CMAC algorithm.  */
-    unsigned char       MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+    unsigned char MBEDTLS_PRIVATE(state)[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     /** Unprocessed data - either data that was not block aligned and is still
      *  pending processing, or the final block. */
-    unsigned char       MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
+    unsigned char MBEDTLS_PRIVATE(unprocessed_block)[MBEDTLS_CIPHER_BLKSIZE_MAX];
 
     /** The length of data pending processing. */
-    size_t              MBEDTLS_PRIVATE(unprocessed_len);
+    size_t MBEDTLS_PRIVATE(unprocessed_len);
 };
 
-#else  /* !MBEDTLS_CMAC_ALT */
-#include "cmac_alt.h"
+#else /* !MBEDTLS_CMAC_ALT */
+#    include "cmac_alt.h"
 #endif /* !MBEDTLS_CMAC_ALT */
 
 /**
@@ -90,8 +89,9 @@
  * \return              \c 0 on success.
  * \return              A cipher-specific error code on failure.
  */
-int mbedtls_cipher_cmac_starts( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *key, size_t keybits );
+int mbedtls_cipher_cmac_starts(mbedtls_cipher_context_t *ctx,
+                               const unsigned char *key,
+                               size_t keybits);
 
 /**
  * \brief               This function feeds an input buffer into an ongoing CMAC
@@ -109,8 +109,9 @@
  * \return             #MBEDTLS_ERR_MD_BAD_INPUT_DATA
  *                     if parameter verification fails.
  */
-int mbedtls_cipher_cmac_update( mbedtls_cipher_context_t *ctx,
-                                const unsigned char *input, size_t ilen );
+int mbedtls_cipher_cmac_update(mbedtls_cipher_context_t *ctx,
+                               const unsigned char *input,
+                               size_t ilen);
 
 /**
  * \brief               This function finishes the CMAC operation, and writes
@@ -127,8 +128,8 @@
  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
  *                      if parameter verification fails.
  */
-int mbedtls_cipher_cmac_finish( mbedtls_cipher_context_t *ctx,
-                                unsigned char *output );
+int mbedtls_cipher_cmac_finish(mbedtls_cipher_context_t *ctx,
+                               unsigned char *output);
 
 /**
  * \brief               This function prepares the authentication of another
@@ -144,7 +145,7 @@
  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
  *                      if parameter verification fails.
  */
-int mbedtls_cipher_cmac_reset( mbedtls_cipher_context_t *ctx );
+int mbedtls_cipher_cmac_reset(mbedtls_cipher_context_t *ctx);
 
 /**
  * \brief               This function calculates the full generic CMAC
@@ -173,10 +174,12 @@
  * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA
  *                      if parameter verification fails.
  */
-int mbedtls_cipher_cmac( const mbedtls_cipher_info_t *cipher_info,
-                         const unsigned char *key, size_t keylen,
-                         const unsigned char *input, size_t ilen,
-                         unsigned char *output );
+int mbedtls_cipher_cmac(const mbedtls_cipher_info_t *cipher_info,
+                        const unsigned char *key,
+                        size_t keylen,
+                        const unsigned char *input,
+                        size_t ilen,
+                        unsigned char *output);
 
 #if defined(MBEDTLS_AES_C)
 /**
@@ -196,12 +199,15 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
-                              const unsigned char *input, size_t in_len,
-                              unsigned char output[16] );
+int mbedtls_aes_cmac_prf_128(const unsigned char *key,
+                             size_t key_len,
+                             const unsigned char *input,
+                             size_t in_len,
+                             unsigned char output[16]);
 #endif /* MBEDTLS_AES_C */
 
-#if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) )
+#if defined(MBEDTLS_SELF_TEST) && \
+    (defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C))
 /**
  * \brief          The CMAC checkup routine.
  *
@@ -215,7 +221,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_cmac_self_test( int verbose );
+int mbedtls_cmac_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST && ( MBEDTLS_AES_C || MBEDTLS_DES_C ) */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/compat-2.x.h b/include/mbedtls/compat-2.x.h
index cdf81dc..72c8383 100644
--- a/include/mbedtls/compat-2.x.h
+++ b/include/mbedtls/compat-2.x.h
@@ -23,36 +23,36 @@
  */
 
 #if defined(MBEDTLS_DEPRECATED_WARNING)
-#warning "Including compat-2.x.h is deprecated"
+#    warning "Including compat-2.x.h is deprecated"
 #endif
 
 #ifndef MBEDTLS_COMPAT2X_H
-#define MBEDTLS_COMPAT2X_H
+#    define MBEDTLS_COMPAT2X_H
 
 /*
  * Macros for renamed functions
  */
-#define mbedtls_ctr_drbg_update_ret   mbedtls_ctr_drbg_update
-#define mbedtls_hmac_drbg_update_ret  mbedtls_hmac_drbg_update
-#define mbedtls_md5_starts_ret        mbedtls_md5_starts
-#define mbedtls_md5_update_ret        mbedtls_md5_update
-#define mbedtls_md5_finish_ret        mbedtls_md5_finish
-#define mbedtls_md5_ret               mbedtls_md5
-#define mbedtls_ripemd160_starts_ret  mbedtls_ripemd160_starts
-#define mbedtls_ripemd160_update_ret  mbedtls_ripemd160_update
-#define mbedtls_ripemd160_finish_ret  mbedtls_ripemd160_finish
-#define mbedtls_ripemd160_ret         mbedtls_ripemd160
-#define mbedtls_sha1_starts_ret       mbedtls_sha1_starts
-#define mbedtls_sha1_update_ret       mbedtls_sha1_update
-#define mbedtls_sha1_finish_ret       mbedtls_sha1_finish
-#define mbedtls_sha1_ret              mbedtls_sha1
-#define mbedtls_sha256_starts_ret     mbedtls_sha256_starts
-#define mbedtls_sha256_update_ret     mbedtls_sha256_update
-#define mbedtls_sha256_finish_ret     mbedtls_sha256_finish
-#define mbedtls_sha256_ret            mbedtls_sha256
-#define mbedtls_sha512_starts_ret     mbedtls_sha512_starts
-#define mbedtls_sha512_update_ret     mbedtls_sha512_update
-#define mbedtls_sha512_finish_ret     mbedtls_sha512_finish
-#define mbedtls_sha512_ret            mbedtls_sha512
+#    define mbedtls_ctr_drbg_update_ret  mbedtls_ctr_drbg_update
+#    define mbedtls_hmac_drbg_update_ret mbedtls_hmac_drbg_update
+#    define mbedtls_md5_starts_ret       mbedtls_md5_starts
+#    define mbedtls_md5_update_ret       mbedtls_md5_update
+#    define mbedtls_md5_finish_ret       mbedtls_md5_finish
+#    define mbedtls_md5_ret              mbedtls_md5
+#    define mbedtls_ripemd160_starts_ret mbedtls_ripemd160_starts
+#    define mbedtls_ripemd160_update_ret mbedtls_ripemd160_update
+#    define mbedtls_ripemd160_finish_ret mbedtls_ripemd160_finish
+#    define mbedtls_ripemd160_ret        mbedtls_ripemd160
+#    define mbedtls_sha1_starts_ret      mbedtls_sha1_starts
+#    define mbedtls_sha1_update_ret      mbedtls_sha1_update
+#    define mbedtls_sha1_finish_ret      mbedtls_sha1_finish
+#    define mbedtls_sha1_ret             mbedtls_sha1
+#    define mbedtls_sha256_starts_ret    mbedtls_sha256_starts
+#    define mbedtls_sha256_update_ret    mbedtls_sha256_update
+#    define mbedtls_sha256_finish_ret    mbedtls_sha256_finish
+#    define mbedtls_sha256_ret           mbedtls_sha256
+#    define mbedtls_sha512_starts_ret    mbedtls_sha512_starts
+#    define mbedtls_sha512_update_ret    mbedtls_sha512_update
+#    define mbedtls_sha512_finish_ret    mbedtls_sha512_finish
+#    define mbedtls_sha512_ret           mbedtls_sha512
 
 #endif /* MBEDTLS_COMPAT2X_H */
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 9080cd1..c50bf0d 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -31,475 +31,473 @@
 #define MBEDTLS_CONFIG_PSA_H
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
-#include "psa/crypto_config.h"
+#    include "psa/crypto_config.h"
 #endif /* defined(MBEDTLS_PSA_CRYPTO_CONFIG) */
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-
-
 /****************************************************************/
 /* De facto synonyms */
 /****************************************************************/
 
 #if defined(PSA_WANT_ALG_ECDSA_ANY) && !defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
+#    define PSA_WANT_ALG_ECDSA PSA_WANT_ALG_ECDSA_ANY
 #elif !defined(PSA_WANT_ALG_ECDSA_ANY) && defined(PSA_WANT_ALG_ECDSA)
-#define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
+#    define PSA_WANT_ALG_ECDSA_ANY PSA_WANT_ALG_ECDSA
 #endif
 
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
-#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
+#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && \
+    !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#    define PSA_WANT_ALG_RSA_PKCS1V15_SIGN PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW
+#elif !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW) && \
+    defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#    define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW PSA_WANT_ALG_RSA_PKCS1V15_SIGN
 #endif
 
-
-
 /****************************************************************/
 /* Require built-in implementations based on PSA requirements */
 /****************************************************************/
 
 #if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
 
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define MBEDTLS_ECDSA_DETERMINISTIC
-#define MBEDTLS_ECDSA_C
-#define MBEDTLS_HMAC_DRBG_C
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
-#endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
+#    if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
+#            define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#            define MBEDTLS_ECDSA_DETERMINISTIC
+#            define MBEDTLS_ECDSA_C
+#            define MBEDTLS_HMAC_DRBG_C
+#            define MBEDTLS_MD_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA */
+#    endif /* PSA_WANT_ALG_DETERMINISTIC_ECDSA */
 
-#if defined(PSA_WANT_ALG_ECDH)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define MBEDTLS_ECDH_C
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
-#endif /* PSA_WANT_ALG_ECDH */
+#    if defined(PSA_WANT_ALG_ECDH)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
+#            define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#            define MBEDTLS_ECDH_C
+#            define MBEDTLS_ECP_C
+#            define MBEDTLS_BIGNUM_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDH */
+#    endif /* PSA_WANT_ALG_ECDH */
 
-#if defined(PSA_WANT_ALG_ECDSA)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define MBEDTLS_ECDSA_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
-#endif /* PSA_WANT_ALG_ECDSA */
+#    if defined(PSA_WANT_ALG_ECDSA)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
+#            define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#            define MBEDTLS_ECDSA_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_ECDSA */
+#    endif /* PSA_WANT_ALG_ECDSA */
 
-#if defined(PSA_WANT_ALG_HKDF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
-#endif /* PSA_WANT_ALG_HKDF */
+#    if defined(PSA_WANT_ALG_HKDF)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+#            define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#            define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
+#    endif /* PSA_WANT_ALG_HKDF */
 
-#if defined(PSA_WANT_ALG_HMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
-#endif /* PSA_WANT_ALG_HMAC */
+#    if defined(PSA_WANT_ALG_HMAC)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
+#            define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_HMAC */
+#    endif /* PSA_WANT_ALG_HMAC */
 
-#if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define MBEDTLS_MD5_C
-#endif
+#    if defined(PSA_WANT_ALG_MD5) && !defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
+#        define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#        define MBEDTLS_MD5_C
+#    endif
 
-#if defined(PSA_WANT_ALG_RIPEMD160) && !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define MBEDTLS_RIPEMD160_C
-#endif
+#    if defined(PSA_WANT_ALG_RIPEMD160) && \
+        !defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
+#        define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#        define MBEDTLS_RIPEMD160_C
+#    endif
 
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
-#endif /* PSA_WANT_ALG_RSA_OAEP */
+#    if defined(PSA_WANT_ALG_RSA_OAEP)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_PKCS1_V21
+#            define MBEDTLS_MD_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP */
+#    endif /* PSA_WANT_ALG_RSA_OAEP */
 
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
+#    if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_PKCS1_V15
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT */
+#    endif /* PSA_WANT_ALG_RSA_PKCS1V15_CRYPT */
 
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V15
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
-#endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
+#    if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_PKCS1_V15
+#            define MBEDTLS_MD_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN */
+#    endif /* PSA_WANT_ALG_RSA_PKCS1V15_SIGN */
 
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PKCS1_V21
-#define MBEDTLS_MD_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
-#endif /* PSA_WANT_ALG_RSA_PSS */
+#    if defined(PSA_WANT_ALG_RSA_PSS)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_PKCS1_V21
+#            define MBEDTLS_MD_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_RSA_PSS */
+#    endif /* PSA_WANT_ALG_RSA_PSS */
 
-#if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define MBEDTLS_SHA1_C
-#endif
+#    if defined(PSA_WANT_ALG_SHA_1) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#        define MBEDTLS_SHA1_C
+#    endif
 
-#if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define MBEDTLS_SHA224_C
-#endif
+#    if defined(PSA_WANT_ALG_SHA_224) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#        define MBEDTLS_SHA224_C
+#    endif
 
-#if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_SHA256_C
-#endif
+#    if defined(PSA_WANT_ALG_SHA_256) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#        define MBEDTLS_SHA256_C
+#    endif
 
-#if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define MBEDTLS_SHA384_C
-#endif
+#    if defined(PSA_WANT_ALG_SHA_384) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#        define MBEDTLS_SHA384_C
+#    endif
 
-#if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define MBEDTLS_SHA512_C
-#endif
+#    if defined(PSA_WANT_ALG_SHA_512) && !defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#        define MBEDTLS_SHA512_C
+#    endif
 
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
-#endif /* PSA_WANT_ALG_TLS12_PRF */
+#    if defined(PSA_WANT_ALG_TLS12_PRF)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
+#            define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF */
+#    endif /* PSA_WANT_ALG_TLS12_PRF */
 
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
-#endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
+#    if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
+#            define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS */
+#    endif /* PSA_WANT_ALG_TLS12_PSK_TO_MS */
 
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
+#    if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
+#            define MBEDTLS_ECP_C
+#            define MBEDTLS_BIGNUM_C
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR */
+#    endif /* PSA_WANT_KEY_TYPE_ECC_KEY_PAIR */
 
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define MBEDTLS_ECP_C
-#define MBEDTLS_BIGNUM_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
+#    if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#            define MBEDTLS_ECP_C
+#            define MBEDTLS_BIGNUM_C
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY */
+#    endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY */
 
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_GENPRIME
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
-#endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
+#    if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_GENPRIME
+#            define MBEDTLS_PK_PARSE_C
+#            define MBEDTLS_PK_WRITE_C
+#            define MBEDTLS_PK_C
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR */
+#    endif /* PSA_WANT_KEY_TYPE_RSA_KEY_PAIR */
 
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define MBEDTLS_RSA_C
-#define MBEDTLS_BIGNUM_C
-#define MBEDTLS_OID_C
-#define MBEDTLS_PK_PARSE_C
-#define MBEDTLS_PK_WRITE_C
-#define MBEDTLS_PK_C
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
-#endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
+#    if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#            define MBEDTLS_RSA_C
+#            define MBEDTLS_BIGNUM_C
+#            define MBEDTLS_OID_C
+#            define MBEDTLS_PK_PARSE_C
+#            define MBEDTLS_PK_WRITE_C
+#            define MBEDTLS_PK_C
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY */
+#    endif /* PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY */
 
 /* If any of the block modes are requested that don't have an
  * associated HW assist, define PSA_HAVE_SOFT_BLOCK_MODE for checking
  * in the block cipher key types. */
-#if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
-    (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
-    (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
-    (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
-    defined(PSA_WANT_ALG_ECB_NO_PADDING) || \
-    (defined(PSA_WANT_ALG_CBC_NO_PADDING) && \
-     !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) || \
-    (defined(PSA_WANT_ALG_CBC_PKCS7) && \
-     !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) || \
-    (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
-#define PSA_HAVE_SOFT_BLOCK_MODE 1
-#endif
+#    if (defined(PSA_WANT_ALG_CTR) && !defined(MBEDTLS_PSA_ACCEL_ALG_CTR)) || \
+        (defined(PSA_WANT_ALG_CFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_CFB)) || \
+        (defined(PSA_WANT_ALG_OFB) && !defined(MBEDTLS_PSA_ACCEL_ALG_OFB)) || \
+        (defined(PSA_WANT_ALG_XTS) && !defined(MBEDTLS_PSA_ACCEL_ALG_XTS)) || \
+        defined(PSA_WANT_ALG_ECB_NO_PADDING) ||                               \
+        (defined(PSA_WANT_ALG_CBC_NO_PADDING) &&                              \
+         !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)) ||                   \
+        (defined(PSA_WANT_ALG_CBC_PKCS7) &&                                   \
+         !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)) ||                        \
+        (defined(PSA_WANT_ALG_CMAC) && !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC))
+#        define PSA_HAVE_SOFT_BLOCK_MODE 1
+#    endif
 
-#if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
-    (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
-#define PSA_HAVE_SOFT_BLOCK_AEAD 1
-#endif
+#    if (defined(PSA_WANT_ALG_GCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_GCM)) || \
+        (defined(PSA_WANT_ALG_CCM) && !defined(MBEDTLS_PSA_ACCEL_ALG_CCM))
+#        define PSA_HAVE_SOFT_BLOCK_AEAD 1
+#    endif
 
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define PSA_HAVE_SOFT_KEY_TYPE_AES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
-    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#define MBEDTLS_AES_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_AES */
+#    if defined(PSA_WANT_KEY_TYPE_AES)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
+#            define PSA_HAVE_SOFT_KEY_TYPE_AES 1
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_AES */
+#        if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+            defined(PSA_HAVE_SOFT_BLOCK_MODE) ||   \
+            defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#            define MBEDTLS_AES_C
+#        endif /* PSA_HAVE_SOFT_KEY_TYPE_AES || PSA_HAVE_SOFT_BLOCK_MODE */
+#    endif /* PSA_WANT_KEY_TYPE_AES */
 
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE) || \
-    defined(PSA_HAVE_SOFT_BLOCK_AEAD)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_CAMELLIA_C
-#endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
+#    if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
+#            define PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA 1
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA */
+#        if defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA) || \
+            defined(PSA_HAVE_SOFT_BLOCK_MODE) ||        \
+            defined(PSA_HAVE_SOFT_BLOCK_AEAD)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#            define MBEDTLS_CAMELLIA_C
+#        endif /* PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA || PSA_HAVE_SOFT_BLOCK_MODE \
+                */
+#    endif /* PSA_WANT_KEY_TYPE_CAMELLIA */
 
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#define PSA_HAVE_SOFT_KEY_TYPE_DES 1
-#endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
-    defined(PSA_HAVE_SOFT_BLOCK_MODE)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#define MBEDTLS_DES_C
-#endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
-#endif /* PSA_WANT_KEY_TYPE_DES */
+#    if defined(PSA_WANT_KEY_TYPE_DES)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
+#            define PSA_HAVE_SOFT_KEY_TYPE_DES 1
+#        endif /* !MBEDTLS_PSA_ACCEL_KEY_TYPE_DES */
+#        if defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+            defined(PSA_HAVE_SOFT_BLOCK_MODE)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#            define MBEDTLS_DES_C
+#        endif /*PSA_HAVE_SOFT_KEY_TYPE_DES || PSA_HAVE_SOFT_BLOCK_MODE */
+#    endif /* PSA_WANT_KEY_TYPE_DES */
 
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_CHACHA20_C
-#endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+#    if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#        if !defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
+#            define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+#            define MBEDTLS_CHACHA20_C
+#        endif /*!MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 */
+#    endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
 
 /* If any of the software block ciphers are selected, define
  * PSA_HAVE_SOFT_BLOCK_CIPHER, which can be used in any of these
  * situations. */
-#if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define PSA_HAVE_SOFT_BLOCK_CIPHER 1
-#endif
+#    if defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+        defined(PSA_HAVE_SOFT_KEY_TYPE_DES) || \
+        defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#        define PSA_HAVE_SOFT_BLOCK_CIPHER 1
+#    endif
 
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#endif /* PSA_WANT_ALG_STREAM_CIPHER */
+#    if defined(PSA_WANT_ALG_STREAM_CIPHER)
+#        define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#    endif /* PSA_WANT_ALG_STREAM_CIPHER */
 
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
-#endif /* PSA_WANT_ALG_CBC_MAC */
+#    if defined(PSA_WANT_ALG_CBC_MAC)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
+#            error "CBC-MAC is not yet supported via the PSA API in Mbed TLS."
+#            define MBEDTLS_PSA_BUILTIN_ALG_CBC_MAC 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_CBC_MAC */
+#    endif /* PSA_WANT_ALG_CBC_MAC */
 
-#if defined(PSA_WANT_ALG_CMAC)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define MBEDTLS_CMAC_C
-#endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
-#endif /* PSA_WANT_ALG_CMAC */
+#    if defined(PSA_WANT_ALG_CMAC)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CMAC) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#            define MBEDTLS_CMAC_C
+#        endif /* !MBEDTLS_PSA_ACCEL_ALG_CMAC */
+#    endif /* PSA_WANT_ALG_CMAC */
 
-#if defined(PSA_WANT_ALG_CTR)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define MBEDTLS_CIPHER_MODE_CTR
-#endif
-#endif /* PSA_WANT_ALG_CTR */
+#    if defined(PSA_WANT_ALG_CTR)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CTR) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#            define MBEDTLS_CIPHER_MODE_CTR
+#        endif
+#    endif /* PSA_WANT_ALG_CTR */
 
-#if defined(PSA_WANT_ALG_CFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define MBEDTLS_CIPHER_MODE_CFB
-#endif
-#endif /* PSA_WANT_ALG_CFB */
+#    if defined(PSA_WANT_ALG_CFB)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CFB) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#            define MBEDTLS_CIPHER_MODE_CFB
+#        endif
+#    endif /* PSA_WANT_ALG_CFB */
 
-#if defined(PSA_WANT_ALG_OFB)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define MBEDTLS_CIPHER_MODE_OFB
-#endif
-#endif /* PSA_WANT_ALG_OFB */
+#    if defined(PSA_WANT_ALG_OFB)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_OFB) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#            define MBEDTLS_CIPHER_MODE_OFB
+#        endif
+#    endif /* PSA_WANT_ALG_OFB */
 
-#if defined(PSA_WANT_ALG_XTS)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define MBEDTLS_CIPHER_MODE_XTS
-#endif
-#endif /* PSA_WANT_ALG_XTS */
+#    if defined(PSA_WANT_ALG_XTS)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_XTS) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
+#            define MBEDTLS_CIPHER_MODE_XTS
+#        endif
+#    endif /* PSA_WANT_ALG_XTS */
 
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#endif
+#    if defined(PSA_WANT_ALG_ECB_NO_PADDING)
+#        define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#    endif
 
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#endif
-#endif /* PSA_WANT_ALG_CBC_NO_PADDING */
+#    if defined(PSA_WANT_ALG_CBC_NO_PADDING)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_CIPHER_MODE_CBC
+#            define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#        endif
+#    endif /* PSA_WANT_ALG_CBC_NO_PADDING */
 
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
-    defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
-#define MBEDTLS_CIPHER_MODE_CBC
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define MBEDTLS_CIPHER_PADDING_PKCS7
-#endif
-#endif /* PSA_WANT_ALG_CBC_PKCS7 */
+#    if defined(PSA_WANT_ALG_CBC_PKCS7)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7) || \
+            defined(PSA_HAVE_SOFT_BLOCK_CIPHER)
+#            define MBEDTLS_CIPHER_MODE_CBC
+#            define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#            define MBEDTLS_CIPHER_PADDING_PKCS7
+#        endif
+#    endif /* PSA_WANT_ALG_CBC_PKCS7 */
 
-#if defined(PSA_WANT_ALG_CCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define MBEDTLS_CCM_C
-#endif
-#endif /* PSA_WANT_ALG_CCM */
+#    if defined(PSA_WANT_ALG_CCM)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_CCM) || \
+            defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+            defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#            define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#            define MBEDTLS_CCM_C
+#        endif
+#    endif /* PSA_WANT_ALG_CCM */
 
-#if defined(PSA_WANT_ALG_GCM)
-#if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
-    defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define MBEDTLS_GCM_C
-#endif
-#endif /* PSA_WANT_ALG_GCM */
+#    if defined(PSA_WANT_ALG_GCM)
+#        if !defined(MBEDTLS_PSA_ACCEL_ALG_GCM) || \
+            defined(PSA_HAVE_SOFT_KEY_TYPE_AES) || \
+            defined(PSA_HAVE_SOFT_KEY_TYPE_CAMELLIA)
+#            define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#            define MBEDTLS_GCM_C
+#        endif
+#    endif /* PSA_WANT_ALG_GCM */
 
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#define MBEDTLS_CHACHAPOLY_C
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
-#endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
+#    if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
+#        if defined(PSA_WANT_KEY_TYPE_CHACHA20)
+#            define MBEDTLS_CHACHAPOLY_C
+#            define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#        endif /* PSA_WANT_KEY_TYPE_CHACHA20 */
+#    endif /* PSA_WANT_ALG_CHACHA20_POLY1305 */
 
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#define MBEDTLS_ECP_DP_BP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
+#    if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
+#            define MBEDTLS_ECP_DP_BP256R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 */
+#    endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_256 */
 
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#define MBEDTLS_ECP_DP_BP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
+#    if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
+#            define MBEDTLS_ECP_DP_BP384R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 */
+#    endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_384 */
 
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#define MBEDTLS_ECP_DP_BP512R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
-#endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
+#    if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
+#            define MBEDTLS_ECP_DP_BP512R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 */
+#    endif /* PSA_WANT_ECC_BRAINPOOL_P_R1_512 */
 
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#define MBEDTLS_ECP_DP_CURVE25519_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_255 */
+#    if defined(PSA_WANT_ECC_MONTGOMERY_255)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
+#            define MBEDTLS_ECP_DP_CURVE25519_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 */
+#    endif /* PSA_WANT_ECC_MONTGOMERY_255 */
 
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#define MBEDTLS_ECP_DP_CURVE448_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
-#endif /* PSA_WANT_ECC_MONTGOMERY_448 */
+#    if defined(PSA_WANT_ECC_MONTGOMERY_448)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
+#            define MBEDTLS_ECP_DP_CURVE448_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 */
+#    endif /* PSA_WANT_ECC_MONTGOMERY_448 */
 
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#define MBEDTLS_ECP_DP_SECP192R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
-#endif /* PSA_WANT_ECC_SECP_R1_192 */
+#    if defined(PSA_WANT_ECC_SECP_R1_192)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
+#            define MBEDTLS_ECP_DP_SECP192R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 */
+#    endif /* PSA_WANT_ECC_SECP_R1_192 */
 
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#define MBEDTLS_ECP_DP_SECP224R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
-#endif /* PSA_WANT_ECC_SECP_R1_224 */
+#    if defined(PSA_WANT_ECC_SECP_R1_224)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
+#            define MBEDTLS_ECP_DP_SECP224R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 */
+#    endif /* PSA_WANT_ECC_SECP_R1_224 */
 
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
-#endif /* PSA_WANT_ECC_SECP_R1_256 */
+#    if defined(PSA_WANT_ECC_SECP_R1_256)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
+#            define MBEDTLS_ECP_DP_SECP256R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 */
+#    endif /* PSA_WANT_ECC_SECP_R1_256 */
 
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
-#endif /* PSA_WANT_ECC_SECP_R1_384 */
+#    if defined(PSA_WANT_ECC_SECP_R1_384)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
+#            define MBEDTLS_ECP_DP_SECP384R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 */
+#    endif /* PSA_WANT_ECC_SECP_R1_384 */
 
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#define MBEDTLS_ECP_DP_SECP521R1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
-#endif /* PSA_WANT_ECC_SECP_R1_521 */
+#    if defined(PSA_WANT_ECC_SECP_R1_521)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
+#            define MBEDTLS_ECP_DP_SECP521R1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 */
+#    endif /* PSA_WANT_ECC_SECP_R1_521 */
 
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#define MBEDTLS_ECP_DP_SECP192K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
-#endif /* PSA_WANT_ECC_SECP_K1_192 */
+#    if defined(PSA_WANT_ECC_SECP_K1_192)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
+#            define MBEDTLS_ECP_DP_SECP192K1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 */
+#    endif /* PSA_WANT_ECC_SECP_K1_192 */
 
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
+#    if defined(PSA_WANT_ECC_SECP_K1_224)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
 /*
  * SECP224K1 is buggy via the PSA API in Mbed TLS
  * (https://github.com/ARMmbed/mbedtls/issues/3541).
  */
-#error "SECP224K1 is buggy via the PSA API in Mbed TLS."
-#define MBEDTLS_ECP_DP_SECP224K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
-#endif /* PSA_WANT_ECC_SECP_K1_224 */
+#            error "SECP224K1 is buggy via the PSA API in Mbed TLS."
+#            define MBEDTLS_ECP_DP_SECP224K1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 */
+#    endif /* PSA_WANT_ECC_SECP_K1_224 */
 
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#define MBEDTLS_ECP_DP_SECP256K1_ENABLED
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
-#endif /* PSA_WANT_ECC_SECP_K1_256 */
-
-
+#    if defined(PSA_WANT_ECC_SECP_K1_256)
+#        if !defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
+#            define MBEDTLS_ECP_DP_SECP256K1_ENABLED
+#            define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#        endif /* !MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 */
+#    endif /* PSA_WANT_ECC_SECP_K1_256 */
 
 /****************************************************************/
 /* Infer PSA requirements from Mbed TLS capabilities */
@@ -512,249 +510,250 @@
  * is not defined
  */
 
-#if defined(MBEDTLS_CCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
-#define PSA_WANT_ALG_CCM 1
-#endif /* MBEDTLS_CCM_C */
+#    if defined(MBEDTLS_CCM_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_CCM 1
+#        define PSA_WANT_ALG_CCM            1
+#    endif /* MBEDTLS_CCM_C */
 
-#if defined(MBEDTLS_CMAC_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
-#define PSA_WANT_ALG_CMAC 1
-#endif /* MBEDTLS_CMAC_C */
+#    if defined(MBEDTLS_CMAC_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_CMAC 1
+#        define PSA_WANT_ALG_CMAC            1
+#    endif /* MBEDTLS_CMAC_C */
 
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
-#define PSA_WANT_ALG_ECDH 1
-#endif /* MBEDTLS_ECDH_C */
+#    if defined(MBEDTLS_ECDH_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_ECDH 1
+#        define PSA_WANT_ALG_ECDH            1
+#    endif /* MBEDTLS_ECDH_C */
 
-#if defined(MBEDTLS_ECDSA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA 1
-#define PSA_WANT_ALG_ECDSA_ANY 1
+#    if defined(MBEDTLS_ECDSA_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_ECDSA 1
+#        define PSA_WANT_ALG_ECDSA            1
+#        define PSA_WANT_ALG_ECDSA_ANY        1
 
 // Only add in DETERMINISTIC support if ECDSA is also enabled
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-#define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
-#define PSA_WANT_ALG_DETERMINISTIC_ECDSA 1
-#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
+#        if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#            define MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA 1
+#            define PSA_WANT_ALG_DETERMINISTIC_ECDSA            1
+#        endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
-#endif /* MBEDTLS_ECDSA_C */
+#    endif /* MBEDTLS_ECDSA_C */
 
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif /* MBEDTLS_ECP_C */
+#    if defined(MBEDTLS_ECP_C)
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR   1
+#        define PSA_WANT_KEY_TYPE_ECC_KEY_PAIR              1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY 1
+#        define PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY            1
+#    endif /* MBEDTLS_ECP_C */
 
-#if defined(MBEDTLS_GCM_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
-#define PSA_WANT_ALG_GCM 1
-#endif /* MBEDTLS_GCM_C */
+#    if defined(MBEDTLS_GCM_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_GCM 1
+#        define PSA_WANT_ALG_GCM            1
+#    endif /* MBEDTLS_GCM_C */
 
-#if defined(MBEDTLS_HKDF_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
-#define PSA_WANT_ALG_HKDF 1
-#endif /* MBEDTLS_HKDF_C */
+#    if defined(MBEDTLS_HKDF_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#        define PSA_WANT_ALG_HMAC            1
+#        define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
+#        define PSA_WANT_ALG_HKDF            1
+#    endif /* MBEDTLS_HKDF_C */
 
-#if defined(MBEDTLS_MD_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
-#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
-#define PSA_WANT_ALG_TLS12_PRF 1
-#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
-#define PSA_WANT_ALG_TLS12_PSK_TO_MS 1
-#endif /* MBEDTLS_MD_C */
+#    if defined(MBEDTLS_MD_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
+#        define PSA_WANT_ALG_HMAC            1
+#        define PSA_WANT_KEY_TYPE_HMAC
+#        define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF       1
+#        define PSA_WANT_ALG_TLS12_PRF                  1
+#        define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
+#        define PSA_WANT_ALG_TLS12_PSK_TO_MS            1
+#    endif /* MBEDTLS_MD_C */
 
-#if defined(MBEDTLS_MD5_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
-#define PSA_WANT_ALG_MD5 1
-#endif
+#    if defined(MBEDTLS_MD5_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_MD5 1
+#        define PSA_WANT_ALG_MD5            1
+#    endif
 
-#if defined(MBEDTLS_RIPEMD160_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
-#define PSA_WANT_ALG_RIPEMD160 1
-#endif
+#    if defined(MBEDTLS_RIPEMD160_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_RIPEMD160 1
+#        define PSA_WANT_ALG_RIPEMD160            1
+#    endif
 
-#if defined(MBEDTLS_RSA_C)
-#if defined(MBEDTLS_PKCS1_V15)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
-#define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW 1
-#endif /* MBEDTLSS_PKCS1_V15 */
-#if defined(MBEDTLS_PKCS1_V21)
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
-#define PSA_WANT_ALG_RSA_OAEP 1
-#define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS 1
-#define PSA_WANT_ALG_RSA_PSS 1
-#endif /* MBEDTLS_PKCS1_V21 */
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR 1
-#define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
-#define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif /* MBEDTLS_RSA_C */
+#    if defined(MBEDTLS_RSA_C)
+#        if defined(MBEDTLS_PKCS1_V15)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_CRYPT 1
+#            define PSA_WANT_ALG_RSA_PKCS1V15_CRYPT            1
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN  1
+#            define PSA_WANT_ALG_RSA_PKCS1V15_SIGN             1
+#            define PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW         1
+#        endif /* MBEDTLSS_PKCS1_V15 */
+#        if defined(MBEDTLS_PKCS1_V21)
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_OAEP 1
+#            define PSA_WANT_ALG_RSA_OAEP            1
+#            define MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS  1
+#            define PSA_WANT_ALG_RSA_PSS             1
+#        endif /* MBEDTLS_PKCS1_V21 */
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR   1
+#        define PSA_WANT_KEY_TYPE_RSA_KEY_PAIR              1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY 1
+#        define PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY            1
+#    endif /* MBEDTLS_RSA_C */
 
-#if defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
-#define PSA_WANT_ALG_SHA_1 1
-#endif
+#    if defined(MBEDTLS_SHA1_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_1 1
+#        define PSA_WANT_ALG_SHA_1            1
+#    endif
 
-#if defined(MBEDTLS_SHA224_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
-#define PSA_WANT_ALG_SHA_224 1
-#endif
+#    if defined(MBEDTLS_SHA224_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_224 1
+#        define PSA_WANT_ALG_SHA_224            1
+#    endif
 
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define PSA_WANT_ALG_SHA_256 1
-#endif
+#    if defined(MBEDTLS_SHA256_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
+#        define PSA_WANT_ALG_SHA_256            1
+#    endif
 
-#if defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
-#define PSA_WANT_ALG_SHA_384 1
-#endif
+#    if defined(MBEDTLS_SHA384_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_384 1
+#        define PSA_WANT_ALG_SHA_384            1
+#    endif
 
-#if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
-#define PSA_WANT_ALG_SHA_512 1
-#endif
+#    if defined(MBEDTLS_SHA512_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_SHA_512 1
+#        define PSA_WANT_ALG_SHA_512            1
+#    endif
 
-#if defined(MBEDTLS_AES_C)
-#define PSA_WANT_KEY_TYPE_AES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
-#endif
+#    if defined(MBEDTLS_AES_C)
+#        define PSA_WANT_KEY_TYPE_AES            1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_AES 1
+#    endif
 
-#if defined(MBEDTLS_CAMELLIA_C)
-#define PSA_WANT_KEY_TYPE_CAMELLIA 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
-#endif
+#    if defined(MBEDTLS_CAMELLIA_C)
+#        define PSA_WANT_KEY_TYPE_CAMELLIA            1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CAMELLIA 1
+#    endif
 
-#if defined(MBEDTLS_DES_C)
-#define PSA_WANT_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
-#endif
+#    if defined(MBEDTLS_DES_C)
+#        define PSA_WANT_KEY_TYPE_DES            1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_DES 1
+#    endif
 
-#if defined(MBEDTLS_CHACHA20_C)
-#define PSA_WANT_KEY_TYPE_CHACHA20 1
-#define PSA_WANT_ALG_STREAM_CIPHER 1
-#define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
-#define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
-#if defined(MBEDTLS_CHACHAPOLY_C)
-#define PSA_WANT_ALG_CHACHA20_POLY1305 1
-#define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
+#    if defined(MBEDTLS_CHACHA20_C)
+#        define PSA_WANT_KEY_TYPE_CHACHA20            1
+#        define PSA_WANT_ALG_STREAM_CIPHER            1
+#        define MBEDTLS_PSA_BUILTIN_KEY_TYPE_CHACHA20 1
+#        define MBEDTLS_PSA_BUILTIN_ALG_STREAM_CIPHER 1
+#        if defined(MBEDTLS_CHACHAPOLY_C)
+#            define PSA_WANT_ALG_CHACHA20_POLY1305            1
+#            define MBEDTLS_PSA_BUILTIN_ALG_CHACHA20_POLY1305 1
+#        endif
+#    endif
 
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
-#define PSA_WANT_ALG_CBC_NO_PADDING 1
-#if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
-#define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
-#define PSA_WANT_ALG_CBC_PKCS7 1
-#endif
-#endif
+#    if defined(MBEDTLS_CIPHER_MODE_CBC)
+#        define MBEDTLS_PSA_BUILTIN_ALG_CBC_NO_PADDING 1
+#        define PSA_WANT_ALG_CBC_NO_PADDING            1
+#        if defined(MBEDTLS_CIPHER_PADDING_PKCS7)
+#            define MBEDTLS_PSA_BUILTIN_ALG_CBC_PKCS7 1
+#            define PSA_WANT_ALG_CBC_PKCS7            1
+#        endif
+#    endif
 
-#if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
-    defined(MBEDTLS_CAMELLIA_C)
-#define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
-#define PSA_WANT_ALG_ECB_NO_PADDING 1
-#endif
+#    if defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) || \
+        defined(MBEDTLS_CAMELLIA_C)
+#        define MBEDTLS_PSA_BUILTIN_ALG_ECB_NO_PADDING 1
+#        define PSA_WANT_ALG_ECB_NO_PADDING            1
+#    endif
 
-#if defined(MBEDTLS_CIPHER_MODE_CFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
-#define PSA_WANT_ALG_CFB 1
-#endif
+#    if defined(MBEDTLS_CIPHER_MODE_CFB)
+#        define MBEDTLS_PSA_BUILTIN_ALG_CFB 1
+#        define PSA_WANT_ALG_CFB            1
+#    endif
 
-#if defined(MBEDTLS_CIPHER_MODE_CTR)
-#define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
-#define PSA_WANT_ALG_CTR 1
-#endif
+#    if defined(MBEDTLS_CIPHER_MODE_CTR)
+#        define MBEDTLS_PSA_BUILTIN_ALG_CTR 1
+#        define PSA_WANT_ALG_CTR            1
+#    endif
 
-#if defined(MBEDTLS_CIPHER_MODE_OFB)
-#define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
-#define PSA_WANT_ALG_OFB 1
-#endif
+#    if defined(MBEDTLS_CIPHER_MODE_OFB)
+#        define MBEDTLS_PSA_BUILTIN_ALG_OFB 1
+#        define PSA_WANT_ALG_OFB            1
+#    endif
 
-#if defined(MBEDTLS_CIPHER_MODE_XTS)
-#define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
-#define PSA_WANT_ALG_XTS 1
-#endif
+#    if defined(MBEDTLS_CIPHER_MODE_XTS)
+#        define MBEDTLS_PSA_BUILTIN_ALG_XTS 1
+#        define PSA_WANT_ALG_XTS            1
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
-#endif
+#    if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
+#        define PSA_WANT_ECC_BRAINPOOL_P_R1_256
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
-#endif
+#    if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
+#        define PSA_WANT_ECC_BRAINPOOL_P_R1_384
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
-#endif
+#    if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
+#        define PSA_WANT_ECC_BRAINPOOL_P_R1_512
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
-#endif
+#    if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
+#        define PSA_WANT_ECC_MONTGOMERY_255
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
-#endif
+#    if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
+#        define PSA_WANT_ECC_MONTGOMERY_448
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
+#        define PSA_WANT_ECC_SECP_R1_192
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
+#        define PSA_WANT_ECC_SECP_R1_224
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
+#        define PSA_WANT_ECC_SECP_R1_256
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
+#        define PSA_WANT_ECC_SECP_R1_384
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
+#        define PSA_WANT_ECC_SECP_R1_521
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
+#        define PSA_WANT_ECC_SECP_K1_192
+#    endif
 
-/* SECP224K1 is buggy via the PSA API (https://github.com/ARMmbed/mbedtls/issues/3541) */
-#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
-#endif
+/* SECP224K1 is buggy via the PSA API
+ * (https://github.com/ARMmbed/mbedtls/issues/3541) */
+#    if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
+#        define PSA_WANT_ECC_SECP_K1_224
+#    endif
 
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
-#endif
+#    if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#        define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
+#        define PSA_WANT_ECC_SECP_K1_256
+#    endif
 
 #endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
 
 /* These features are always enabled. */
-#define PSA_WANT_KEY_TYPE_DERIVE 1
+#define PSA_WANT_KEY_TYPE_DERIVE   1
 #define PSA_WANT_KEY_TYPE_RAW_DATA 1
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/ctr_drbg.h b/include/mbedtls/ctr_drbg.h
index 4c24c04..151a899 100644
--- a/include/mbedtls/ctr_drbg.h
+++ b/include/mbedtls/ctr_drbg.h
@@ -16,10 +16,9 @@
  * The security strength as defined in NIST SP 800-90A is
  * 128 bits when AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
  * and 256 bits otherwise, provided that #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
- * kept at its default value (and not overridden in mbedtls_config.h) and that the
- * DRBG instance is set up with default parameters.
- * See the documentation of mbedtls_ctr_drbg_seed() for more
- * information.
+ * kept at its default value (and not overridden in mbedtls_config.h) and that
+ * the DRBG instance is set up with default parameters. See the documentation of
+ * mbedtls_ctr_drbg_seed() for more information.
  */
 /*
  *  Copyright The Mbed TLS Contributors
@@ -47,30 +46,30 @@
 #include "mbedtls/aes.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 /** The entropy source failed. */
-#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED        -0x0034
+#define MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034
 /** The requested random buffer length is too big. */
-#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG              -0x0036
+#define MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036
 /** The input (entropy + additional data) is too large. */
-#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG                -0x0038
+#define MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038
 /** Read or write error in file. */
-#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR                -0x003A
+#define MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A
 
 /** The block size used by the cipher. */
-#define MBEDTLS_CTR_DRBG_BLOCKSIZE          16
+#define MBEDTLS_CTR_DRBG_BLOCKSIZE 16
 
 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE            16
+#    define MBEDTLS_CTR_DRBG_KEYSIZE 16
 /**< The key size in bytes used by the cipher.
  *
  * Compile-time choice: 16 bytes (128 bits)
  * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
  */
 #else
-#define MBEDTLS_CTR_DRBG_KEYSIZE            32
+#    define MBEDTLS_CTR_DRBG_KEYSIZE 32
 /**< The key size in bytes used by the cipher.
  *
  * Compile-time choice: 32 bytes (256 bits)
@@ -78,15 +77,22 @@
  */
 #endif
 
-#define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
-#define MBEDTLS_CTR_DRBG_SEEDLEN            ( MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE ) /**< The seed length, calculated as (counter + AES key). */
+#define MBEDTLS_CTR_DRBG_KEYBITS                                             \
+    (MBEDTLS_CTR_DRBG_KEYSIZE * 8) /**< The key size for the DRBG operation, \
+                                      in bits. */
+#define MBEDTLS_CTR_DRBG_SEEDLEN                                              \
+    (MBEDTLS_CTR_DRBG_KEYSIZE + MBEDTLS_CTR_DRBG_BLOCKSIZE) /**< The seed     \
+                                                               length,        \
+                                                               calculated as  \
+                                                               (counter + AES \
+                                                               key). */
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them using the compiler command
- * line.
+ * Either change them in mbedtls_config.h or define them using the compiler
+ * command line.
  * \{
  */
 
@@ -95,52 +101,54 @@
  * \brief The amount of entropy used per seed by default, in bytes.
  */
 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
-#if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#    if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
 /** This is 48 bytes because the entropy module uses SHA-512
  * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
  */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48
+#        define MBEDTLS_CTR_DRBG_ENTROPY_LEN 48
 
-#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+#    else /* defined(MBEDTLS_SHA512_C) && \
+             !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
 
 /** This is 32 bytes because the entropy module uses SHA-256
  * (the SHA512 module is disabled or
  * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
  */
-#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
+#        if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
 /** \warning To achieve a 256-bit security strength, you must pass a nonce
  *           to mbedtls_ctr_drbg_seed().
  */
-#endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
-#define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32
-#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
+#        endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
+#        define MBEDTLS_CTR_DRBG_ENTROPY_LEN 32
+#    endif /* defined(MBEDTLS_SHA512_C) && \
+              !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
 #endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
 
 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
-#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000
+#    define MBEDTLS_CTR_DRBG_RESEED_INTERVAL 10000
 /**< The interval before reseed is performed by default. */
 #endif
 
 #if !defined(MBEDTLS_CTR_DRBG_MAX_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_INPUT          256
+#    define MBEDTLS_CTR_DRBG_MAX_INPUT 256
 /**< The maximum number of additional input Bytes. */
 #endif
 
 #if !defined(MBEDTLS_CTR_DRBG_MAX_REQUEST)
-#define MBEDTLS_CTR_DRBG_MAX_REQUEST        1024
+#    define MBEDTLS_CTR_DRBG_MAX_REQUEST 1024
 /**< The maximum number of requested Bytes per call. */
 #endif
 
 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
-#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384
+#    define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT 384
 /**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 
 /* \} name SECTION: Module settings */
 
-#define MBEDTLS_CTR_DRBG_PR_OFF             0
+#define MBEDTLS_CTR_DRBG_PR_OFF 0
 /**< Prediction resistance is disabled. */
-#define MBEDTLS_CTR_DRBG_PR_ON              1
+#define MBEDTLS_CTR_DRBG_PR_ON 1
 /**< Prediction resistance is enabled. */
 
 #ifdef __cplusplus
@@ -154,7 +162,7 @@
  * to include a nonce.
  * See the documentation of mbedtls_ctr_drbg_seed() for more information.
  */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
+#    define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN 0
 #else
 /** The default length of the nonce read from the entropy source.
  *
@@ -162,44 +170,47 @@
  * the entropy source does not provide enough material to form a nonce.
  * See the documentation of mbedtls_ctr_drbg_seed() for more information.
  */
-#define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN ( MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1 ) / 2
+#    define MBEDTLS_CTR_DRBG_ENTROPY_NONCE_LEN \
+        (MBEDTLS_CTR_DRBG_ENTROPY_LEN + 1) / 2
 #endif
 
 /**
  * \brief          The CTR_DRBG context structure.
  */
-typedef struct mbedtls_ctr_drbg_context
-{
-    unsigned char MBEDTLS_PRIVATE(counter)[16];  /*!< The counter (V). */
-    int MBEDTLS_PRIVATE(reseed_counter);         /*!< The reseed counter.
-                                 * This is the number of requests that have
-                                 * been made since the last (re)seeding,
-                                 * minus one.
-                                 * Before the initial seeding, this field
-                                 * contains the amount of entropy in bytes
-                                 * to use as a nonce for the initial seeding,
-                                 * or -1 if no nonce length has been explicitly
-                                 * set (see mbedtls_ctr_drbg_set_nonce_len()).
-                                 */
-    int MBEDTLS_PRIVATE(prediction_resistance);  /*!< This determines whether prediction
-                                     resistance is enabled, that is
-                                     whether to systematically reseed before
-                                     each random generation. */
-    size_t MBEDTLS_PRIVATE(entropy_len);         /*!< The amount of entropy grabbed on each
-                                     seed or reseed operation, in bytes. */
-    int MBEDTLS_PRIVATE(reseed_interval);        /*!< The reseed interval.
-                                 * This is the maximum number of requests
-                                 * that can be made between reseedings. */
+typedef struct mbedtls_ctr_drbg_context {
+    unsigned char MBEDTLS_PRIVATE(counter)[16]; /*!< The counter (V). */
+    int MBEDTLS_PRIVATE(reseed_counter); /*!< The reseed counter.
+                                          * This is the number of requests that
+                                          * have been made since the last
+                                          * (re)seeding, minus one. Before the
+                                          * initial seeding, this field contains
+                                          * the amount of entropy in bytes to
+                                          * use as a nonce for the initial
+                                          * seeding, or -1 if no nonce length
+                                          * has been explicitly set (see
+                                          * mbedtls_ctr_drbg_set_nonce_len()).
+                                          */
+    int MBEDTLS_PRIVATE(prediction_resistance); /*!< This determines whether
+                                    prediction resistance is enabled, that is
+                                    whether to systematically reseed before
+                                    each random generation. */
+    size_t MBEDTLS_PRIVATE(entropy_len); /*!< The amount of entropy grabbed on
+                             each seed or reseed operation, in bytes. */
+    int MBEDTLS_PRIVATE(reseed_interval); /*!< The reseed interval.
+                                           * This is the maximum number of
+                                           * requests that can be made between
+                                           * reseedings. */
 
-    mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx);        /*!< The AES context. */
+    mbedtls_aes_context MBEDTLS_PRIVATE(aes_ctx); /*!< The AES context. */
 
     /*
      * Callbacks (Entropy)
      */
     int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t);
-                                /*!< The entropy callback function. */
+    /*!< The entropy callback function. */
 
-    void *MBEDTLS_PRIVATE(p_entropy);            /*!< The context for the entropy function. */
+    void *MBEDTLS_PRIVATE(p_entropy); /*!< The context for the entropy function.
+                                       */
 
 #if defined(MBEDTLS_THREADING_C)
     /* Invariant: the mutex is initialized if and only if f_entropy != NULL.
@@ -211,8 +222,7 @@
      */
     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
 #endif
-}
-mbedtls_ctr_drbg_context;
+} mbedtls_ctr_drbg_context;
 
 /**
  * \brief               This function initializes the CTR_DRBG context,
@@ -226,7 +236,7 @@
  *
  * \param ctx           The CTR_DRBG context to initialize.
  */
-void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_init(mbedtls_ctr_drbg_context *ctx);
 
 /**
  * \brief               This function seeds and sets up the CTR_DRBG
@@ -327,11 +337,11 @@
  * \return              \c 0 on success.
  * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
  */
-int mbedtls_ctr_drbg_seed( mbedtls_ctr_drbg_context *ctx,
-                   int (*f_entropy)(void *, unsigned char *, size_t),
-                   void *p_entropy,
-                   const unsigned char *custom,
-                   size_t len );
+int mbedtls_ctr_drbg_seed(mbedtls_ctr_drbg_context *ctx,
+                          int (*f_entropy)(void *, unsigned char *, size_t),
+                          void *p_entropy,
+                          const unsigned char *custom,
+                          size_t len);
 
 /**
  * \brief               This function resets CTR_DRBG context to the state immediately
@@ -339,7 +349,7 @@
  *
  * \param ctx           The CTR_DRBG context to clear.
  */
-void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
+void mbedtls_ctr_drbg_free(mbedtls_ctr_drbg_context *ctx);
 
 /**
  * \brief               This function turns prediction resistance on or off.
@@ -354,8 +364,8 @@
  * \param ctx           The CTR_DRBG context.
  * \param resistance    #MBEDTLS_CTR_DRBG_PR_ON or #MBEDTLS_CTR_DRBG_PR_OFF.
  */
-void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
-                                         int resistance );
+void mbedtls_ctr_drbg_set_prediction_resistance(mbedtls_ctr_drbg_context *ctx,
+                                                int resistance);
 
 /**
  * \brief               This function sets the amount of entropy grabbed on each
@@ -381,8 +391,8 @@
  *                      and at most the maximum length accepted by the
  *                      entropy function that is set in the context.
  */
-void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
-                               size_t len );
+void mbedtls_ctr_drbg_set_entropy_len(mbedtls_ctr_drbg_context *ctx,
+                                      size_t len);
 
 /**
  * \brief               This function sets the amount of entropy grabbed
@@ -403,8 +413,7 @@
  * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED
  *                      if the initial seeding has already taken place.
  */
-int mbedtls_ctr_drbg_set_nonce_len( mbedtls_ctr_drbg_context *ctx,
-                                    size_t len );
+int mbedtls_ctr_drbg_set_nonce_len(mbedtls_ctr_drbg_context *ctx, size_t len);
 
 /**
  * \brief               This function sets the reseed interval.
@@ -418,8 +427,8 @@
  * \param ctx           The CTR_DRBG context.
  * \param interval      The reseed interval.
  */
-void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
-                                   int interval );
+void mbedtls_ctr_drbg_set_reseed_interval(mbedtls_ctr_drbg_context *ctx,
+                                          int interval);
 
 /**
  * \brief               This function reseeds the CTR_DRBG context, that is
@@ -441,8 +450,9 @@
  * \return              \c 0 on success.
  * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
  */
-int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
-                     const unsigned char *additional, size_t len );
+int mbedtls_ctr_drbg_reseed(mbedtls_ctr_drbg_context *ctx,
+                            const unsigned char *additional,
+                            size_t len);
 
 /**
  * \brief              This function updates the state of the CTR_DRBG context.
@@ -464,9 +474,9 @@
  *                     #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
  * \return             An error from the underlying AES cipher on failure.
  */
-int mbedtls_ctr_drbg_update( mbedtls_ctr_drbg_context *ctx,
-                             const unsigned char *additional,
-                             size_t add_len );
+int mbedtls_ctr_drbg_update(mbedtls_ctr_drbg_context *ctx,
+                            const unsigned char *additional,
+                            size_t add_len);
 
 /**
  * \brief   This function updates a CTR_DRBG instance with additional
@@ -499,9 +509,11 @@
  * \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
  *            #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
  */
-int mbedtls_ctr_drbg_random_with_add( void *p_rng,
-                              unsigned char *output, size_t output_len,
-                              const unsigned char *additional, size_t add_len );
+int mbedtls_ctr_drbg_random_with_add(void *p_rng,
+                                     unsigned char *output,
+                                     size_t output_len,
+                                     const unsigned char *additional,
+                                     size_t add_len);
 
 /**
  * \brief   This function uses CTR_DRBG to generate random data.
@@ -527,8 +539,9 @@
  * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
  *                      #MBEDTLS_ERR_CTR_DRBG_REQUEST_TOO_BIG on failure.
  */
-int mbedtls_ctr_drbg_random( void *p_rng,
-                     unsigned char *output, size_t output_len );
+int mbedtls_ctr_drbg_random(void *p_rng,
+                            unsigned char *output,
+                            size_t output_len);
 
 #if defined(MBEDTLS_FS_IO)
 /**
@@ -542,7 +555,8 @@
  * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
  *                      failure.
  */
-int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_write_seed_file(mbedtls_ctr_drbg_context *ctx,
+                                     const char *path);
 
 /**
  * \brief               This function reads and updates a seed file. The seed
@@ -558,7 +572,8 @@
  * \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
  *                      seed file is too large.
  */
-int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
+int mbedtls_ctr_drbg_update_seed_file(mbedtls_ctr_drbg_context *ctx,
+                                      const char *path);
 #endif /* MBEDTLS_FS_IO */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -569,7 +584,7 @@
  * \return              \c 0 on success.
  * \return              \c 1 on failure.
  */
-int mbedtls_ctr_drbg_self_test( int verbose );
+int mbedtls_ctr_drbg_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h
index 0aed596..ea6d35c 100644
--- a/include/mbedtls/debug.h
+++ b/include/mbedtls/debug.h
@@ -27,56 +27,74 @@
 #include "mbedtls/ssl.h"
 
 #if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+#    include "mbedtls/ecp.h"
 #endif
 
 #if defined(MBEDTLS_DEBUG_C)
 
-#define MBEDTLS_DEBUG_STRIP_PARENS( ... )   __VA_ARGS__
+#    define MBEDTLS_DEBUG_STRIP_PARENS(...) __VA_ARGS__
 
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )                    \
-    mbedtls_debug_print_msg( ssl, level, __FILE__, __LINE__,    \
-                             MBEDTLS_DEBUG_STRIP_PARENS args )
+#    define MBEDTLS_SSL_DEBUG_MSG(level, args)                  \
+        mbedtls_debug_print_msg(ssl, level, __FILE__, __LINE__, \
+                                MBEDTLS_DEBUG_STRIP_PARENS args)
 
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )                \
-    mbedtls_debug_print_ret( ssl, level, __FILE__, __LINE__, text, ret )
+#    define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+        mbedtls_debug_print_ret(ssl, level, __FILE__, __LINE__, text, ret)
 
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )           \
-    mbedtls_debug_print_buf( ssl, level, __FILE__, __LINE__, text, buf, len )
+#    define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+        mbedtls_debug_print_buf(ssl, level, __FILE__, __LINE__, text, buf, len)
 
-#if defined(MBEDTLS_BIGNUM_C)
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )                  \
-    mbedtls_debug_print_mpi( ssl, level, __FILE__, __LINE__, text, X )
-#endif
+#    if defined(MBEDTLS_BIGNUM_C)
+#        define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+            mbedtls_debug_print_mpi(ssl, level, __FILE__, __LINE__, text, X)
+#    endif
 
-#if defined(MBEDTLS_ECP_C)
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )                  \
-    mbedtls_debug_print_ecp( ssl, level, __FILE__, __LINE__, text, X )
-#endif
+#    if defined(MBEDTLS_ECP_C)
+#        define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+            mbedtls_debug_print_ecp(ssl, level, __FILE__, __LINE__, text, X)
+#    endif
 
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )                \
-    mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
-#else
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
-#endif /* MBEDTLS_X509_REMOVE_INFO */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+#    if defined(MBEDTLS_X509_CRT_PARSE_C)
+#        if !defined(MBEDTLS_X509_REMOVE_INFO)
+#            define MBEDTLS_SSL_DEBUG_CRT(level, text, crt)                   \
+                mbedtls_debug_print_crt(ssl, level, __FILE__, __LINE__, text, \
+                                        crt)
+#        else
+#            define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+                do {                                        \
+                } while (0)
+#        endif /* MBEDTLS_X509_REMOVE_INFO */
+#    endif /* MBEDTLS_X509_CRT_PARSE_C */
 
-#if defined(MBEDTLS_ECDH_C)
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )               \
-    mbedtls_debug_printf_ecdh( ssl, level, __FILE__, __LINE__, ecdh, attr )
-#endif
+#    if defined(MBEDTLS_ECDH_C)
+#        define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr)                   \
+            mbedtls_debug_printf_ecdh(ssl, level, __FILE__, __LINE__, ecdh, \
+                                      attr)
+#    endif
 
 #else /* MBEDTLS_DEBUG_C */
 
-#define MBEDTLS_SSL_DEBUG_MSG( level, args )            do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_RET( level, text, ret )       do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_BUF( level, text, buf, len )  do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_MPI( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECP( level, text, X )         do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt )       do { } while( 0 )
-#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr )     do { } while( 0 )
+#    define MBEDTLS_SSL_DEBUG_MSG(level, args) \
+        do {                                   \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_RET(level, text, ret) \
+        do {                                        \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_BUF(level, text, buf, len) \
+        do {                                             \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_MPI(level, text, X) \
+        do {                                      \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_ECP(level, text, X) \
+        do {                                      \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_CRT(level, text, crt) \
+        do {                                        \
+        } while (0)
+#    define MBEDTLS_SSL_DEBUG_ECDH(level, ecdh, attr) \
+        do {                                          \
+        } while (0)
 
 #endif /* MBEDTLS_DEBUG_C */
 
@@ -93,19 +111,20 @@
  * This module provides debugging functions.
  */
 #if defined(__has_attribute)
-#if __has_attribute(format)
-#if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)    \
-    __attribute__((__format__ (gnu_printf, string_index, first_to_check)))
-#else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)    \
-    __attribute__((format(printf, string_index, first_to_check)))
-#endif
-#else /* __has_attribute(format) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
-#endif /* __has_attribute(format) */
+#    if __has_attribute(format)
+#        if defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1
+#            define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+                __attribute__((                                            \
+                    __format__(gnu_printf, string_index, first_to_check)))
+#        else /* defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 1 */
+#            define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check) \
+                __attribute__((format(printf, string_index, first_to_check)))
+#        endif
+#    else /* __has_attribute(format) */
+#        define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#    endif /* __has_attribute(format) */
 #else /* defined(__has_attribute) */
-#define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
+#    define MBEDTLS_PRINTF_ATTRIBUTE(string_index, first_to_check)
 #endif
 
 /**
@@ -120,14 +139,17 @@
  *
  * This module provides debugging functions.
  */
-#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800)
-   #include <inttypes.h>
-   #define MBEDTLS_PRINTF_SIZET     PRIuPTR
-   #define MBEDTLS_PRINTF_LONGLONG  "I64d"
-#else /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
-   #define MBEDTLS_PRINTF_SIZET     "zu"
-   #define MBEDTLS_PRINTF_LONGLONG  "lld"
-#endif /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || (defined(_MSC_VER) && _MSC_VER < 1800) */
+#if (defined(__MINGW32__) && __USE_MINGW_ANSI_STDIO == 0) || \
+    (defined(_MSC_VER) && _MSC_VER < 1800)
+#    include <inttypes.h>
+#    define MBEDTLS_PRINTF_SIZET    PRIuPTR
+#    define MBEDTLS_PRINTF_LONGLONG "I64d"
+#else /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || \
+         (defined(_MSC_VER) && _MSC_VER < 1800) */
+#    define MBEDTLS_PRINTF_SIZET    "zu"
+#    define MBEDTLS_PRINTF_LONGLONG "lld"
+#endif /* (defined(__MINGW32__)  && __USE_MINGW_ANSI_STDIO == 0) || \
+          (defined(_MSC_VER) && _MSC_VER < 1800) */
 
 #ifdef __cplusplus
 extern "C" {
@@ -148,7 +170,7 @@
  *                              - 3 Informational
  *                              - 4 Verbose
  */
-void mbedtls_debug_set_threshold( int threshold );
+void mbedtls_debug_set_threshold(int threshold);
 
 /**
  * \brief    Print a message to the debug output. This function is always used
@@ -165,9 +187,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_msg( const mbedtls_ssl_context *ssl, int level,
-                              const char *file, int line,
-                              const char *format, ... ) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
+void mbedtls_debug_print_msg(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *format,
+                             ...) MBEDTLS_PRINTF_ATTRIBUTE(5, 6);
 
 /**
  * \brief   Print the return value of a function to the debug output. This
@@ -184,9 +209,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_ret( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, int ret );
+void mbedtls_debug_print_ret(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *text,
+                             int ret);
 
 /**
  * \brief   Output a buffer of size len bytes to the debug output. This function
@@ -205,9 +233,13 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_buf( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line, const char *text,
-                      const unsigned char *buf, size_t len );
+void mbedtls_debug_print_buf(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *text,
+                             const unsigned char *buf,
+                             size_t len);
 
 #if defined(MBEDTLS_BIGNUM_C)
 /**
@@ -226,9 +258,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_mpi *X );
+void mbedtls_debug_print_mpi(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *text,
+                             const mbedtls_mpi *X);
 #endif
 
 #if defined(MBEDTLS_ECP_C)
@@ -248,9 +283,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_ecp_point *X );
+void mbedtls_debug_print_ecp(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *text,
+                             const mbedtls_ecp_point *X);
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -269,9 +307,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
-                      const char *file, int line,
-                      const char *text, const mbedtls_x509_crt *crt );
+void mbedtls_debug_print_crt(const mbedtls_ssl_context *ssl,
+                             int level,
+                             const char *file,
+                             int line,
+                             const char *text,
+                             const mbedtls_x509_crt *crt);
 #endif
 
 #if defined(MBEDTLS_ECDH_C)
@@ -298,10 +339,12 @@
  * \attention       This function is intended for INTERNAL usage within the
  *                  library only.
  */
-void mbedtls_debug_printf_ecdh( const mbedtls_ssl_context *ssl, int level,
-                                const char *file, int line,
-                                const mbedtls_ecdh_context *ecdh,
-                                mbedtls_debug_ecdh_attr attr );
+void mbedtls_debug_printf_ecdh(const mbedtls_ssl_context *ssl,
+                               int level,
+                               const char *file,
+                               int line,
+                               const mbedtls_ecdh_context *ecdh,
+                               mbedtls_debug_ecdh_attr attr);
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/des.h b/include/mbedtls/des.h
index 63a8e00..b1c2eea 100644
--- a/include/mbedtls/des.h
+++ b/include/mbedtls/des.h
@@ -33,13 +33,13 @@
 #include <stddef.h>
 #include <stdint.h>
 
-#define MBEDTLS_DES_ENCRYPT     1
-#define MBEDTLS_DES_DECRYPT     0
+#define MBEDTLS_DES_ENCRYPT 1
+#define MBEDTLS_DES_DECRYPT 0
 
 /** The data input has an invalid length. */
-#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH              -0x0032
+#define MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH -0x0032
 
-#define MBEDTLS_DES_KEY_SIZE    8
+#define MBEDTLS_DES_KEY_SIZE 8
 
 #ifdef __cplusplus
 extern "C" {
@@ -56,23 +56,19 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-typedef struct mbedtls_des_context
-{
-    uint32_t MBEDTLS_PRIVATE(sk)[32];            /*!<  DES subkeys       */
-}
-mbedtls_des_context;
+typedef struct mbedtls_des_context {
+    uint32_t MBEDTLS_PRIVATE(sk)[32]; /*!<  DES subkeys       */
+} mbedtls_des_context;
 
 /**
  * \brief          Triple-DES context structure
  */
-typedef struct mbedtls_des3_context
-{
-    uint32_t MBEDTLS_PRIVATE(sk)[96];            /*!<  3DES subkeys      */
-}
-mbedtls_des3_context;
+typedef struct mbedtls_des3_context {
+    uint32_t MBEDTLS_PRIVATE(sk)[96]; /*!<  3DES subkeys      */
+} mbedtls_des3_context;
 
-#else  /* MBEDTLS_DES_ALT */
-#include "des_alt.h"
+#else /* MBEDTLS_DES_ALT */
+#    include "des_alt.h"
 #endif /* MBEDTLS_DES_ALT */
 
 /**
@@ -84,7 +80,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-void mbedtls_des_init( mbedtls_des_context *ctx );
+void mbedtls_des_init(mbedtls_des_context *ctx);
 
 /**
  * \brief          Clear DES context
@@ -95,21 +91,21 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-void mbedtls_des_free( mbedtls_des_context *ctx );
+void mbedtls_des_free(mbedtls_des_context *ctx);
 
 /**
  * \brief          Initialize Triple-DES context
  *
  * \param ctx      DES3 context to be initialized
  */
-void mbedtls_des3_init( mbedtls_des3_context *ctx );
+void mbedtls_des3_init(mbedtls_des3_context *ctx);
 
 /**
  * \brief          Clear Triple-DES context
  *
  * \param ctx      DES3 context to be cleared
  */
-void mbedtls_des3_free( mbedtls_des3_context *ctx );
+void mbedtls_des3_free(mbedtls_des3_context *ctx);
 
 /**
  * \brief          Set key parity on the given key to odd.
@@ -123,7 +119,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_key_set_parity(unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 /**
  * \brief          Check that key parity on the given key is odd.
@@ -139,7 +135,8 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_key_parity(
+    const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 /**
  * \brief          Check that key is not a weak or semi-weak DES key
@@ -152,7 +149,7 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_key_check_weak(const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 /**
  * \brief          DES key schedule (56-bit, encryption)
@@ -166,7 +163,8 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_enc(mbedtls_des_context *ctx,
+                           const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 /**
  * \brief          DES key schedule (56-bit, decryption)
@@ -180,7 +178,8 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+int mbedtls_des_setkey_dec(mbedtls_des_context *ctx,
+                           const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 /**
  * \brief          Triple-DES key schedule (112-bit, encryption)
@@ -190,8 +189,8 @@
  *
  * \return         0
  */
-int mbedtls_des3_set2key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_enc(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
 
 /**
  * \brief          Triple-DES key schedule (112-bit, decryption)
@@ -201,8 +200,8 @@
  *
  * \return         0
  */
-int mbedtls_des3_set2key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
+int mbedtls_des3_set2key_dec(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2]);
 
 /**
  * \brief          Triple-DES key schedule (168-bit, encryption)
@@ -212,8 +211,8 @@
  *
  * \return         0
  */
-int mbedtls_des3_set3key_enc( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_enc(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
 
 /**
  * \brief          Triple-DES key schedule (168-bit, decryption)
@@ -223,8 +222,8 @@
  *
  * \return         0
  */
-int mbedtls_des3_set3key_dec( mbedtls_des3_context *ctx,
-                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
+int mbedtls_des3_set3key_dec(mbedtls_des3_context *ctx,
+                             const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3]);
 
 /**
  * \brief          DES-ECB block encryption/decryption
@@ -239,9 +238,9 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_crypt_ecb( mbedtls_des_context *ctx,
-                    const unsigned char input[8],
-                    unsigned char output[8] );
+int mbedtls_des_crypt_ecb(mbedtls_des_context *ctx,
+                          const unsigned char input[8],
+                          unsigned char output[8]);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
@@ -266,12 +265,12 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-int mbedtls_des_crypt_cbc( mbedtls_des_context *ctx,
-                    int mode,
-                    size_t length,
-                    unsigned char iv[8],
-                    const unsigned char *input,
-                    unsigned char *output );
+int mbedtls_des_crypt_cbc(mbedtls_des_context *ctx,
+                          int mode,
+                          size_t length,
+                          unsigned char iv[8],
+                          const unsigned char *input,
+                          unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 /**
@@ -283,9 +282,9 @@
  *
  * \return         0 if successful
  */
-int mbedtls_des3_crypt_ecb( mbedtls_des3_context *ctx,
-                     const unsigned char input[8],
-                     unsigned char output[8] );
+int mbedtls_des3_crypt_ecb(mbedtls_des3_context *ctx,
+                           const unsigned char input[8],
+                           unsigned char output[8]);
 
 #if defined(MBEDTLS_CIPHER_MODE_CBC)
 /**
@@ -308,12 +307,12 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH
  */
-int mbedtls_des3_crypt_cbc( mbedtls_des3_context *ctx,
-                     int mode,
-                     size_t length,
-                     unsigned char iv[8],
-                     const unsigned char *input,
-                     unsigned char *output );
+int mbedtls_des3_crypt_cbc(mbedtls_des3_context *ctx,
+                           int mode,
+                           size_t length,
+                           unsigned char iv[8],
+                           const unsigned char *input,
+                           unsigned char *output);
 #endif /* MBEDTLS_CIPHER_MODE_CBC */
 
 /**
@@ -328,8 +327,8 @@
  *                 security risk. We recommend considering stronger ciphers
  *                 instead.
  */
-void mbedtls_des_setkey( uint32_t SK[32],
-                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
+void mbedtls_des_setkey(uint32_t SK[32],
+                        const unsigned char key[MBEDTLS_DES_KEY_SIZE]);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -338,7 +337,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_des_self_test( int verbose );
+int mbedtls_des_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/dhm.h b/include/mbedtls/dhm.h
index 32a957d..906f1c8 100644
--- a/include/mbedtls/dhm.h
+++ b/include/mbedtls/dhm.h
@@ -71,35 +71,35 @@
  * DHM Error codes
  */
 /** Bad input parameters. */
-#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA                    -0x3080
+#define MBEDTLS_ERR_DHM_BAD_INPUT_DATA -0x3080
 /** Reading of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED                -0x3100
+#define MBEDTLS_ERR_DHM_READ_PARAMS_FAILED -0x3100
 /** Making of the DHM parameters failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED                -0x3180
+#define MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED -0x3180
 /** Reading of the public values failed. */
-#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED                -0x3200
+#define MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED -0x3200
 /** Making of the public value failed. */
-#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED                -0x3280
+#define MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED -0x3280
 /** Calculation of the DHM secret failed. */
-#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED                -0x3300
+#define MBEDTLS_ERR_DHM_CALC_SECRET_FAILED -0x3300
 /** The ASN.1 data is not formatted correctly. */
-#define MBEDTLS_ERR_DHM_INVALID_FORMAT                    -0x3380
+#define MBEDTLS_ERR_DHM_INVALID_FORMAT -0x3380
 /** Allocation of memory failed. */
-#define MBEDTLS_ERR_DHM_ALLOC_FAILED                      -0x3400
+#define MBEDTLS_ERR_DHM_ALLOC_FAILED -0x3400
 /** Read or write of file failed. */
-#define MBEDTLS_ERR_DHM_FILE_IO_ERROR                     -0x3480
+#define MBEDTLS_ERR_DHM_FILE_IO_ERROR -0x3480
 /** Setting the modulus and generator failed. */
-#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED                  -0x3580
+#define MBEDTLS_ERR_DHM_SET_GROUP_FAILED -0x3580
 
 /** Which parameter to access in mbedtls_dhm_get_value(). */
 typedef enum
 {
-    MBEDTLS_DHM_PARAM_P,  /*!<  The prime modulus. */
-    MBEDTLS_DHM_PARAM_G,  /*!<  The generator. */
-    MBEDTLS_DHM_PARAM_X,  /*!<  Our secret value. */
+    MBEDTLS_DHM_PARAM_P, /*!<  The prime modulus. */
+    MBEDTLS_DHM_PARAM_G, /*!<  The generator. */
+    MBEDTLS_DHM_PARAM_X, /*!<  Our secret value. */
     MBEDTLS_DHM_PARAM_GX, /*!<  Our public key = \c G^X mod \c P. */
     MBEDTLS_DHM_PARAM_GY, /*!<  The public key of the peer = \c G^Y mod \c P. */
-    MBEDTLS_DHM_PARAM_K,  /*!<  The shared secret = \c G^(XY) mod \c P. */
+    MBEDTLS_DHM_PARAM_K, /*!<  The shared secret = \c G^(XY) mod \c P. */
 } mbedtls_dhm_parameter;
 
 #ifdef __cplusplus
@@ -111,23 +111,24 @@
 /**
  * \brief          The DHM context structure.
  */
-typedef struct mbedtls_dhm_context
-{
-    mbedtls_mpi MBEDTLS_PRIVATE(P);      /*!<  The prime modulus. */
-    mbedtls_mpi MBEDTLS_PRIVATE(G);      /*!<  The generator. */
-    mbedtls_mpi MBEDTLS_PRIVATE(X);      /*!<  Our secret value. */
-    mbedtls_mpi MBEDTLS_PRIVATE(GX);     /*!<  Our public key = \c G^X mod \c P. */
-    mbedtls_mpi MBEDTLS_PRIVATE(GY);     /*!<  The public key of the peer = \c G^Y mod \c P. */
-    mbedtls_mpi MBEDTLS_PRIVATE(K);      /*!<  The shared secret = \c G^(XY) mod \c P. */
-    mbedtls_mpi MBEDTLS_PRIVATE(RP);     /*!<  The cached value = \c R^2 mod \c P. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Vi);     /*!<  The blinding value. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Vf);     /*!<  The unblinding value. */
-    mbedtls_mpi MBEDTLS_PRIVATE(pX);     /*!<  The previous \c X. */
-}
-mbedtls_dhm_context;
+typedef struct mbedtls_dhm_context {
+    mbedtls_mpi MBEDTLS_PRIVATE(P); /*!<  The prime modulus. */
+    mbedtls_mpi MBEDTLS_PRIVATE(G); /*!<  The generator. */
+    mbedtls_mpi MBEDTLS_PRIVATE(X); /*!<  Our secret value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(GX); /*!<  Our public key = \c G^X mod \c P. */
+    mbedtls_mpi MBEDTLS_PRIVATE(GY); /*!<  The public key of the peer = \c G^Y
+                                        mod \c P. */
+    mbedtls_mpi MBEDTLS_PRIVATE(K); /*!<  The shared secret = \c G^(XY) mod \c
+                                       P. */
+    mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!<  The cached value = \c R^2 mod \c P.
+                                      */
+    mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!<  The blinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!<  The unblinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(pX); /*!<  The previous \c X. */
+} mbedtls_dhm_context;
 
 #else /* MBEDTLS_DHM_ALT */
-#include "dhm_alt.h"
+#    include "dhm_alt.h"
 #endif /* MBEDTLS_DHM_ALT */
 
 /**
@@ -135,7 +136,7 @@
  *
  * \param ctx      The DHM context to initialize.
  */
-void mbedtls_dhm_init( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_init(mbedtls_dhm_context *ctx);
 
 /**
  * \brief          This function parses the DHM parameters in a
@@ -159,9 +160,9 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_read_params( mbedtls_dhm_context *ctx,
-                             unsigned char **p,
-                             const unsigned char *end );
+int mbedtls_dhm_read_params(mbedtls_dhm_context *ctx,
+                            unsigned char **p,
+                            const unsigned char *end);
 
 /**
  * \brief          This function generates a DHM key pair and exports its
@@ -195,10 +196,12 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_dhm_make_params(mbedtls_dhm_context *ctx,
+                            int x_size,
+                            unsigned char *output,
+                            size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief          This function sets the prime modulus and generator.
@@ -215,9 +218,9 @@
  * \return         \c 0 if successful.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
-                           const mbedtls_mpi *P,
-                           const mbedtls_mpi *G );
+int mbedtls_dhm_set_group(mbedtls_dhm_context *ctx,
+                          const mbedtls_mpi *P,
+                          const mbedtls_mpi *G);
 
 /**
  * \brief          This function imports the raw public value of the peer.
@@ -235,8 +238,9 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
-                     const unsigned char *input, size_t ilen );
+int mbedtls_dhm_read_public(mbedtls_dhm_context *ctx,
+                            const unsigned char *input,
+                            size_t ilen);
 
 /**
  * \brief          This function creates a DHM key pair and exports
@@ -262,10 +266,12 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
-                     unsigned char *output, size_t olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_dhm_make_public(mbedtls_dhm_context *ctx,
+                            int x_size,
+                            unsigned char *output,
+                            size_t olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief          This function derives and exports the shared secret
@@ -293,10 +299,12 @@
  * \return              \c 0 on success.
  * \return              An \c MBEDTLS_ERR_DHM_XXX error code on failure.
  */
-int mbedtls_dhm_calc_secret( mbedtls_dhm_context *ctx,
-                     unsigned char *output, size_t output_size, size_t *olen,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_dhm_calc_secret(mbedtls_dhm_context *ctx,
+                            unsigned char *output,
+                            size_t output_size,
+                            size_t *olen,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief          This function returns the size of the prime modulus in bits.
@@ -306,7 +314,7 @@
  * \return         The size of the prime modulus in bits,
  *                 i.e. the number n such that 2^(n-1) <= P < 2^n.
  */
-size_t mbedtls_dhm_get_bitlen( const mbedtls_dhm_context *ctx );
+size_t mbedtls_dhm_get_bitlen(const mbedtls_dhm_context *ctx);
 
 /**
  * \brief          This function returns the size of the prime modulus in bytes.
@@ -316,7 +324,7 @@
  * \return         The size of the prime modulus in bytes,
  *                 i.e. the number n such that 2^(8*(n-1)) <= P < 2^(8*n).
  */
-size_t mbedtls_dhm_get_len( const mbedtls_dhm_context *ctx );
+size_t mbedtls_dhm_get_len(const mbedtls_dhm_context *ctx);
 
 /**
  * \brief          This function copies a parameter of a DHM key.
@@ -330,9 +338,9 @@
  * \return         #MBEDTLS_ERR_DHM_BAD_INPUT_DATA if \p field is invalid.
  * \return         An \c MBEDTLS_ERR_MPI_XXX error code if the copy fails.
  */
-int mbedtls_dhm_get_value( const mbedtls_dhm_context *ctx,
-                           mbedtls_dhm_parameter param,
-                           mbedtls_mpi *dest );
+int mbedtls_dhm_get_value(const mbedtls_dhm_context *ctx,
+                          mbedtls_dhm_parameter param,
+                          mbedtls_mpi *dest);
 
 /**
  * \brief          This function frees and clears the components
@@ -342,7 +350,7 @@
  *                 in which case this function is a no-op. If it is not \c NULL,
  *                 it must point to an initialized DHM context.
  */
-void mbedtls_dhm_free( mbedtls_dhm_context *ctx );
+void mbedtls_dhm_free(mbedtls_dhm_context *ctx);
 
 #if defined(MBEDTLS_ASN1_PARSE_C)
 /**
@@ -359,10 +367,11 @@
  * \return            An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX error
  *                    code on failure.
  */
-int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
-                           size_t dhminlen );
+int mbedtls_dhm_parse_dhm(mbedtls_dhm_context *dhm,
+                          const unsigned char *dhmin,
+                          size_t dhminlen);
 
-#if defined(MBEDTLS_FS_IO)
+#    if defined(MBEDTLS_FS_IO)
 /**
  * \brief          This function loads and parses DHM parameters from a file.
  *
@@ -375,8 +384,8 @@
  * \return         An \c MBEDTLS_ERR_DHM_XXX or \c MBEDTLS_ERR_PEM_XXX
  *                 error code on failure.
  */
-int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_dhm_parse_dhmfile(mbedtls_dhm_context *dhm, const char *path);
+#    endif /* MBEDTLS_FS_IO */
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -387,7 +396,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_dhm_self_test( int verbose );
+int mbedtls_dhm_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 #ifdef __cplusplus
@@ -402,7 +411,8 @@
  * through \c mbedtls_ssl_conf_dh_param.
  *
  * The following lists the source of the above groups in the standards:
- * - RFC 5114 section 2.2:  2048-bit MODP Group with 224-bit Prime Order Subgroup
+ * - RFC 5114 section 2.2:  2048-bit MODP Group with 224-bit Prime Order
+ * Subgroup
  * - RFC 3526 section 3:    2048-bit MODP Group
  * - RFC 3526 section 4:    3072-bit MODP Group
  * - RFC 3526 section 5:    4096-bit MODP Group
@@ -439,548 +449,452 @@
  * Trustworthy DHM parameters in binary form
  */
 
-#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-     0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-     0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-     0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-     0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-     0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-     0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-     0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-     0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-     0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-     0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-     0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-     0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-     0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-     0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-     0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-     0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-     0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-     0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-     0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-     0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-     0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-     0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-     0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-     0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-     0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-     0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-     0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-     0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-     0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_2048_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,     \
+            0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+            0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+            0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+            0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+            0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+            0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+            0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+            0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+            0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+            0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+            0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+            0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+            0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+            0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+            0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+            0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+            0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+            0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+            0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+            0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+            0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+            0x8E, 0x5A, 0x8A, 0xAC, 0xAA, 0x68, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+            0xFF, 0xFF, 0xFF                                                  \
+    }
 
-#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_2048_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34, \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6, \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A, \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5, \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33, \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D, \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, 0xD2, 0xCA, \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_3072_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,     \
+            0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+            0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+            0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+            0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+            0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+            0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+            0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+            0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+            0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+            0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+            0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+            0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+            0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+            0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+            0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+            0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+            0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+            0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+            0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+            0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+            0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+            0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, \
+            0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+            0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, \
+            0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, \
+            0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, \
+            0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, \
+            0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, \
+            0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, \
+            0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, \
+            0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+            0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, \
+            0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x3A, \
+            0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF        \
+    }
 
-#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_3072_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN  {       \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,  \
-    0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,  \
-    0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,  \
-    0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,  \
-    0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,  \
-    0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,  \
-    0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,  \
-    0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,  \
-    0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,  \
-    0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,  \
-    0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,  \
-    0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,  \
-    0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,  \
-    0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,  \
-    0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D,  \
-    0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05,  \
-    0x98, 0xDA, 0x48, 0x36, 0x1C, 0x55, 0xD3, 0x9A,  \
-    0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F,  \
-    0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96,  \
-    0x1C, 0x62, 0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB,  \
-    0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D,  \
-    0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04,  \
-    0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C,  \
-    0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B,  \
-    0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03,  \
-    0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F,  \
-    0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9,  \
-    0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18,  \
-    0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, 0xE5,  \
-    0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10,  \
-    0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D,  \
-    0xAD, 0x33, 0x17, 0x0D, 0x04, 0x50, 0x7A, 0x33,  \
-    0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64,  \
-    0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A,  \
-    0x8A, 0xEA, 0x71, 0x57, 0x5D, 0x06, 0x0C, 0x7D,  \
-    0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7,  \
-    0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7,  \
-    0x1E, 0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D,  \
-    0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B,  \
-    0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64,  \
-    0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64,  \
-    0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C,  \
-    0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C,  \
-    0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2,  \
-    0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31,  \
-    0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E,  \
-    0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, 0x08, 0x01,  \
-    0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7,  \
-    0x88, 0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26,  \
-    0x99, 0xC3, 0x27, 0x18, 0x6A, 0xF4, 0xE2, 0x3C,  \
-    0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, 0xDA,  \
-    0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8,  \
-    0xDB, 0xBB, 0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9,  \
-    0x2E, 0x8E, 0xFC, 0x14, 0x1F, 0xBE, 0xCA, 0xA6,  \
-    0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D,  \
-    0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2,  \
-    0x23, 0x3B, 0xA1, 0x86, 0x51, 0x5B, 0xE7, 0xED,  \
-    0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, 0xD7, 0xAF,  \
-    0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C,  \
-    0xD0, 0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9,  \
-    0x93, 0xB4, 0xEA, 0x98, 0x8D, 0x8F, 0xDD, 0xC1,  \
-    0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, 0x8F,  \
-    0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99,  \
-    0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC3526_MODP_4096_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA,     \
+            0xA2, 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, \
+            0x1C, 0xD1, 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, \
+            0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, \
+            0x8E, 0x34, 0x04, 0xDD, 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, \
+            0x1B, 0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, \
+            0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, 0xE4, 0x85, 0xB5, 0x76, 0x62, \
+            0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B, \
+            0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, 0xEE, 0x38, 0x6B, \
+            0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, \
+            0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, 0xC2, \
+            0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, \
+            0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, \
+            0x5F, 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, \
+            0xF3, 0x56, 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, \
+            0x96, 0x96, 0x6D, 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, \
+            0xF1, 0x74, 0x6C, 0x08, 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, \
+            0x46, 0x2E, 0x36, 0xCE, 0x3B, 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, \
+            0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, 0xEC, 0x07, 0xA2, 0x8F, 0xB5, \
+            0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, 0xDE, 0x2B, 0xCB, 0xF6, \
+            0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, 0xEA, 0x95, 0x6A, \
+            0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, 0x15, 0x72, \
+            0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, 0x04, \
+            0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, \
+            0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, \
+            0x57, 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, \
+            0xE4, 0xC7, 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, \
+            0x8C, 0x94, 0xE0, 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, \
+            0x1A, 0xD2, 0xEE, 0x6B, 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, \
+            0x64, 0xD8, 0x76, 0x02, 0x73, 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, \
+            0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, 0xBB, 0xE1, 0x17, 0x57, 0x7A, \
+            0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, 0xBA, 0xD9, 0x46, 0xE2, \
+            0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, 0x43, 0xDB, 0x5B, \
+            0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, 0xA9, 0x21, \
+            0x08, 0x01, 0x1A, 0x72, 0x3C, 0x12, 0xA7, 0x87, 0xE6, 0xD7, 0x88, \
+            0x71, 0x9A, 0x10, 0xBD, 0xBA, 0x5B, 0x26, 0x99, 0xC3, 0x27, 0x18, \
+            0x6A, 0xF4, 0xE2, 0x3C, 0x1A, 0x94, 0x68, 0x34, 0xB6, 0x15, 0x0B, \
+            0xDA, 0x25, 0x83, 0xE9, 0xCA, 0x2A, 0xD4, 0x4C, 0xE8, 0xDB, 0xBB, \
+            0xC2, 0xDB, 0x04, 0xDE, 0x8E, 0xF9, 0x2E, 0x8E, 0xFC, 0x14, 0x1F, \
+            0xBE, 0xCA, 0xA6, 0x28, 0x7C, 0x59, 0x47, 0x4E, 0x6B, 0xC0, 0x5D, \
+            0x99, 0xB2, 0x96, 0x4F, 0xA0, 0x90, 0xC3, 0xA2, 0x23, 0x3B, 0xA1, \
+            0x86, 0x51, 0x5B, 0xE7, 0xED, 0x1F, 0x61, 0x29, 0x70, 0xCE, 0xE2, \
+            0xD7, 0xAF, 0xB8, 0x1B, 0xDD, 0x76, 0x21, 0x70, 0x48, 0x1C, 0xD0, \
+            0x06, 0x91, 0x27, 0xD5, 0xB0, 0x5A, 0xA9, 0x93, 0xB4, 0xEA, 0x98, \
+            0x8D, 0x8F, 0xDD, 0xC1, 0x86, 0xFF, 0xB7, 0xDC, 0x90, 0xA6, 0xC0, \
+            0x8F, 0x4D, 0xF4, 0x35, 0xC9, 0x34, 0x06, 0x31, 0x99, 0xFF, 0xFF, \
+            0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF                                \
+    }
 
-#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC3526_MODP_4096_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, }
+#define MBEDTLS_DHM_RFC7919_FFDHE2048_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54,     \
+            0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+            0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+            0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+            0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+            0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+            0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+            0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+            0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+            0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+            0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+            0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+            0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+            0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+            0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+            0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+            0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+            0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+            0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+            0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+            0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+            0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+            0x42, 0x38, 0x61, 0x28, 0x5C, 0x97, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+            0xFF, 0xFF, 0xFF,                                                 \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE2048_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN { \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, 0x2E, 0x37, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE3072_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54,     \
+            0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+            0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+            0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+            0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+            0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+            0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+            0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+            0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+            0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+            0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+            0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+            0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+            0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+            0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+            0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+            0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+            0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+            0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+            0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+            0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+            0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+            0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+            0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+            0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+            0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+            0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+            0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+            0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+            0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+            0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+            0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+            0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+            0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0xC6, \
+            0x2E, 0x37, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF        \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE3072_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE4096_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54,     \
+            0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+            0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+            0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+            0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+            0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+            0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+            0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+            0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+            0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+            0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+            0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+            0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+            0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+            0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+            0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+            0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+            0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+            0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+            0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+            0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+            0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+            0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+            0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+            0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+            0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+            0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+            0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+            0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+            0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+            0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+            0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+            0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+            0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+            0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+            0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+            0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+            0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+            0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+            0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+            0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+            0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+            0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+            0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+            0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+            0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x65, 0x5F, 0x6A, 0xFF, 0xFF, \
+            0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE4096_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, 0x65, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE6144_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54,     \
+            0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+            0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+            0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+            0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+            0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+            0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+            0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+            0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+            0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+            0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+            0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+            0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+            0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+            0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+            0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+            0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+            0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+            0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+            0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+            0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+            0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+            0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+            0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+            0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+            0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+            0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+            0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+            0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+            0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+            0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+            0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+            0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+            0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+            0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+            0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+            0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+            0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+            0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+            0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+            0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+            0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+            0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+            0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+            0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+            0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, 0x0B, 0xFD, \
+            0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, 0x38, \
+            0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+            0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, \
+            0x64, 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, \
+            0x1C, 0x3A, 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, \
+            0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, \
+            0x4C, 0xFD, 0xB4, 0x77, 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, \
+            0x10, 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, \
+            0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, \
+            0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+            0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, 0x76, 0x3E, 0x4E, \
+            0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, \
+            0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, 0xB3, \
+            0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, \
+            0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, \
+            0x8C, 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, \
+            0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, \
+            0x54, 0x33, 0x8A, 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+            0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, \
+            0x10, 0xC6, 0x27, 0x2B, 0x04, 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, \
+            0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, 0x62, \
+            0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, 0xA4, 0x1D, 0x57, 0x0D, \
+            0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, 0xD0, 0xE4, 0x0E, \
+            0x65, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF              \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE6144_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN {        \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
-     0xAD, 0xF8, 0x54, 0x58, 0xA2, 0xBB, 0x4A, 0x9A, \
-     0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, 0x3C, 0xF1, \
-     0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, \
-     0xA9, 0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, \
-     0xCC, 0x93, 0x9D, 0xCE, 0x24, 0x9B, 0x3E, 0xF9, \
-     0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, 0xD8, \
-     0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, \
-     0xD3, 0xDF, 0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, \
-     0x24, 0x33, 0xF5, 0x1F, 0x5F, 0x06, 0x6E, 0xD0, \
-     0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
-     0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, \
-     0x98, 0x4F, 0x0C, 0x70, 0xE0, 0xE6, 0x8B, 0x77, \
-     0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, 0xE8, 0x72, \
-     0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, \
-     0x30, 0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, \
-     0xBC, 0x0A, 0xB1, 0x82, 0xB3, 0x24, 0xFB, 0x61, \
-     0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, 0xFB, \
-     0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, \
-     0x1D, 0x4F, 0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, \
-     0xAE, 0x56, 0xED, 0xE7, 0x63, 0x72, 0xBB, 0x19, \
-     0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
-     0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, \
-     0xC0, 0x34, 0x04, 0xCD, 0x28, 0x34, 0x2F, 0x61, \
-     0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, 0x83, 0xFF, \
-     0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, \
-     0xC3, 0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, \
-     0x3B, 0xB5, 0xFC, 0xBC, 0x2E, 0xC2, 0x20, 0x05, \
-     0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, 0xB2, \
-     0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, \
-     0x88, 0x6B, 0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, \
-     0xDE, 0x35, 0x5B, 0x3B, 0x65, 0x19, 0x03, 0x5B, \
-     0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
-     0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, \
-     0x7A, 0xD9, 0x1D, 0x26, 0x91, 0xF7, 0xF7, 0xEE, \
-     0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, 0xD9, 0x1C, \
-     0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, \
-     0xB4, 0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, \
-     0xF4, 0xFD, 0x44, 0x52, 0xE2, 0xD7, 0x4D, 0xD3, \
-     0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, 0xFF, \
-     0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, \
-     0xE8, 0x6D, 0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, \
-     0xAB, 0xC5, 0x21, 0x97, 0x9B, 0x0D, 0xEA, 0xDA, \
-     0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
-     0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, \
-     0x3C, 0x1B, 0x20, 0xEE, 0x3F, 0xD5, 0x9D, 0x7C, \
-     0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, 0x1E, 0xF1, \
-     0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, \
-     0x79, 0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, \
-     0xAC, 0x7D, 0x5F, 0x42, 0xD6, 0x9F, 0x6D, 0x18, \
-     0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, 0x04, \
-     0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, \
-     0x71, 0x35, 0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, \
-     0xED, 0x6A, 0x1E, 0x01, 0x2D, 0x9E, 0x68, 0x32, \
-     0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
-     0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, \
-     0x09, 0x29, 0x99, 0xA3, 0x33, 0xCB, 0x8B, 0x7A, \
-     0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, 0x00, 0x3C, \
-     0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, \
-     0x0A, 0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, \
-     0x8E, 0xC9, 0xB5, 0x5A, 0x7F, 0x88, 0xA4, 0x6B, \
-     0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, 0xE1, \
-     0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, \
-     0x0B, 0xFD, 0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, \
-     0x4E, 0x67, 0x7D, 0x2C, 0x38, 0x53, 0x2A, 0x3A, \
-     0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
-     0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, \
-     0x91, 0x7B, 0xDD, 0x64, 0xB1, 0xC0, 0xFD, 0x4C, \
-     0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, 0x1C, 0x3A, \
-     0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, \
-     0x9B, 0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, \
-     0x38, 0x81, 0x47, 0xFB, 0x4C, 0xFD, 0xB4, 0x77, \
-     0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, 0x10, \
-     0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, \
-     0xA0, 0x0E, 0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, \
-     0x0A, 0xBE, 0xC1, 0xFF, 0xF9, 0xE3, 0xA2, 0x6E, \
-     0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
-     0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, \
-     0x76, 0x3E, 0x4E, 0x4B, 0x94, 0xB2, 0xBB, 0xC1, \
-     0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, 0xF9, 0x92, \
-     0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, \
-     0xB3, 0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, \
-     0x0A, 0xE8, 0xDB, 0x58, 0x47, 0xA6, 0x7C, 0xBE, \
-     0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, 0x8C, \
-     0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, \
-     0x62, 0x29, 0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, \
-     0x50, 0x5D, 0xC8, 0x2D, 0xB8, 0x54, 0x33, 0x8A, \
-     0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
-     0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, \
-     0xEC, 0x9D, 0x18, 0x10, 0xC6, 0x27, 0x2B, 0x04, \
-     0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, 0x80, 0xD6, \
-     0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, \
-     0x62, 0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, \
-     0xA4, 0x1D, 0x57, 0x0D, 0x79, 0x38, 0xDA, 0xD4, \
-     0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, 0xAA, \
-     0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, \
-     0x1E, 0x42, 0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, \
-     0xFD, 0xB2, 0x3F, 0xCE, 0xC9, 0x50, 0x9D, 0x43, \
-     0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
-     0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, \
-     0x86, 0xB6, 0x31, 0x42, 0xA3, 0xAB, 0x88, 0x29, \
-     0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, 0x26, 0x65, \
-     0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, \
-     0x29, 0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, \
-     0x54, 0x50, 0x4A, 0xC7, 0x8B, 0x75, 0x82, 0x82, \
-     0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, 0x5C, \
-     0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, \
-     0x54, 0x1F, 0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, \
-     0xBB, 0x70, 0x99, 0x87, 0x6A, 0x46, 0x0E, 0x74, \
-     0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
-     0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, \
-     0x51, 0xAA, 0x69, 0x1E, 0x0E, 0x42, 0x3C, 0xFC, \
-     0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, 0x21, 0x7B, \
-     0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, \
-     0xD5, 0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, \
-     0xA1, 0xFE, 0x30, 0x75, 0xA5, 0x77, 0xE2, 0x31, \
-     0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, 0x57, \
-     0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, \
-     0xB6, 0x85, 0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, \
-     0xDE, 0xD2, 0xFB, 0xAB, 0xFB, 0xE5, 0x8A, 0x30, \
-     0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
-     0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, \
-     0xA6, 0xBB, 0xFD, 0xE5, 0x30, 0x67, 0x7F, 0x0D, \
-     0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, 0x44, 0x3D, \
-     0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, \
-     0x01, 0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, \
-     0xD6, 0x8C, 0x8B, 0xB7, 0xC5, 0xC6, 0x42, 0x4C, \
-     0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF }
+#define MBEDTLS_DHM_RFC7919_FFDHE8192_P_BIN                                   \
+    {                                                                         \
+        0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xAD, 0xF8, 0x54,     \
+            0x58, 0xA2, 0xBB, 0x4A, 0x9A, 0xAF, 0xDC, 0x56, 0x20, 0x27, 0x3D, \
+            0x3C, 0xF1, 0xD8, 0xB9, 0xC5, 0x83, 0xCE, 0x2D, 0x36, 0x95, 0xA9, \
+            0xE1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xFB, 0xCC, 0x93, 0x9D, 0xCE, \
+            0x24, 0x9B, 0x3E, 0xF9, 0x7D, 0x2F, 0xE3, 0x63, 0x63, 0x0C, 0x75, \
+            0xD8, 0xF6, 0x81, 0xB2, 0x02, 0xAE, 0xC4, 0x61, 0x7A, 0xD3, 0xDF, \
+            0x1E, 0xD5, 0xD5, 0xFD, 0x65, 0x61, 0x24, 0x33, 0xF5, 0x1F, 0x5F, \
+            0x06, 0x6E, 0xD0, 0x85, 0x63, 0x65, 0x55, 0x3D, 0xED, 0x1A, 0xF3, \
+            0xB5, 0x57, 0x13, 0x5E, 0x7F, 0x57, 0xC9, 0x35, 0x98, 0x4F, 0x0C, \
+            0x70, 0xE0, 0xE6, 0x8B, 0x77, 0xE2, 0xA6, 0x89, 0xDA, 0xF3, 0xEF, \
+            0xE8, 0x72, 0x1D, 0xF1, 0x58, 0xA1, 0x36, 0xAD, 0xE7, 0x35, 0x30, \
+            0xAC, 0xCA, 0x4F, 0x48, 0x3A, 0x79, 0x7A, 0xBC, 0x0A, 0xB1, 0x82, \
+            0xB3, 0x24, 0xFB, 0x61, 0xD1, 0x08, 0xA9, 0x4B, 0xB2, 0xC8, 0xE3, \
+            0xFB, 0xB9, 0x6A, 0xDA, 0xB7, 0x60, 0xD7, 0xF4, 0x68, 0x1D, 0x4F, \
+            0x42, 0xA3, 0xDE, 0x39, 0x4D, 0xF4, 0xAE, 0x56, 0xED, 0xE7, 0x63, \
+            0x72, 0xBB, 0x19, 0x0B, 0x07, 0xA7, 0xC8, 0xEE, 0x0A, 0x6D, 0x70, \
+            0x9E, 0x02, 0xFC, 0xE1, 0xCD, 0xF7, 0xE2, 0xEC, 0xC0, 0x34, 0x04, \
+            0xCD, 0x28, 0x34, 0x2F, 0x61, 0x91, 0x72, 0xFE, 0x9C, 0xE9, 0x85, \
+            0x83, 0xFF, 0x8E, 0x4F, 0x12, 0x32, 0xEE, 0xF2, 0x81, 0x83, 0xC3, \
+            0xFE, 0x3B, 0x1B, 0x4C, 0x6F, 0xAD, 0x73, 0x3B, 0xB5, 0xFC, 0xBC, \
+            0x2E, 0xC2, 0x20, 0x05, 0xC5, 0x8E, 0xF1, 0x83, 0x7D, 0x16, 0x83, \
+            0xB2, 0xC6, 0xF3, 0x4A, 0x26, 0xC1, 0xB2, 0xEF, 0xFA, 0x88, 0x6B, \
+            0x42, 0x38, 0x61, 0x1F, 0xCF, 0xDC, 0xDE, 0x35, 0x5B, 0x3B, 0x65, \
+            0x19, 0x03, 0x5B, 0xBC, 0x34, 0xF4, 0xDE, 0xF9, 0x9C, 0x02, 0x38, \
+            0x61, 0xB4, 0x6F, 0xC9, 0xD6, 0xE6, 0xC9, 0x07, 0x7A, 0xD9, 0x1D, \
+            0x26, 0x91, 0xF7, 0xF7, 0xEE, 0x59, 0x8C, 0xB0, 0xFA, 0xC1, 0x86, \
+            0xD9, 0x1C, 0xAE, 0xFE, 0x13, 0x09, 0x85, 0x13, 0x92, 0x70, 0xB4, \
+            0x13, 0x0C, 0x93, 0xBC, 0x43, 0x79, 0x44, 0xF4, 0xFD, 0x44, 0x52, \
+            0xE2, 0xD7, 0x4D, 0xD3, 0x64, 0xF2, 0xE2, 0x1E, 0x71, 0xF5, 0x4B, \
+            0xFF, 0x5C, 0xAE, 0x82, 0xAB, 0x9C, 0x9D, 0xF6, 0x9E, 0xE8, 0x6D, \
+            0x2B, 0xC5, 0x22, 0x36, 0x3A, 0x0D, 0xAB, 0xC5, 0x21, 0x97, 0x9B, \
+            0x0D, 0xEA, 0xDA, 0x1D, 0xBF, 0x9A, 0x42, 0xD5, 0xC4, 0x48, 0x4E, \
+            0x0A, 0xBC, 0xD0, 0x6B, 0xFA, 0x53, 0xDD, 0xEF, 0x3C, 0x1B, 0x20, \
+            0xEE, 0x3F, 0xD5, 0x9D, 0x7C, 0x25, 0xE4, 0x1D, 0x2B, 0x66, 0x9E, \
+            0x1E, 0xF1, 0x6E, 0x6F, 0x52, 0xC3, 0x16, 0x4D, 0xF4, 0xFB, 0x79, \
+            0x30, 0xE9, 0xE4, 0xE5, 0x88, 0x57, 0xB6, 0xAC, 0x7D, 0x5F, 0x42, \
+            0xD6, 0x9F, 0x6D, 0x18, 0x77, 0x63, 0xCF, 0x1D, 0x55, 0x03, 0x40, \
+            0x04, 0x87, 0xF5, 0x5B, 0xA5, 0x7E, 0x31, 0xCC, 0x7A, 0x71, 0x35, \
+            0xC8, 0x86, 0xEF, 0xB4, 0x31, 0x8A, 0xED, 0x6A, 0x1E, 0x01, 0x2D, \
+            0x9E, 0x68, 0x32, 0xA9, 0x07, 0x60, 0x0A, 0x91, 0x81, 0x30, 0xC4, \
+            0x6D, 0xC7, 0x78, 0xF9, 0x71, 0xAD, 0x00, 0x38, 0x09, 0x29, 0x99, \
+            0xA3, 0x33, 0xCB, 0x8B, 0x7A, 0x1A, 0x1D, 0xB9, 0x3D, 0x71, 0x40, \
+            0x00, 0x3C, 0x2A, 0x4E, 0xCE, 0xA9, 0xF9, 0x8D, 0x0A, 0xCC, 0x0A, \
+            0x82, 0x91, 0xCD, 0xCE, 0xC9, 0x7D, 0xCF, 0x8E, 0xC9, 0xB5, 0x5A, \
+            0x7F, 0x88, 0xA4, 0x6B, 0x4D, 0xB5, 0xA8, 0x51, 0xF4, 0x41, 0x82, \
+            0xE1, 0xC6, 0x8A, 0x00, 0x7E, 0x5E, 0x0D, 0xD9, 0x02, 0x0B, 0xFD, \
+            0x64, 0xB6, 0x45, 0x03, 0x6C, 0x7A, 0x4E, 0x67, 0x7D, 0x2C, 0x38, \
+            0x53, 0x2A, 0x3A, 0x23, 0xBA, 0x44, 0x42, 0xCA, 0xF5, 0x3E, 0xA6, \
+            0x3B, 0xB4, 0x54, 0x32, 0x9B, 0x76, 0x24, 0xC8, 0x91, 0x7B, 0xDD, \
+            0x64, 0xB1, 0xC0, 0xFD, 0x4C, 0xB3, 0x8E, 0x8C, 0x33, 0x4C, 0x70, \
+            0x1C, 0x3A, 0xCD, 0xAD, 0x06, 0x57, 0xFC, 0xCF, 0xEC, 0x71, 0x9B, \
+            0x1F, 0x5C, 0x3E, 0x4E, 0x46, 0x04, 0x1F, 0x38, 0x81, 0x47, 0xFB, \
+            0x4C, 0xFD, 0xB4, 0x77, 0xA5, 0x24, 0x71, 0xF7, 0xA9, 0xA9, 0x69, \
+            0x10, 0xB8, 0x55, 0x32, 0x2E, 0xDB, 0x63, 0x40, 0xD8, 0xA0, 0x0E, \
+            0xF0, 0x92, 0x35, 0x05, 0x11, 0xE3, 0x0A, 0xBE, 0xC1, 0xFF, 0xF9, \
+            0xE3, 0xA2, 0x6E, 0x7F, 0xB2, 0x9F, 0x8C, 0x18, 0x30, 0x23, 0xC3, \
+            0x58, 0x7E, 0x38, 0xDA, 0x00, 0x77, 0xD9, 0xB4, 0x76, 0x3E, 0x4E, \
+            0x4B, 0x94, 0xB2, 0xBB, 0xC1, 0x94, 0xC6, 0x65, 0x1E, 0x77, 0xCA, \
+            0xF9, 0x92, 0xEE, 0xAA, 0xC0, 0x23, 0x2A, 0x28, 0x1B, 0xF6, 0xB3, \
+            0xA7, 0x39, 0xC1, 0x22, 0x61, 0x16, 0x82, 0x0A, 0xE8, 0xDB, 0x58, \
+            0x47, 0xA6, 0x7C, 0xBE, 0xF9, 0xC9, 0x09, 0x1B, 0x46, 0x2D, 0x53, \
+            0x8C, 0xD7, 0x2B, 0x03, 0x74, 0x6A, 0xE7, 0x7F, 0x5E, 0x62, 0x29, \
+            0x2C, 0x31, 0x15, 0x62, 0xA8, 0x46, 0x50, 0x5D, 0xC8, 0x2D, 0xB8, \
+            0x54, 0x33, 0x8A, 0xE4, 0x9F, 0x52, 0x35, 0xC9, 0x5B, 0x91, 0x17, \
+            0x8C, 0xCF, 0x2D, 0xD5, 0xCA, 0xCE, 0xF4, 0x03, 0xEC, 0x9D, 0x18, \
+            0x10, 0xC6, 0x27, 0x2B, 0x04, 0x5B, 0x3B, 0x71, 0xF9, 0xDC, 0x6B, \
+            0x80, 0xD6, 0x3F, 0xDD, 0x4A, 0x8E, 0x9A, 0xDB, 0x1E, 0x69, 0x62, \
+            0xA6, 0x95, 0x26, 0xD4, 0x31, 0x61, 0xC1, 0xA4, 0x1D, 0x57, 0x0D, \
+            0x79, 0x38, 0xDA, 0xD4, 0xA4, 0x0E, 0x32, 0x9C, 0xCF, 0xF4, 0x6A, \
+            0xAA, 0x36, 0xAD, 0x00, 0x4C, 0xF6, 0x00, 0xC8, 0x38, 0x1E, 0x42, \
+            0x5A, 0x31, 0xD9, 0x51, 0xAE, 0x64, 0xFD, 0xB2, 0x3F, 0xCE, 0xC9, \
+            0x50, 0x9D, 0x43, 0x68, 0x7F, 0xEB, 0x69, 0xED, 0xD1, 0xCC, 0x5E, \
+            0x0B, 0x8C, 0xC3, 0xBD, 0xF6, 0x4B, 0x10, 0xEF, 0x86, 0xB6, 0x31, \
+            0x42, 0xA3, 0xAB, 0x88, 0x29, 0x55, 0x5B, 0x2F, 0x74, 0x7C, 0x93, \
+            0x26, 0x65, 0xCB, 0x2C, 0x0F, 0x1C, 0xC0, 0x1B, 0xD7, 0x02, 0x29, \
+            0x38, 0x88, 0x39, 0xD2, 0xAF, 0x05, 0xE4, 0x54, 0x50, 0x4A, 0xC7, \
+            0x8B, 0x75, 0x82, 0x82, 0x28, 0x46, 0xC0, 0xBA, 0x35, 0xC3, 0x5F, \
+            0x5C, 0x59, 0x16, 0x0C, 0xC0, 0x46, 0xFD, 0x82, 0x51, 0x54, 0x1F, \
+            0xC6, 0x8C, 0x9C, 0x86, 0xB0, 0x22, 0xBB, 0x70, 0x99, 0x87, 0x6A, \
+            0x46, 0x0E, 0x74, 0x51, 0xA8, 0xA9, 0x31, 0x09, 0x70, 0x3F, 0xEE, \
+            0x1C, 0x21, 0x7E, 0x6C, 0x38, 0x26, 0xE5, 0x2C, 0x51, 0xAA, 0x69, \
+            0x1E, 0x0E, 0x42, 0x3C, 0xFC, 0x99, 0xE9, 0xE3, 0x16, 0x50, 0xC1, \
+            0x21, 0x7B, 0x62, 0x48, 0x16, 0xCD, 0xAD, 0x9A, 0x95, 0xF9, 0xD5, \
+            0xB8, 0x01, 0x94, 0x88, 0xD9, 0xC0, 0xA0, 0xA1, 0xFE, 0x30, 0x75, \
+            0xA5, 0x77, 0xE2, 0x31, 0x83, 0xF8, 0x1D, 0x4A, 0x3F, 0x2F, 0xA4, \
+            0x57, 0x1E, 0xFC, 0x8C, 0xE0, 0xBA, 0x8A, 0x4F, 0xE8, 0xB6, 0x85, \
+            0x5D, 0xFE, 0x72, 0xB0, 0xA6, 0x6E, 0xDE, 0xD2, 0xFB, 0xAB, 0xFB, \
+            0xE5, 0x8A, 0x30, 0xFA, 0xFA, 0xBE, 0x1C, 0x5D, 0x71, 0xA8, 0x7E, \
+            0x2F, 0x74, 0x1E, 0xF8, 0xC1, 0xFE, 0x86, 0xFE, 0xA6, 0xBB, 0xFD, \
+            0xE5, 0x30, 0x67, 0x7F, 0x0D, 0x97, 0xD1, 0x1D, 0x49, 0xF7, 0xA8, \
+            0x44, 0x3D, 0x08, 0x22, 0xE5, 0x06, 0xA9, 0xF4, 0x61, 0x4E, 0x01, \
+            0x1E, 0x2A, 0x94, 0x83, 0x8F, 0xF8, 0x8C, 0xD6, 0x8C, 0x8B, 0xB7, \
+            0xC5, 0xC6, 0x42, 0x4C, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, \
+            0xFF                                                              \
+    }
 
-#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN { 0x02 }
+#define MBEDTLS_DHM_RFC7919_FFDHE8192_G_BIN \
+    {                                       \
+        0x02                                \
+    }
 
 #endif /* dhm.h */
diff --git a/include/mbedtls/ecdh.h b/include/mbedtls/ecdh.h
index 7fa7440..d1d8484 100644
--- a/include/mbedtls/ecdh.h
+++ b/include/mbedtls/ecdh.h
@@ -51,14 +51,14 @@
  */
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
-#define MBEDTLS_ECDH_LEGACY_CONTEXT
+#    define MBEDTLS_ECDH_LEGACY_CONTEXT
 #else
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
+#    undef MBEDTLS_ECDH_LEGACY_CONTEXT
 #endif
 
 #if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-#undef MBEDTLS_ECDH_LEGACY_CONTEXT
-#include "everest/everest.h"
+#    undef MBEDTLS_ECDH_LEGACY_CONTEXT
+#    include "everest/everest.h"
 #endif
 
 #ifdef __cplusplus
@@ -70,7 +70,7 @@
  */
 typedef enum
 {
-    MBEDTLS_ECDH_OURS,   /**< Our key. */
+    MBEDTLS_ECDH_OURS, /**< Our key. */
     MBEDTLS_ECDH_THEIRS, /**< The key of the peer. */
 } mbedtls_ecdh_side;
 
@@ -83,11 +83,12 @@
  */
 typedef enum
 {
-    MBEDTLS_ECDH_VARIANT_NONE = 0,   /*!< Implementation not defined. */
-    MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0,/*!< The default Mbed TLS implementation */
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
-    MBEDTLS_ECDH_VARIANT_EVEREST     /*!< Everest implementation */
-#endif
+    MBEDTLS_ECDH_VARIANT_NONE = 0, /*!< Implementation not defined. */
+    MBEDTLS_ECDH_VARIANT_MBEDTLS_2_0, /*!< The default Mbed TLS implementation
+                                       */
+#    if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+    MBEDTLS_ECDH_VARIANT_EVEREST /*!< Everest implementation */
+#    endif
 } mbedtls_ecdh_variant;
 
 /**
@@ -97,16 +98,17 @@
  * should not make any assumptions about the structure of
  * mbedtls_ecdh_context_mbed.
  */
-typedef struct mbedtls_ecdh_context_mbed
-{
-    mbedtls_ecp_group MBEDTLS_PRIVATE(grp);   /*!< The elliptic curve used. */
-    mbedtls_mpi MBEDTLS_PRIVATE(d);           /*!< The private key. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Q);     /*!< The public key. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Qp);    /*!< The value of the public key of the peer. */
-    mbedtls_mpi MBEDTLS_PRIVATE(z);           /*!< The shared secret. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif
+typedef struct mbedtls_ecdh_context_mbed {
+    mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+    mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
+                                              the peer. */
+    mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+#    if defined(MBEDTLS_ECP_RESTARTABLE)
+    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
+                                                    computations. */
+#    endif
 } mbedtls_ecdh_context_mbed;
 #endif
 
@@ -117,46 +119,49 @@
  *                  should not be shared between multiple threads.
  * \brief           The ECDH context structure.
  */
-typedef struct mbedtls_ecdh_context
-{
+typedef struct mbedtls_ecdh_context {
 #if defined(MBEDTLS_ECDH_LEGACY_CONTEXT)
-    mbedtls_ecp_group MBEDTLS_PRIVATE(grp);   /*!< The elliptic curve used. */
-    mbedtls_mpi MBEDTLS_PRIVATE(d);           /*!< The private key. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Q);     /*!< The public key. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Qp);    /*!< The value of the public key of the peer. */
-    mbedtls_mpi MBEDTLS_PRIVATE(z);           /*!< The shared secret. */
-    int MBEDTLS_PRIVATE(point_format);        /*!< The format of point export in TLS messages. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Vi);    /*!< The blinding value. */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Vf);    /*!< The unblinding value. */
-    mbedtls_mpi MBEDTLS_PRIVATE(_d);          /*!< The previous \p d. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    int MBEDTLS_PRIVATE(restart_enabled);        /*!< The flag for restartable mode. */
-    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC computations. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
+    mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!< The elliptic curve used. */
+    mbedtls_mpi MBEDTLS_PRIVATE(d); /*!< The private key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!< The public key. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Qp); /*!< The value of the public key of
+                                              the peer. */
+    mbedtls_mpi MBEDTLS_PRIVATE(z); /*!< The shared secret. */
+    int MBEDTLS_PRIVATE(point_format); /*!< The format of point export in TLS
+                                          messages. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Vi); /*!< The blinding value. */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Vf); /*!< The unblinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(_d); /*!< The previous \p d. */
+#    if defined(MBEDTLS_ECP_RESTARTABLE)
+    int MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable mode. */
+    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(rs); /*!< The restart context for EC
+                                                    computations. */
+#    endif /* MBEDTLS_ECP_RESTARTABLE */
 #else
-    uint8_t MBEDTLS_PRIVATE(point_format);       /*!< The format of point export in TLS messages
-                                  as defined in RFC 4492. */
-    mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);/*!< The elliptic curve used. */
-    mbedtls_ecdh_variant MBEDTLS_PRIVATE(var);   /*!< The ECDH implementation/structure used. */
-    union
-    {
-        mbedtls_ecdh_context_mbed   MBEDTLS_PRIVATE(mbed_ecdh);
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+    uint8_t MBEDTLS_PRIVATE(point_format); /*!< The format of point export in
+                            TLS messages as defined in RFC 4492. */
+    mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< The elliptic curve used.
+                                                   */
+    mbedtls_ecdh_variant MBEDTLS_PRIVATE(var); /*!< The ECDH
+                                                  implementation/structure used.
+                                                */
+    union {
+        mbedtls_ecdh_context_mbed MBEDTLS_PRIVATE(mbed_ecdh);
+#    if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
         mbedtls_ecdh_context_everest MBEDTLS_PRIVATE(everest_ecdh);
-#endif
-    } MBEDTLS_PRIVATE(ctx);                      /*!< Implementation-specific context. The
-                                  context in use is specified by the \c var
-                                  field. */
-#if defined(MBEDTLS_ECP_RESTARTABLE)
-    uint8_t MBEDTLS_PRIVATE(restart_enabled);    /*!< The flag for restartable mode. Functions of
-                                  an alternative implementation not supporting
-                                  restartable mode must return
-                                  MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
-                                  if this flag is set. */
-#endif /* MBEDTLS_ECP_RESTARTABLE */
+#    endif
+    } MBEDTLS_PRIVATE(ctx); /*!< Implementation-specific context. The
+             context in use is specified by the \c var
+             field. */
+#    if defined(MBEDTLS_ECP_RESTARTABLE)
+    uint8_t MBEDTLS_PRIVATE(restart_enabled); /*!< The flag for restartable
+                               mode. Functions of an alternative implementation
+                               not supporting restartable mode must return
+                               MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED error
+                               if this flag is set. */
+#    endif /* MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_ECDH_LEGACY_CONTEXT */
-}
-mbedtls_ecdh_context;
+} mbedtls_ecdh_context;
 
 /**
  * \brief          Check whether a given group can be used for ECDH.
@@ -165,7 +170,7 @@
  *
  * \return         \c 1 if the group can be used, \c 0 otherwise
  */
-int mbedtls_ecdh_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdh_can_do(mbedtls_ecp_group_id gid);
 
 /**
  * \brief           This function generates an ECDH keypair on an elliptic
@@ -192,9 +197,11 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or
  *                  \c MBEDTLS_MPI_XXX error code on failure.
  */
-int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_ecdh_gen_public(mbedtls_ecp_group *grp,
+                            mbedtls_mpi *d,
+                            mbedtls_ecp_point *Q,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief           This function computes the shared secret.
@@ -227,17 +234,19 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or
  *                  \c MBEDTLS_MPI_XXX error code on failure.
  */
-int mbedtls_ecdh_compute_shared( mbedtls_ecp_group *grp, mbedtls_mpi *z,
-                         const mbedtls_ecp_point *Q, const mbedtls_mpi *d,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
+int mbedtls_ecdh_compute_shared(mbedtls_ecp_group *grp,
+                                mbedtls_mpi *z,
+                                const mbedtls_ecp_point *Q,
+                                const mbedtls_mpi *d,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng);
 
 /**
  * \brief           This function initializes an ECDH context.
  *
  * \param ctx       The ECDH context to initialize. This must not be \c NULL.
  */
-void mbedtls_ecdh_init( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_init(mbedtls_ecdh_context *ctx);
 
 /**
  * \brief           This function sets up the ECDH context with the information
@@ -255,8 +264,7 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_ecdh_setup( mbedtls_ecdh_context *ctx,
-                        mbedtls_ecp_group_id grp_id );
+int mbedtls_ecdh_setup(mbedtls_ecdh_context *ctx, mbedtls_ecp_group_id grp_id);
 
 /**
  * \brief           This function frees a context.
@@ -265,7 +273,7 @@
  *                  case this function does nothing. If it is not \c NULL,
  *                  it must point to an initialized ECDH context.
  */
-void mbedtls_ecdh_free( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_free(mbedtls_ecdh_context *ctx);
 
 /**
  * \brief           This function generates an EC key pair and exports its
@@ -292,10 +300,12 @@
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_ecdh_make_params( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
+int mbedtls_ecdh_make_params(mbedtls_ecdh_context *ctx,
+                             size_t *olen,
+                             unsigned char *buf,
+                             size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 
 /**
  * \brief           This function parses the ECDHE parameters in a
@@ -321,9 +331,9 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_ecdh_read_params( mbedtls_ecdh_context *ctx,
-                              const unsigned char **buf,
-                              const unsigned char *end );
+int mbedtls_ecdh_read_params(mbedtls_ecdh_context *ctx,
+                             const unsigned char **buf,
+                             const unsigned char *end);
 
 /**
  * \brief           This function sets up an ECDH context from an EC key.
@@ -344,9 +354,9 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
  *
  */
-int mbedtls_ecdh_get_params( mbedtls_ecdh_context *ctx,
-                             const mbedtls_ecp_keypair *key,
-                             mbedtls_ecdh_side side );
+int mbedtls_ecdh_get_params(mbedtls_ecdh_context *ctx,
+                            const mbedtls_ecp_keypair *key,
+                            mbedtls_ecdh_side side);
 
 /**
  * \brief           This function generates a public key and exports it
@@ -374,10 +384,12 @@
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_ecdh_make_public( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
+int mbedtls_ecdh_make_public(mbedtls_ecdh_context *ctx,
+                             size_t *olen,
+                             unsigned char *buf,
+                             size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 
 /**
  * \brief       This function parses and processes the ECDHE payload of a
@@ -398,8 +410,9 @@
  * \return      \c 0 on success.
  * \return      An \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_ecdh_read_public( mbedtls_ecdh_context *ctx,
-                              const unsigned char *buf, size_t blen );
+int mbedtls_ecdh_read_public(mbedtls_ecdh_context *ctx,
+                             const unsigned char *buf,
+                             size_t blen);
 
 /**
  * \brief           This function derives and exports the shared secret.
@@ -430,10 +443,12 @@
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  * \return          Another \c MBEDTLS_ERR_ECP_XXX error code on failure.
  */
-int mbedtls_ecdh_calc_secret( mbedtls_ecdh_context *ctx, size_t *olen,
-                      unsigned char *buf, size_t blen,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
+int mbedtls_ecdh_calc_secret(mbedtls_ecdh_context *ctx,
+                             size_t *olen,
+                             unsigned char *buf,
+                             size_t blen,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
@@ -448,7 +463,7 @@
  *
  * \param ctx       The ECDH context to use. This must be initialized.
  */
-void mbedtls_ecdh_enable_restart( mbedtls_ecdh_context *ctx );
+void mbedtls_ecdh_enable_restart(mbedtls_ecdh_context *ctx);
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index 71b73ee..f5f2207 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -53,13 +53,13 @@
  *
  * For each of r and s, the value (V) may include an extra initial "0" bit.
  */
-#define MBEDTLS_ECDSA_MAX_SIG_LEN( bits )                               \
-    ( /*T,L of SEQUENCE*/ ( ( bits ) >= 61 * 8 ? 3 : 2 ) +              \
-      /*T,L of r,s*/        2 * ( ( ( bits ) >= 127 * 8 ? 3 : 2 ) +     \
-      /*V of r,s*/                ( ( bits ) + 8 ) / 8 ) )
+#define MBEDTLS_ECDSA_MAX_SIG_LEN(bits)               \
+    (/*T,L of SEQUENCE*/ ((bits) >= 61 * 8 ? 3 : 2) + \
+     /*T,L of r,s*/ 2 *                               \
+         (((bits) >= 127 * 8 ? 3 : 2) + /*V of r,s*/ ((bits) + 8) / 8))
 
 /** The maximal size of an ECDSA signature in Bytes. */
-#define MBEDTLS_ECDSA_MAX_LEN  MBEDTLS_ECDSA_MAX_SIG_LEN( MBEDTLS_ECP_MAX_BITS )
+#define MBEDTLS_ECDSA_MAX_LEN MBEDTLS_ECDSA_MAX_SIG_LEN(MBEDTLS_ECP_MAX_BITS)
 
 #ifdef __cplusplus
 extern "C" {
@@ -90,27 +90,29 @@
  */
 typedef struct mbedtls_ecdsa_restart_sig mbedtls_ecdsa_restart_sig_ctx;
 
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+#    if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /**
  * \brief           Internal restart context for ecdsa_sign_det()
  *
  * \note            Opaque struct, defined in ecdsa.c
  */
 typedef struct mbedtls_ecdsa_restart_det mbedtls_ecdsa_restart_det_ctx;
-#endif
+#    endif
 
 /**
  * \brief           General context for resuming ECDSA operations
  */
-typedef struct
-{
-    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp);        /*!<  base context for ECP restart and
-                                              shared administrative info    */
-    mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!<  ecdsa_verify() sub-context    */
-    mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!<  ecdsa_sign() sub-context      */
-#if defined(MBEDTLS_ECDSA_DETERMINISTIC)
-    mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!<  ecdsa_sign_det() sub-context  */
-#endif
+typedef struct {
+    mbedtls_ecp_restart_ctx MBEDTLS_PRIVATE(ecp); /*!<  base context for ECP
+                                       restart and shared administrative info */
+    mbedtls_ecdsa_restart_ver_ctx *MBEDTLS_PRIVATE(ver); /*!<  ecdsa_verify()
+                                                            sub-context    */
+    mbedtls_ecdsa_restart_sig_ctx *MBEDTLS_PRIVATE(sig); /*!<  ecdsa_sign()
+                                                            sub-context      */
+#    if defined(MBEDTLS_ECDSA_DETERMINISTIC)
+    mbedtls_ecdsa_restart_det_ctx *MBEDTLS_PRIVATE(det); /*!<  ecdsa_sign_det()
+                                                            sub-context  */
+#    endif
 } mbedtls_ecdsa_restart_ctx;
 
 #else /* MBEDTLS_ECP_RESTARTABLE */
@@ -128,7 +130,7 @@
  *
  * \return         \c 1 if the group can be used, \c 0 otherwise
  */
-int mbedtls_ecdsa_can_do( mbedtls_ecp_group_id gid );
+int mbedtls_ecdsa_can_do(mbedtls_ecp_group_id gid);
 
 /**
  * \brief           This function computes the ECDSA signature of a
@@ -166,9 +168,14 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX
  *                  or \c MBEDTLS_MPI_XXX error code on failure.
  */
-int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
-                const mbedtls_mpi *d, const unsigned char *buf, size_t blen,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_sign(mbedtls_ecp_group *grp,
+                       mbedtls_mpi *r,
+                       mbedtls_mpi *s,
+                       const mbedtls_mpi *d,
+                       const unsigned char *buf,
+                       size_t blen,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng);
 
 #if defined(MBEDTLS_ECDSA_DETERMINISTIC)
 /**
@@ -210,12 +217,17 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
  *                  error code on failure.
  */
-int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
-                            mbedtls_mpi *s, const mbedtls_mpi *d,
-                            const unsigned char *buf, size_t blen,
-                            mbedtls_md_type_t md_alg,
-                            int (*f_rng_blind)(void *, unsigned char *, size_t),
-                            void *p_rng_blind );
+int mbedtls_ecdsa_sign_det_ext(mbedtls_ecp_group *grp,
+                               mbedtls_mpi *r,
+                               mbedtls_mpi *s,
+                               const mbedtls_mpi *d,
+                               const unsigned char *buf,
+                               size_t blen,
+                               mbedtls_md_type_t md_alg,
+                               int (*f_rng_blind)(void *,
+                                                  unsigned char *,
+                                                  size_t),
+                               void *p_rng_blind);
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 
 /**
@@ -250,10 +262,12 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
  *                  error code on failure for any other reason.
  */
-int mbedtls_ecdsa_verify( mbedtls_ecp_group *grp,
-                          const unsigned char *buf, size_t blen,
-                          const mbedtls_ecp_point *Q, const mbedtls_mpi *r,
-                          const mbedtls_mpi *s);
+int mbedtls_ecdsa_verify(mbedtls_ecp_group *grp,
+                         const unsigned char *buf,
+                         size_t blen,
+                         const mbedtls_ecp_point *Q,
+                         const mbedtls_mpi *r,
+                         const mbedtls_mpi *s);
 
 /**
  * \brief           This function computes the ECDSA signature and writes it
@@ -304,12 +318,15 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
  *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_ecdsa_write_signature( mbedtls_ecdsa_context *ctx,
-                                   mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t sig_size, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng );
+int mbedtls_ecdsa_write_signature(mbedtls_ecdsa_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  const unsigned char *hash,
+                                  size_t hlen,
+                                  unsigned char *sig,
+                                  size_t sig_size,
+                                  size_t *slen,
+                                  int (*f_rng)(void *, unsigned char *, size_t),
+                                  void *p_rng);
 
 /**
  * \brief           This function computes the ECDSA signature and writes it
@@ -351,13 +368,17 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX, \c MBEDTLS_ERR_MPI_XXX or
  *                  \c MBEDTLS_ERR_ASN1_XXX error code on failure.
  */
-int mbedtls_ecdsa_write_signature_restartable( mbedtls_ecdsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           const unsigned char *hash, size_t hlen,
-                           unsigned char *sig, size_t sig_size, size_t *slen,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng,
-                           mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_write_signature_restartable(
+    mbedtls_ecdsa_context *ctx,
+    mbedtls_md_type_t md_alg,
+    const unsigned char *hash,
+    size_t hlen,
+    unsigned char *sig,
+    size_t sig_size,
+    size_t *slen,
+    int (*f_rng)(void *, unsigned char *, size_t),
+    void *p_rng,
+    mbedtls_ecdsa_restart_ctx *rs_ctx);
 
 /**
  * \brief           This function reads and verifies an ECDSA signature.
@@ -386,9 +407,11 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
  *                  error code on failure for any other reason.
  */
-int mbedtls_ecdsa_read_signature( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen );
+int mbedtls_ecdsa_read_signature(mbedtls_ecdsa_context *ctx,
+                                 const unsigned char *hash,
+                                 size_t hlen,
+                                 const unsigned char *sig,
+                                 size_t slen);
 
 /**
  * \brief           This function reads and verifies an ECDSA signature,
@@ -421,10 +444,12 @@
  * \return          Another \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_ERR_MPI_XXX
  *                  error code on failure for any other reason.
  */
-int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
-                          const unsigned char *hash, size_t hlen,
-                          const unsigned char *sig, size_t slen,
-                          mbedtls_ecdsa_restart_ctx *rs_ctx );
+int mbedtls_ecdsa_read_signature_restartable(mbedtls_ecdsa_context *ctx,
+                                             const unsigned char *hash,
+                                             size_t hlen,
+                                             const unsigned char *sig,
+                                             size_t slen,
+                                             mbedtls_ecdsa_restart_ctx *rs_ctx);
 
 /**
  * \brief          This function generates an ECDSA keypair on the given curve.
@@ -442,8 +467,10 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_ECP_XXX code on failure.
  */
-int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecdsa_genkey(mbedtls_ecdsa_context *ctx,
+                         mbedtls_ecp_group_id gid,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng);
 
 /**
  * \brief           This function sets up an ECDSA context from an EC key pair.
@@ -460,8 +487,8 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_ECP_XXX code on failure.
  */
-int mbedtls_ecdsa_from_keypair( mbedtls_ecdsa_context *ctx,
-                                const mbedtls_ecp_keypair *key );
+int mbedtls_ecdsa_from_keypair(mbedtls_ecdsa_context *ctx,
+                               const mbedtls_ecp_keypair *key);
 
 /**
  * \brief           This function initializes an ECDSA context.
@@ -469,7 +496,7 @@
  * \param ctx       The ECDSA context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_ecdsa_init( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_init(mbedtls_ecdsa_context *ctx);
 
 /**
  * \brief           This function frees an ECDSA context.
@@ -478,7 +505,7 @@
  *                  in which case this function does nothing. If it
  *                  is not \c NULL, it must be initialized.
  */
-void mbedtls_ecdsa_free( mbedtls_ecdsa_context *ctx );
+void mbedtls_ecdsa_free(mbedtls_ecdsa_context *ctx);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
@@ -487,7 +514,7 @@
  * \param ctx       The restart context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_ecdsa_restart_init( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_init(mbedtls_ecdsa_restart_ctx *ctx);
 
 /**
  * \brief           Free the components of a restart context.
@@ -496,7 +523,7 @@
  *                  in which case this function does nothing. If it
  *                  is not \c NULL, it must be initialized.
  */
-void mbedtls_ecdsa_restart_free( mbedtls_ecdsa_restart_ctx *ctx );
+void mbedtls_ecdsa_restart_free(mbedtls_ecdsa_restart_ctx *ctx);
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index a73f624..60998c9 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -51,9 +51,10 @@
 /**
  * Roles in the EC J-PAKE exchange
  */
-typedef enum {
-    MBEDTLS_ECJPAKE_CLIENT = 0,         /**< Client                         */
-    MBEDTLS_ECJPAKE_SERVER,             /**< Server                         */
+typedef enum
+{
+    MBEDTLS_ECJPAKE_CLIENT = 0, /**< Client                         */
+    MBEDTLS_ECJPAKE_SERVER, /**< Server                         */
 } mbedtls_ecjpake_role;
 
 #if !defined(MBEDTLS_ECJPAKE_ALT)
@@ -68,27 +69,31 @@
  * convetion from the Thread v1.0 spec. Correspondance is indicated in the
  * description as a pair C: client name, S: server name
  */
-typedef struct mbedtls_ecjpake_context
-{
-    const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);   /**< Hash to use                    */
-    mbedtls_ecp_group MBEDTLS_PRIVATE(grp);              /**< Elliptic curve                 */
-    mbedtls_ecjpake_role MBEDTLS_PRIVATE(role);          /**< Are we client or server?       */
-    int MBEDTLS_PRIVATE(point_format);                   /**< Format for point export        */
+typedef struct mbedtls_ecjpake_context {
+    const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info); /**< Hash to use */
+    mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /**< Elliptic curve */
+    mbedtls_ecjpake_role MBEDTLS_PRIVATE(role); /**< Are we client or server? */
+    int MBEDTLS_PRIVATE(point_format); /**< Format for point export        */
 
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1);              /**< My public key 1   C: X1, S: X3 */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2);              /**< My public key 2   C: X2, S: X4 */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1);              /**< Peer public key 1 C: X3, S: X1 */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2);              /**< Peer public key 2 C: X4, S: X2 */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp);               /**< Peer public key   C: Xs, S: Xc */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Xm1); /**< My public key 1   C: X1, S: X3
+                                             */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Xm2); /**< My public key 2   C: X2, S: X4
+                                             */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp1); /**< Peer public key 1 C: X3, S: X1
+                                             */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp2); /**< Peer public key 2 C: X4, S: X2
+                                             */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Xp); /**< Peer public key   C: Xs, S: Xc
+                                            */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(xm1);                    /**< My private key 1  C: x1, S: x3 */
-    mbedtls_mpi MBEDTLS_PRIVATE(xm2);                    /**< My private key 2  C: x2, S: x4 */
+    mbedtls_mpi MBEDTLS_PRIVATE(xm1); /**< My private key 1  C: x1, S: x3 */
+    mbedtls_mpi MBEDTLS_PRIVATE(xm2); /**< My private key 2  C: x2, S: x4 */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(s);                      /**< Pre-shared secret (passphrase) */
+    mbedtls_mpi MBEDTLS_PRIVATE(s); /**< Pre-shared secret (passphrase) */
 } mbedtls_ecjpake_context;
 
-#else  /* MBEDTLS_ECJPAKE_ALT */
-#include "ecjpake_alt.h"
+#else /* MBEDTLS_ECJPAKE_ALT */
+#    include "ecjpake_alt.h"
 #endif /* MBEDTLS_ECJPAKE_ALT */
 
 /**
@@ -97,7 +102,7 @@
  * \param ctx       The ECJPAKE context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_init(mbedtls_ecjpake_context *ctx);
 
 /**
  * \brief           Set up an ECJPAKE context for use.
@@ -120,12 +125,12 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
-                           mbedtls_ecjpake_role role,
-                           mbedtls_md_type_t hash,
-                           mbedtls_ecp_group_id curve,
-                           const unsigned char *secret,
-                           size_t len );
+int mbedtls_ecjpake_setup(mbedtls_ecjpake_context *ctx,
+                          mbedtls_ecjpake_role role,
+                          mbedtls_md_type_t hash,
+                          mbedtls_ecp_group_id curve,
+                          const unsigned char *secret,
+                          size_t len);
 
 /**
  * \brief               Set the point format for future reads and writes.
@@ -139,8 +144,8 @@
  * \return              #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if \p point_format
  *                      is invalid.
  */
-int mbedtls_ecjpake_set_point_format( mbedtls_ecjpake_context *ctx,
-                                      int point_format );
+int mbedtls_ecjpake_set_point_format(mbedtls_ecjpake_context *ctx,
+                                     int point_format);
 
 /**
  * \brief           Check if an ECJPAKE context is ready for use.
@@ -151,7 +156,7 @@
  * \return          \c 0 if the context is ready for use.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA otherwise.
  */
-int mbedtls_ecjpake_check( const mbedtls_ecjpake_context *ctx );
+int mbedtls_ecjpake_check(const mbedtls_ecjpake_context *ctx);
 
 /**
  * \brief           Generate and write the first round message
@@ -172,10 +177,14 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_write_round_one( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
+int mbedtls_ecjpake_write_round_one(mbedtls_ecjpake_context *ctx,
+                                    unsigned char *buf,
+                                    size_t len,
+                                    size_t *olen,
+                                    int (*f_rng)(void *,
+                                                 unsigned char *,
+                                                 size_t),
+                                    void *p_rng);
 
 /**
  * \brief           Read and process the first round message
@@ -191,9 +200,9 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_read_round_one( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
+int mbedtls_ecjpake_read_round_one(mbedtls_ecjpake_context *ctx,
+                                   const unsigned char *buf,
+                                   size_t len);
 
 /**
  * \brief           Generate and write the second round message
@@ -213,10 +222,14 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
+int mbedtls_ecjpake_write_round_two(mbedtls_ecjpake_context *ctx,
+                                    unsigned char *buf,
+                                    size_t len,
+                                    size_t *olen,
+                                    int (*f_rng)(void *,
+                                                 unsigned char *,
+                                                 size_t),
+                                    void *p_rng);
 
 /**
  * \brief           Read and process the second round message
@@ -231,9 +244,9 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
-                                    const unsigned char *buf,
-                                    size_t len );
+int mbedtls_ecjpake_read_round_two(mbedtls_ecjpake_context *ctx,
+                                   const unsigned char *buf,
+                                   size_t len);
 
 /**
  * \brief           Derive the shared secret
@@ -253,10 +266,12 @@
  * \return          \c 0 if successful.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
-                            unsigned char *buf, size_t len, size_t *olen,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng );
+int mbedtls_ecjpake_derive_secret(mbedtls_ecjpake_context *ctx,
+                                  unsigned char *buf,
+                                  size_t len,
+                                  size_t *olen,
+                                  int (*f_rng)(void *, unsigned char *, size_t),
+                                  void *p_rng);
 
 /**
  * \brief           This clears an ECJPAKE context and frees any
@@ -266,7 +281,7 @@
  *                  in which case this function does nothing. If it is not
  *                  \c NULL, it must point to an initialized ECJPAKE context.
  */
-void mbedtls_ecjpake_free( mbedtls_ecjpake_context *ctx );
+void mbedtls_ecjpake_free(mbedtls_ecjpake_context *ctx);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -275,7 +290,7 @@
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int mbedtls_ecjpake_self_test( int verbose );
+int mbedtls_ecjpake_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
@@ -283,5 +298,4 @@
 }
 #endif
 
-
 #endif /* ecjpake.h */
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 1e5eba1..849b515 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -43,23 +43,24 @@
  * ECP error codes
  */
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA                    -0x4F80
+#define MBEDTLS_ERR_ECP_BAD_INPUT_DATA -0x4F80
 /** The buffer is too small to write to. */
-#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL                  -0x4F00
-/** The requested feature is not available, for example, the requested curve is not supported. */
-#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE               -0x4E80
+#define MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL -0x4F00
+/** The requested feature is not available, for example, the requested curve is
+ * not supported. */
+#define MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE -0x4E80
 /** The signature is not valid. */
-#define MBEDTLS_ERR_ECP_VERIFY_FAILED                     -0x4E00
+#define MBEDTLS_ERR_ECP_VERIFY_FAILED -0x4E00
 /** Memory allocation failed. */
-#define MBEDTLS_ERR_ECP_ALLOC_FAILED                      -0x4D80
+#define MBEDTLS_ERR_ECP_ALLOC_FAILED -0x4D80
 /** Generation of random value, such as ephemeral key, failed. */
-#define MBEDTLS_ERR_ECP_RANDOM_FAILED                     -0x4D00
+#define MBEDTLS_ERR_ECP_RANDOM_FAILED -0x4D00
 /** Invalid private or public key. */
-#define MBEDTLS_ERR_ECP_INVALID_KEY                       -0x4C80
+#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80
 /** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH                  -0x4C00
+#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00
 /** Operation in progress, call again with the same parameters to continue. */
-#define MBEDTLS_ERR_ECP_IN_PROGRESS                       -0x4B00
+#define MBEDTLS_ERR_ECP_IN_PROGRESS -0x4B00
 
 /* Flags indicating whether to include code that is specific to certain
  * types of curves. These flags are for internal library use only. */
@@ -68,17 +69,17 @@
     defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || \
     defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || \
     defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || \
-    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || \
+    defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) ||   \
+    defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) ||   \
     defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || \
     defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || \
     defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
+#    define MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED
 #endif
 #if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || \
     defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MONTGOMERY_ENABLED
+#    define MBEDTLS_ECP_MONTGOMERY_ENABLED
 #endif
 
 #ifdef __cplusplus
@@ -112,20 +113,31 @@
  */
 typedef enum
 {
-    MBEDTLS_ECP_DP_NONE = 0,       /*!< Curve not defined. */
-    MBEDTLS_ECP_DP_SECP192R1,      /*!< Domain parameters for the 192-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP224R1,      /*!< Domain parameters for the 224-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP256R1,      /*!< Domain parameters for the 256-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP384R1,      /*!< Domain parameters for the 384-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_SECP521R1,      /*!< Domain parameters for the 521-bit curve defined by FIPS 186-4 and SEC1. */
-    MBEDTLS_ECP_DP_BP256R1,        /*!< Domain parameters for 256-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_BP384R1,        /*!< Domain parameters for 384-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_BP512R1,        /*!< Domain parameters for 512-bit Brainpool curve. */
-    MBEDTLS_ECP_DP_CURVE25519,     /*!< Domain parameters for Curve25519. */
-    MBEDTLS_ECP_DP_SECP192K1,      /*!< Domain parameters for 192-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_SECP224K1,      /*!< Domain parameters for 224-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_SECP256K1,      /*!< Domain parameters for 256-bit "Koblitz" curve. */
-    MBEDTLS_ECP_DP_CURVE448,       /*!< Domain parameters for Curve448. */
+    MBEDTLS_ECP_DP_NONE = 0, /*!< Curve not defined. */
+    MBEDTLS_ECP_DP_SECP192R1, /*!< Domain parameters for the 192-bit curve
+                                 defined by FIPS 186-4 and SEC1. */
+    MBEDTLS_ECP_DP_SECP224R1, /*!< Domain parameters for the 224-bit curve
+                                 defined by FIPS 186-4 and SEC1. */
+    MBEDTLS_ECP_DP_SECP256R1, /*!< Domain parameters for the 256-bit curve
+                                 defined by FIPS 186-4 and SEC1. */
+    MBEDTLS_ECP_DP_SECP384R1, /*!< Domain parameters for the 384-bit curve
+                                 defined by FIPS 186-4 and SEC1. */
+    MBEDTLS_ECP_DP_SECP521R1, /*!< Domain parameters for the 521-bit curve
+                                 defined by FIPS 186-4 and SEC1. */
+    MBEDTLS_ECP_DP_BP256R1, /*!< Domain parameters for 256-bit Brainpool curve.
+                             */
+    MBEDTLS_ECP_DP_BP384R1, /*!< Domain parameters for 384-bit Brainpool curve.
+                             */
+    MBEDTLS_ECP_DP_BP512R1, /*!< Domain parameters for 512-bit Brainpool curve.
+                             */
+    MBEDTLS_ECP_DP_CURVE25519, /*!< Domain parameters for Curve25519. */
+    MBEDTLS_ECP_DP_SECP192K1, /*!< Domain parameters for 192-bit "Koblitz"
+                                 curve. */
+    MBEDTLS_ECP_DP_SECP224K1, /*!< Domain parameters for 224-bit "Koblitz"
+                                 curve. */
+    MBEDTLS_ECP_DP_SECP256K1, /*!< Domain parameters for 256-bit "Koblitz"
+                                 curve. */
+    MBEDTLS_ECP_DP_CURVE448, /*!< Domain parameters for Curve448. */
 } mbedtls_ecp_group_id;
 
 /**
@@ -133,7 +145,7 @@
  *
  * \note Montgomery curves are currently excluded.
  */
-#define MBEDTLS_ECP_DP_MAX     12
+#define MBEDTLS_ECP_DP_MAX 12
 
 /*
  * Curve types
@@ -141,19 +153,19 @@
 typedef enum
 {
     MBEDTLS_ECP_TYPE_NONE = 0,
-    MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS,    /* y^2 = x^3 + a x + b      */
-    MBEDTLS_ECP_TYPE_MONTGOMERY,           /* y^2 = x^3 + a x^2 + x    */
+    MBEDTLS_ECP_TYPE_SHORT_WEIERSTRASS, /* y^2 = x^3 + a x + b      */
+    MBEDTLS_ECP_TYPE_MONTGOMERY, /* y^2 = x^3 + a x^2 + x    */
 } mbedtls_ecp_curve_type;
 
 /**
  * Curve information, for use by other modules.
  */
-typedef struct mbedtls_ecp_curve_info
-{
-    mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id);    /*!< An internal identifier. */
-    uint16_t MBEDTLS_PRIVATE(tls_id);                /*!< The TLS NamedCurve identifier. */
-    uint16_t MBEDTLS_PRIVATE(bit_size);              /*!< The curve size in bits. */
-    const char *MBEDTLS_PRIVATE(name);               /*!< A human-friendly name. */
+typedef struct mbedtls_ecp_curve_info {
+    mbedtls_ecp_group_id MBEDTLS_PRIVATE(grp_id); /*!< An internal identifier.
+                                                   */
+    uint16_t MBEDTLS_PRIVATE(tls_id); /*!< The TLS NamedCurve identifier. */
+    uint16_t MBEDTLS_PRIVATE(bit_size); /*!< The curve size in bits. */
+    const char *MBEDTLS_PRIVATE(name); /*!< A human-friendly name. */
 } mbedtls_ecp_curve_info;
 
 /**
@@ -167,13 +179,11 @@
  *                  Otherwise, \p X and \p Y are its standard (affine)
  *                  coordinates.
  */
-typedef struct mbedtls_ecp_point
-{
-    mbedtls_mpi MBEDTLS_PRIVATE(X);          /*!< The X coordinate of the ECP point. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Y);          /*!< The Y coordinate of the ECP point. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Z);          /*!< The Z coordinate of the ECP point. */
-}
-mbedtls_ecp_point;
+typedef struct mbedtls_ecp_point {
+    mbedtls_mpi MBEDTLS_PRIVATE(X); /*!< The X coordinate of the ECP point. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Y); /*!< The Y coordinate of the ECP point. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Z); /*!< The Z coordinate of the ECP point. */
+} mbedtls_ecp_point;
 
 #if !defined(MBEDTLS_ECP_ALT)
 /*
@@ -204,12 +214,12 @@
  * not the size of \p N but the required size for private keys.
  *
  * If \p modp is NULL, reduction modulo \p P is done using a generic algorithm.
- * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in the
- * range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an integer
- * which is congruent mod \p P to the given MPI, and is close enough to \p pbits
- * in size, so that it may be efficiently brought in the 0..P-1 range by a few
- * additions or subtractions. Therefore, it is only an approximative modular
- * reduction. It must return 0 on success and non-zero on failure.
+ * Otherwise, \p modp must point to a function that takes an \p mbedtls_mpi in
+ * the range of <code>0..2^(2*pbits)-1</code>, and transforms it in-place to an
+ * integer which is congruent mod \p P to the given MPI, and is close enough to
+ * \p pbits in size, so that it may be efficiently brought in the 0..P-1 range
+ * by a few additions or subtractions. Therefore, it is only an approximative
+ * modular reduction. It must return 0 on success and non-zero on failure.
  *
  * \note        Alternative implementations of the ECP module must obey the
  *              following constraints.
@@ -222,42 +232,44 @@
  *                of these fields does not need to be supported.
  *                They do not need to be at the same offset in the structure.
  */
-typedef struct mbedtls_ecp_group
-{
-    mbedtls_ecp_group_id id;    /*!< An internal group identifier. */
-    mbedtls_mpi P;              /*!< The prime modulus of the base field. */
-    mbedtls_mpi A;              /*!< For Short Weierstrass: \p A in the equation. For
-                                     Montgomery curves: <code>(A + 2) / 4</code>. */
-    mbedtls_mpi B;              /*!< For Short Weierstrass: \p B in the equation.
-                                     For Montgomery curves: unused. */
-    mbedtls_ecp_point G;        /*!< The generator of the subgroup used. */
-    mbedtls_mpi N;              /*!< The order of \p G. */
-    size_t pbits;               /*!< The number of bits in \p P.*/
-    size_t nbits;               /*!< For Short Weierstrass: The number of bits in \p P.
-                                     For Montgomery curves: the number of bits in the
-                                     private keys. */
+typedef struct mbedtls_ecp_group {
+    mbedtls_ecp_group_id id; /*!< An internal group identifier. */
+    mbedtls_mpi P; /*!< The prime modulus of the base field. */
+    mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
+                        Montgomery curves: <code>(A + 2) / 4</code>. */
+    mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
+                        For Montgomery curves: unused. */
+    mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
+    mbedtls_mpi N; /*!< The order of \p G. */
+    size_t pbits; /*!< The number of bits in \p P.*/
+    size_t nbits; /*!< For Short Weierstrass: The number of bits in \p P.
+                       For Montgomery curves: the number of bits in the
+                       private keys. */
     /* End of public fields */
 
-    unsigned int MBEDTLS_PRIVATE(h);             /*!< \internal 1 if the constants are static. */
-    int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast pseudo-reduction
-                                     mod \p P (see above).*/
-    int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *);  /*!< Unused. */
+    unsigned int MBEDTLS_PRIVATE(h); /*!< \internal 1 if the constants are
+                                        static. */
+    int (*MBEDTLS_PRIVATE(modp))(mbedtls_mpi *); /*!< The function for fast
+                                     pseudo-reduction mod \p P (see above).*/
+    int (*MBEDTLS_PRIVATE(t_pre))(mbedtls_ecp_point *, void *); /*!< Unused. */
     int (*MBEDTLS_PRIVATE(t_post))(mbedtls_ecp_point *, void *); /*!< Unused. */
-    void *MBEDTLS_PRIVATE(t_data);               /*!< Unused. */
-    mbedtls_ecp_point *MBEDTLS_PRIVATE(T);       /*!< Pre-computed points for ecp_mul_comb(). */
-    size_t MBEDTLS_PRIVATE(T_size);              /*!< The number of dynamic allocated pre-computed points. */
-}
-mbedtls_ecp_group;
+    void *MBEDTLS_PRIVATE(t_data); /*!< Unused. */
+    mbedtls_ecp_point *MBEDTLS_PRIVATE(T); /*!< Pre-computed points for
+                                              ecp_mul_comb(). */
+    size_t MBEDTLS_PRIVATE(T_size); /*!< The number of dynamic allocated
+                                       pre-computed points. */
+} mbedtls_ecp_group;
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h, or define them using the compiler command line.
+ * Either change them in mbedtls_config.h, or define them using the compiler
+ * command line.
  * \{
  */
 
-#if !defined(MBEDTLS_ECP_WINDOW_SIZE)
+#    if !defined(MBEDTLS_ECP_WINDOW_SIZE)
 /*
  * Maximum "window" size used for point multiplication.
  * Default: a point where higher memory usage yields disminishing performance
@@ -279,10 +291,10 @@
  *      192       640     640     633     587     476
  */
 /** The maximum window size used. */
-#define MBEDTLS_ECP_WINDOW_SIZE    4
-#endif /* MBEDTLS_ECP_WINDOW_SIZE */
+#        define MBEDTLS_ECP_WINDOW_SIZE 4
+#    endif /* MBEDTLS_ECP_WINDOW_SIZE */
 
-#if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
+#    if !defined(MBEDTLS_ECP_FIXED_POINT_OPTIM)
 /*
  * Trade code size for speed on fixed-point multiplication.
  *
@@ -296,13 +308,13 @@
  * Change this value to 0 to reduce code size.
  */
 /** Enable fixed-point speed-up. */
-#define MBEDTLS_ECP_FIXED_POINT_OPTIM  1
-#endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
+#        define MBEDTLS_ECP_FIXED_POINT_OPTIM 1
+#    endif /* MBEDTLS_ECP_FIXED_POINT_OPTIM */
 
 /* \} name SECTION: Module settings */
 
-#else  /* MBEDTLS_ECP_ALT */
-#include "ecp_alt.h"
+#else /* MBEDTLS_ECP_ALT */
+#    include "ecp_alt.h"
 #endif /* MBEDTLS_ECP_ALT */
 
 /**
@@ -311,40 +323,40 @@
 #if !defined(MBEDTLS_ECP_C)
 /* Dummy definition to help code that has optional ECP support and
  * defines an MBEDTLS_ECP_MAX_BYTES-sized array unconditionally. */
-#define MBEDTLS_ECP_MAX_BITS 1
+#    define MBEDTLS_ECP_MAX_BITS 1
 /* Note: the curves must be listed in DECREASING size! */
 #elif defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 521
+#    define MBEDTLS_ECP_MAX_BITS 521
 #elif defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 512
+#    define MBEDTLS_ECP_MAX_BITS 512
 #elif defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 448
+#    define MBEDTLS_ECP_MAX_BITS 448
 #elif defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
+#    define MBEDTLS_ECP_MAX_BITS 384
 #elif defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 384
+#    define MBEDTLS_ECP_MAX_BITS 384
 #elif defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+#    define MBEDTLS_ECP_MAX_BITS 256
 #elif defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+#    define MBEDTLS_ECP_MAX_BITS 256
 #elif defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 256
+#    define MBEDTLS_ECP_MAX_BITS 256
 #elif defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 255
+#    define MBEDTLS_ECP_MAX_BITS 255
 #elif defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
+#    define MBEDTLS_ECP_MAX_BITS 225 // n is slightly above 2^224
 #elif defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 224
+#    define MBEDTLS_ECP_MAX_BITS 224
 #elif defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
+#    define MBEDTLS_ECP_MAX_BITS 192
 #elif defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#define MBEDTLS_ECP_MAX_BITS 192
+#    define MBEDTLS_ECP_MAX_BITS 192
 #else
-#error "Missing definition of MBEDTLS_ECP_MAX_BITS"
+#    error "Missing definition of MBEDTLS_ECP_MAX_BITS"
 #endif
 
-#define MBEDTLS_ECP_MAX_BYTES    ( ( MBEDTLS_ECP_MAX_BITS + 7 ) / 8 )
-#define MBEDTLS_ECP_MAX_PT_LEN   ( 2 * MBEDTLS_ECP_MAX_BYTES + 1 )
+#define MBEDTLS_ECP_MAX_BYTES  ((MBEDTLS_ECP_MAX_BITS + 7) / 8)
+#define MBEDTLS_ECP_MAX_PT_LEN (2 * MBEDTLS_ECP_MAX_BYTES + 1)
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 
@@ -365,21 +377,26 @@
 /**
  * \brief           General context for resuming ECC operations
  */
-typedef struct
-{
-    unsigned MBEDTLS_PRIVATE(ops_done);                  /*!<  current ops count             */
-    unsigned MBEDTLS_PRIVATE(depth);                     /*!<  call depth (0 = top-level)    */
-    mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm);   /*!<  ecp_mul_comb() sub-context    */
-    mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!<  ecp_muladd() sub-context      */
+typedef struct {
+    unsigned MBEDTLS_PRIVATE(ops_done); /*!<  current ops count             */
+    unsigned MBEDTLS_PRIVATE(depth); /*!<  call depth (0 = top-level)    */
+    mbedtls_ecp_restart_mul_ctx *MBEDTLS_PRIVATE(rsm); /*!<  ecp_mul_comb()
+                                                          sub-context    */
+    mbedtls_ecp_restart_muladd_ctx *MBEDTLS_PRIVATE(ma); /*!<  ecp_muladd()
+                                                            sub-context      */
 } mbedtls_ecp_restart_ctx;
 
 /*
  * Operation counts for restartable functions
  */
-#define MBEDTLS_ECP_OPS_CHK   3 /*!< basic ops count for ecp_check_pubkey()  */
-#define MBEDTLS_ECP_OPS_DBL   8 /*!< basic ops count for ecp_double_jac()    */
-#define MBEDTLS_ECP_OPS_ADD  11 /*!< basic ops count for see ecp_add_mixed() */
-#define MBEDTLS_ECP_OPS_INV 120 /*!< empirical equivalent for mpi_mod_inv()  */
+#    define MBEDTLS_ECP_OPS_CHK \
+        3 /*!< basic ops count for ecp_check_pubkey()  */
+#    define MBEDTLS_ECP_OPS_DBL \
+        8 /*!< basic ops count for ecp_double_jac()    */
+#    define MBEDTLS_ECP_OPS_ADD \
+        11 /*!< basic ops count for see ecp_add_mixed() */
+#    define MBEDTLS_ECP_OPS_INV \
+        120 /*!< empirical equivalent for mpi_mod_inv()  */
 
 /**
  * \brief           Internal; for restartable functions in other modules.
@@ -392,18 +409,17 @@
  * \return          \c 0 if doing \p ops basic ops is still allowed,
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS otherwise.
  */
-int mbedtls_ecp_check_budget( const mbedtls_ecp_group *grp,
-                              mbedtls_ecp_restart_ctx *rs_ctx,
-                              unsigned ops );
+int mbedtls_ecp_check_budget(const mbedtls_ecp_group *grp,
+                             mbedtls_ecp_restart_ctx *rs_ctx,
+                             unsigned ops);
 
 /* Utility macro for checking and updating ops budget */
-#define MBEDTLS_ECP_BUDGET( ops )   \
-    MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, rs_ctx, \
-                                               (unsigned) (ops) ) );
+#    define MBEDTLS_ECP_BUDGET(ops) \
+        MBEDTLS_MPI_CHK(mbedtls_ecp_check_budget(grp, rs_ctx, (unsigned)(ops)));
 
 #else /* MBEDTLS_ECP_RESTARTABLE */
 
-#define MBEDTLS_ECP_BUDGET( ops )   /* no-op; for compatibility */
+#    define MBEDTLS_ECP_BUDGET(ops) /* no-op; for compatibility */
 
 /* We want to declare restartable versions of existing functions anyway */
 typedef void mbedtls_ecp_restart_ctx;
@@ -418,27 +434,26 @@
  * \note    Members are deliberately in the same order as in the
  *          ::mbedtls_ecdsa_context structure.
  */
-typedef struct mbedtls_ecp_keypair
-{
-    mbedtls_ecp_group MBEDTLS_PRIVATE(grp);      /*!<  Elliptic curve and base point     */
-    mbedtls_mpi MBEDTLS_PRIVATE(d);              /*!<  our secret value                  */
-    mbedtls_ecp_point MBEDTLS_PRIVATE(Q);        /*!<  our public value                  */
-}
-mbedtls_ecp_keypair;
+typedef struct mbedtls_ecp_keypair {
+    mbedtls_ecp_group MBEDTLS_PRIVATE(grp); /*!<  Elliptic curve and base point
+                                             */
+    mbedtls_mpi MBEDTLS_PRIVATE(d); /*!<  our secret value                  */
+    mbedtls_ecp_point MBEDTLS_PRIVATE(Q); /*!<  our public value */
+} mbedtls_ecp_keypair;
 
 /*
  * Point formats, from RFC 4492's enum ECPointFormat
  */
 /** Uncompressed point format. */
-#define MBEDTLS_ECP_PF_UNCOMPRESSED    0
+#define MBEDTLS_ECP_PF_UNCOMPRESSED 0
 /** Compressed point format. */
-#define MBEDTLS_ECP_PF_COMPRESSED      1
+#define MBEDTLS_ECP_PF_COMPRESSED 1
 
 /*
  * Some other constants from RFC 4492
  */
 /** The named_curve of ECCurveType. */
-#define MBEDTLS_ECP_TLS_NAMED_CURVE    3
+#define MBEDTLS_ECP_TLS_NAMED_CURVE 3
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
@@ -498,7 +513,7 @@
  *
  * \note            This setting is currently ignored by Curve25519.
  */
-void mbedtls_ecp_set_max_ops( unsigned max_ops );
+void mbedtls_ecp_set_max_ops(unsigned max_ops);
 
 /**
  * \brief           Check if restart is enabled (max_ops != 0)
@@ -506,13 +521,13 @@
  * \return          \c 0 if \c max_ops == 0 (restart disabled)
  * \return          \c 1 otherwise (restart enabled)
  */
-int mbedtls_ecp_restart_is_enabled( void );
+int mbedtls_ecp_restart_is_enabled(void);
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 /*
  * Get the type of a curve
  */
-mbedtls_ecp_curve_type mbedtls_ecp_get_type( const mbedtls_ecp_group *grp );
+mbedtls_ecp_curve_type mbedtls_ecp_get_type(const mbedtls_ecp_group *grp);
 
 /**
  * \brief           This function retrieves the information defined in
@@ -526,7 +541,7 @@
  *
  * \return          A statically allocated array. The last entry is 0.
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list( void );
+const mbedtls_ecp_curve_info *mbedtls_ecp_curve_list(void);
 
 /**
  * \brief           This function retrieves the list of internal group
@@ -542,7 +557,7 @@
  * \return          A statically allocated array,
  *                  terminated with MBEDTLS_ECP_DP_NONE.
  */
-const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list( void );
+const mbedtls_ecp_group_id *mbedtls_ecp_grp_id_list(void);
 
 /**
  * \brief           This function retrieves curve information from an internal
@@ -553,7 +568,8 @@
  * \return          The associated curve information on success.
  * \return          NULL on failure.
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_grp_id( mbedtls_ecp_group_id grp_id );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_grp_id(mbedtls_ecp_group_id grp_id);
 
 /**
  * \brief           This function retrieves curve information from a TLS
@@ -564,7 +580,8 @@
  * \return          The associated curve information on success.
  * \return          NULL on failure.
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_tls_id( uint16_t tls_id );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_tls_id(uint16_t tls_id);
 
 /**
  * \brief           This function retrieves curve information from a
@@ -575,14 +592,15 @@
  * \return          The associated curve information on success.
  * \return          NULL on failure.
  */
-const mbedtls_ecp_curve_info *mbedtls_ecp_curve_info_from_name( const char *name );
+const mbedtls_ecp_curve_info *
+mbedtls_ecp_curve_info_from_name(const char *name);
 
 /**
  * \brief           This function initializes a point as zero.
  *
  * \param pt        The point to initialize.
  */
-void mbedtls_ecp_point_init( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_init(mbedtls_ecp_point *pt);
 
 /**
  * \brief           This function initializes an ECP group context
@@ -593,21 +611,21 @@
  *                  mbedtls_ecp_group_load() or mbedtls_ecp_tls_read_group()
  *                  functions.
  */
-void mbedtls_ecp_group_init( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_init(mbedtls_ecp_group *grp);
 
 /**
  * \brief           This function initializes a key pair as an invalid one.
  *
  * \param key       The key pair to initialize.
  */
-void mbedtls_ecp_keypair_init( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_init(mbedtls_ecp_keypair *key);
 
 /**
  * \brief           This function frees the components of a point.
  *
  * \param pt        The point to free.
  */
-void mbedtls_ecp_point_free( mbedtls_ecp_point *pt );
+void mbedtls_ecp_point_free(mbedtls_ecp_point *pt);
 
 /**
  * \brief           This function frees the components of an ECP group.
@@ -616,7 +634,7 @@
  *                  case this function returns immediately. If it is not
  *                  \c NULL, it must point to an initialized ECP group.
  */
-void mbedtls_ecp_group_free( mbedtls_ecp_group *grp );
+void mbedtls_ecp_group_free(mbedtls_ecp_group *grp);
 
 /**
  * \brief           This function frees the components of a key pair.
@@ -625,7 +643,7 @@
  *                  case this function returns immediately. If it is not
  *                  \c NULL, it must point to an initialized ECP key pair.
  */
-void mbedtls_ecp_keypair_free( mbedtls_ecp_keypair *key );
+void mbedtls_ecp_keypair_free(mbedtls_ecp_keypair *key);
 
 #if defined(MBEDTLS_ECP_RESTARTABLE)
 /**
@@ -634,7 +652,7 @@
  * \param ctx       The restart context to initialize. This must
  *                  not be \c NULL.
  */
-void mbedtls_ecp_restart_init( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_init(mbedtls_ecp_restart_ctx *ctx);
 
 /**
  * \brief           Free the components of a restart context.
@@ -643,7 +661,7 @@
  *                  case this function returns immediately. If it is not
  *                  \c NULL, it must point to an initialized restart context.
  */
-void mbedtls_ecp_restart_free( mbedtls_ecp_restart_ctx *ctx );
+void mbedtls_ecp_restart_free(mbedtls_ecp_restart_ctx *ctx);
 #endif /* MBEDTLS_ECP_RESTARTABLE */
 
 /**
@@ -657,7 +675,7 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          Another negative error code for other kinds of failure.
  */
-int mbedtls_ecp_copy( mbedtls_ecp_point *P, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_copy(mbedtls_ecp_point *P, const mbedtls_ecp_point *Q);
 
 /**
  * \brief           This function copies the contents of group \p src into
@@ -670,8 +688,8 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_group_copy( mbedtls_ecp_group *dst,
-                            const mbedtls_ecp_group *src );
+int mbedtls_ecp_group_copy(mbedtls_ecp_group *dst,
+                           const mbedtls_ecp_group *src);
 
 /**
  * \brief           This function sets a point to the point at infinity.
@@ -682,7 +700,7 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_set_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_set_zero(mbedtls_ecp_point *pt);
 
 /**
  * \brief           This function checks if a point is the point at infinity.
@@ -693,7 +711,7 @@
  * \return          \c 0 if the point is non-zero.
  * \return          A negative error code on failure.
  */
-int mbedtls_ecp_is_zero( mbedtls_ecp_point *pt );
+int mbedtls_ecp_is_zero(mbedtls_ecp_point *pt);
 
 /**
  * \brief           This function compares two points.
@@ -707,8 +725,8 @@
  * \return          \c 0 if the points are equal.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if the points are not equal.
  */
-int mbedtls_ecp_point_cmp( const mbedtls_ecp_point *P,
-                           const mbedtls_ecp_point *Q );
+int mbedtls_ecp_point_cmp(const mbedtls_ecp_point *P,
+                          const mbedtls_ecp_point *Q);
 
 /**
  * \brief           This function imports a non-zero point from two ASCII
@@ -722,8 +740,10 @@
  * \return          \c 0 on success.
  * \return          An \c MBEDTLS_ERR_MPI_XXX error code on failure.
  */
-int mbedtls_ecp_point_read_string( mbedtls_ecp_point *P, int radix,
-                           const char *x, const char *y );
+int mbedtls_ecp_point_read_string(mbedtls_ecp_point *P,
+                                  int radix,
+                                  const char *x,
+                                  const char *y);
 
 /**
  * \brief           This function exports a point into unsigned binary data.
@@ -750,10 +770,12 @@
  *                  or the export for the given group is not implemented.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_point_write_binary( const mbedtls_ecp_group *grp,
-                                    const mbedtls_ecp_point *P,
-                                    int format, size_t *olen,
-                                    unsigned char *buf, size_t buflen );
+int mbedtls_ecp_point_write_binary(const mbedtls_ecp_group *grp,
+                                   const mbedtls_ecp_point *P,
+                                   int format,
+                                   size_t *olen,
+                                   unsigned char *buf,
+                                   size_t buflen);
 
 /**
  * \brief           This function imports a point from unsigned binary data.
@@ -777,9 +799,10 @@
  * \return          #MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE if the import for the
  *                  given group is not implemented.
  */
-int mbedtls_ecp_point_read_binary( const mbedtls_ecp_group *grp,
-                                   mbedtls_ecp_point *P,
-                                   const unsigned char *buf, size_t ilen );
+int mbedtls_ecp_point_read_binary(const mbedtls_ecp_group *grp,
+                                  mbedtls_ecp_point *P,
+                                  const unsigned char *buf,
+                                  size_t ilen);
 
 /**
  * \brief           This function imports a point from a TLS ECPoint record.
@@ -799,9 +822,10 @@
  *                  failure.
  * \return          #MBEDTLS_ERR_ECP_BAD_INPUT_DATA if input is invalid.
  */
-int mbedtls_ecp_tls_read_point( const mbedtls_ecp_group *grp,
-                                mbedtls_ecp_point *pt,
-                                const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_point(const mbedtls_ecp_group *grp,
+                               mbedtls_ecp_point *pt,
+                               const unsigned char **buf,
+                               size_t len);
 
 /**
  * \brief           This function exports a point as a TLS ECPoint record
@@ -825,10 +849,12 @@
  *                  is too small to hold the exported point.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp,
-                                 const mbedtls_ecp_point *pt,
-                                 int format, size_t *olen,
-                                 unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_point(const mbedtls_ecp_group *grp,
+                                const mbedtls_ecp_point *pt,
+                                int format,
+                                size_t *olen,
+                                unsigned char *buf,
+                                size_t blen);
 
 /**
  * \brief           This function sets up an ECP group context
@@ -847,7 +873,7 @@
  *                  correspond to a known group.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
+int mbedtls_ecp_group_load(mbedtls_ecp_group *grp, mbedtls_ecp_group_id id);
 
 /**
  * \brief           This function sets up an ECP group context from a TLS
@@ -866,8 +892,9 @@
  *                  recognized.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_read_group( mbedtls_ecp_group *grp,
-                                const unsigned char **buf, size_t len );
+int mbedtls_ecp_tls_read_group(mbedtls_ecp_group *grp,
+                               const unsigned char **buf,
+                               size_t len);
 
 /**
  * \brief           This function extracts an elliptic curve group ID from a
@@ -887,9 +914,9 @@
  *                  recognized.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_read_group_id( mbedtls_ecp_group_id *grp,
-                                   const unsigned char **buf,
-                                   size_t len );
+int mbedtls_ecp_tls_read_group_id(mbedtls_ecp_group_id *grp,
+                                  const unsigned char **buf,
+                                  size_t len);
 /**
  * \brief           This function exports an elliptic curve as a TLS
  *                  ECParameters record as defined in RFC 4492, Section 5.4.
@@ -908,9 +935,10 @@
  *                  buffer is too small to hold the exported group.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_tls_write_group( const mbedtls_ecp_group *grp,
-                                 size_t *olen,
-                                 unsigned char *buf, size_t blen );
+int mbedtls_ecp_tls_write_group(const mbedtls_ecp_group *grp,
+                                size_t *olen,
+                                unsigned char *buf,
+                                size_t blen);
 
 /**
  * \brief           This function performs a scalar multiplication of a point
@@ -941,9 +969,12 @@
  * \return          #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory-allocation failure.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecp_mul(mbedtls_ecp_group *grp,
+                    mbedtls_ecp_point *R,
+                    const mbedtls_mpi *m,
+                    const mbedtls_ecp_point *P,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng);
 
 /**
  * \brief           This function performs multiplication of a point by
@@ -975,10 +1006,13 @@
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_mul_restartable( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_ecp_restart_ctx *rs_ctx );
+int mbedtls_ecp_mul_restartable(mbedtls_ecp_group *grp,
+                                mbedtls_ecp_point *R,
+                                const mbedtls_mpi *m,
+                                const mbedtls_ecp_point *P,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng,
+                                mbedtls_ecp_restart_ctx *rs_ctx);
 
 #if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
 /**
@@ -1016,9 +1050,12 @@
  *                  designate a short Weierstrass curve.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q );
+int mbedtls_ecp_muladd(mbedtls_ecp_group *grp,
+                       mbedtls_ecp_point *R,
+                       const mbedtls_mpi *m,
+                       const mbedtls_ecp_point *P,
+                       const mbedtls_mpi *n,
+                       const mbedtls_ecp_point *Q);
 
 /**
  * \brief           This function performs multiplication and addition of two
@@ -1060,11 +1097,13 @@
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_muladd_restartable(
-             mbedtls_ecp_group *grp, mbedtls_ecp_point *R,
-             const mbedtls_mpi *m, const mbedtls_ecp_point *P,
-             const mbedtls_mpi *n, const mbedtls_ecp_point *Q,
-             mbedtls_ecp_restart_ctx *rs_ctx );
+int mbedtls_ecp_muladd_restartable(mbedtls_ecp_group *grp,
+                                   mbedtls_ecp_point *R,
+                                   const mbedtls_mpi *m,
+                                   const mbedtls_ecp_point *P,
+                                   const mbedtls_mpi *n,
+                                   const mbedtls_ecp_point *Q,
+                                   mbedtls_ecp_restart_ctx *rs_ctx);
 #endif /* MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
 
 /**
@@ -1094,8 +1133,8 @@
  *                  a valid public key for the given curve.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_check_pubkey( const mbedtls_ecp_group *grp,
-                              const mbedtls_ecp_point *pt );
+int mbedtls_ecp_check_pubkey(const mbedtls_ecp_group *grp,
+                             const mbedtls_ecp_point *pt);
 
 /**
  * \brief           This function checks that an \p mbedtls_mpi is a
@@ -1116,8 +1155,8 @@
  *                  private key for the given curve.
  * \return          Another negative error code on other kinds of failure.
  */
-int mbedtls_ecp_check_privkey( const mbedtls_ecp_group *grp,
-                               const mbedtls_mpi *d );
+int mbedtls_ecp_check_privkey(const mbedtls_ecp_group *grp,
+                              const mbedtls_mpi *d);
 
 /**
  * \brief           This function generates a private key.
@@ -1134,10 +1173,10 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
-int mbedtls_ecp_gen_privkey( const mbedtls_ecp_group *grp,
-                     mbedtls_mpi *d,
-                     int (*f_rng)(void *, unsigned char *, size_t),
-                     void *p_rng );
+int mbedtls_ecp_gen_privkey(const mbedtls_ecp_group *grp,
+                            mbedtls_mpi *d,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief           This function generates a keypair with a configurable base
@@ -1166,11 +1205,12 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
-int mbedtls_ecp_gen_keypair_base( mbedtls_ecp_group *grp,
-                                  const mbedtls_ecp_point *G,
-                                  mbedtls_mpi *d, mbedtls_ecp_point *Q,
-                                  int (*f_rng)(void *, unsigned char *, size_t),
-                                  void *p_rng );
+int mbedtls_ecp_gen_keypair_base(mbedtls_ecp_group *grp,
+                                 const mbedtls_ecp_point *G,
+                                 mbedtls_mpi *d,
+                                 mbedtls_ecp_point *Q,
+                                 int (*f_rng)(void *, unsigned char *, size_t),
+                                 void *p_rng);
 
 /**
  * \brief           This function generates an ECP keypair.
@@ -1195,10 +1235,11 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
-int mbedtls_ecp_gen_keypair( mbedtls_ecp_group *grp, mbedtls_mpi *d,
-                             mbedtls_ecp_point *Q,
-                             int (*f_rng)(void *, unsigned char *, size_t),
-                             void *p_rng );
+int mbedtls_ecp_gen_keypair(mbedtls_ecp_group *grp,
+                            mbedtls_mpi *d,
+                            mbedtls_ecp_point *Q,
+                            int (*f_rng)(void *, unsigned char *, size_t),
+                            void *p_rng);
 
 /**
  * \brief           This function generates an ECP key.
@@ -1213,9 +1254,10 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX error code
  *                  on failure.
  */
-int mbedtls_ecp_gen_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng );
+int mbedtls_ecp_gen_key(mbedtls_ecp_group_id grp_id,
+                        mbedtls_ecp_keypair *key,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng);
 
 /**
  * \brief           This function reads an elliptic curve private key.
@@ -1235,8 +1277,10 @@
  *                  the group is not implemented.
  * \return          Another negative error code on different kinds of failure.
  */
-int mbedtls_ecp_read_key( mbedtls_ecp_group_id grp_id, mbedtls_ecp_keypair *key,
-                          const unsigned char *buf, size_t buflen );
+int mbedtls_ecp_read_key(mbedtls_ecp_group_id grp_id,
+                         mbedtls_ecp_keypair *key,
+                         const unsigned char *buf,
+                         size_t buflen);
 
 /**
  * \brief           This function exports an elliptic curve private key.
@@ -1254,8 +1298,9 @@
  *                  the group is not implemented.
  * \return          Another negative error code on different kinds of failure.
  */
-int mbedtls_ecp_write_key( mbedtls_ecp_keypair *key,
-                           unsigned char *buf, size_t buflen );
+int mbedtls_ecp_write_key(mbedtls_ecp_keypair *key,
+                          unsigned char *buf,
+                          size_t buflen);
 
 /**
  * \brief           This function checks that the keypair objects
@@ -1277,9 +1322,10 @@
  * \return          An \c MBEDTLS_ERR_ECP_XXX or an \c MBEDTLS_ERR_MPI_XXX
  *                  error code on calculation failure.
  */
-int mbedtls_ecp_check_pub_priv(
-        const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv,
-        int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_ecp_check_pub_priv(const mbedtls_ecp_keypair *pub,
+                               const mbedtls_ecp_keypair *prv,
+                               int (*f_rng)(void *, unsigned char *, size_t),
+                               void *p_rng);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -1289,7 +1335,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_ecp_self_test( int verbose );
+int mbedtls_ecp_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 38373c2..514aa28 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -28,67 +28,67 @@
 #include <stddef.h>
 
 #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
-#include "mbedtls/sha512.h"
-#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
+#    include "mbedtls/sha512.h"
+#    define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
 #else
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
-#include "mbedtls/sha256.h"
-#endif
+#    if defined(MBEDTLS_SHA256_C)
+#        define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
+#        include "mbedtls/sha256.h"
+#    endif
 #endif
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
-
 /** Critical entropy source failure. */
-#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED                 -0x003C
+#define MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -0x003C
 /** No more sources can be added. */
-#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES                   -0x003E
+#define MBEDTLS_ERR_ENTROPY_MAX_SOURCES -0x003E
 /** No sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED            -0x0040
+#define MBEDTLS_ERR_ENTROPY_NO_SOURCES_DEFINED -0x0040
 /** No strong sources have been added to poll. */
-#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE              -0x003D
+#define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D
 /** Read/write error in file. */
-#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR                 -0x003F
+#define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
 #if !defined(MBEDTLS_ENTROPY_MAX_SOURCES)
 /** Maximum number of sources supported */
-#define MBEDTLS_ENTROPY_MAX_SOURCES     20
+#    define MBEDTLS_ENTROPY_MAX_SOURCES 20
 #endif
 
 #if !defined(MBEDTLS_ENTROPY_MAX_GATHER)
 /** Maximum amount requested from entropy sources */
-#define MBEDTLS_ENTROPY_MAX_GATHER      128
+#    define MBEDTLS_ENTROPY_MAX_GATHER 128
 #endif
 
 /* \} name SECTION: Module settings */
 
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
 /** Block size of entropy accumulator (SHA-512) */
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      64
+#    define MBEDTLS_ENTROPY_BLOCK_SIZE 64
 #else
 /** Block size of entropy accumulator (SHA-256) */
-#define MBEDTLS_ENTROPY_BLOCK_SIZE      32
+#    define MBEDTLS_ENTROPY_BLOCK_SIZE 32
 #endif
 
 /** Maximum size of seed we read from seed file */
-#define MBEDTLS_ENTROPY_MAX_SEED_SIZE   1024
-#define MBEDTLS_ENTROPY_SOURCE_MANUAL   MBEDTLS_ENTROPY_MAX_SOURCES
+#define MBEDTLS_ENTROPY_MAX_SEED_SIZE 1024
+#define MBEDTLS_ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_MAX_SOURCES
 
 /** Entropy source is strong   */
-#define MBEDTLS_ENTROPY_SOURCE_STRONG   1
+#define MBEDTLS_ENTROPY_SOURCE_STRONG 1
 /** Entropy source is weak     */
-#define MBEDTLS_ENTROPY_SOURCE_WEAK     0
+#define MBEDTLS_ENTROPY_SOURCE_WEAK 0
 
 #ifdef __cplusplus
 extern "C" {
@@ -105,52 +105,56 @@
  * \return          0 if no critical failures occurred,
  *                  MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise
  */
-typedef int (*mbedtls_entropy_f_source_ptr)(void *data, unsigned char *output, size_t len,
-                            size_t *olen);
+typedef int (*mbedtls_entropy_f_source_ptr)(void *data,
+                                            unsigned char *output,
+                                            size_t len,
+                                            size_t *olen);
 
 /**
  * \brief           Entropy source state
  */
-typedef struct mbedtls_entropy_source_state
-{
-    mbedtls_entropy_f_source_ptr    MBEDTLS_PRIVATE(f_source);   /**< The entropy source callback */
-    void *          MBEDTLS_PRIVATE(p_source);   /**< The callback data pointer */
-    size_t          MBEDTLS_PRIVATE(size);       /**< Amount received in bytes */
-    size_t          MBEDTLS_PRIVATE(threshold);  /**< Minimum bytes required before release */
-    int             MBEDTLS_PRIVATE(strong);     /**< Is the source strong? */
-}
-mbedtls_entropy_source_state;
+typedef struct mbedtls_entropy_source_state {
+    mbedtls_entropy_f_source_ptr MBEDTLS_PRIVATE(f_source); /**< The entropy
+                                                               source callback
+                                                             */
+    void *MBEDTLS_PRIVATE(p_source); /**< The callback data pointer */
+    size_t MBEDTLS_PRIVATE(size); /**< Amount received in bytes */
+    size_t MBEDTLS_PRIVATE(threshold); /**< Minimum bytes required before
+                                          release */
+    int MBEDTLS_PRIVATE(strong); /**< Is the source strong? */
+} mbedtls_entropy_source_state;
 
 /**
  * \brief           Entropy context structure
  */
-typedef struct mbedtls_entropy_context
-{
+typedef struct mbedtls_entropy_context {
     int MBEDTLS_PRIVATE(accumulator_started); /* 0 after init.
-                              * 1 after the first update.
-                              * -1 after free. */
+                                               * 1 after the first update.
+                                               * -1 after free. */
 #if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
-    mbedtls_sha512_context  MBEDTLS_PRIVATE(accumulator);
+    mbedtls_sha512_context MBEDTLS_PRIVATE(accumulator);
 #else
-    mbedtls_sha256_context  MBEDTLS_PRIVATE(accumulator);
+    mbedtls_sha256_context MBEDTLS_PRIVATE(accumulator);
 #endif
-    int             MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
-    mbedtls_entropy_source_state    MBEDTLS_PRIVATE(source)[MBEDTLS_ENTROPY_MAX_SOURCES];
+    int MBEDTLS_PRIVATE(source_count); /* Number of entries used in source. */
+    mbedtls_entropy_source_state MBEDTLS_PRIVATE(source)
+        [MBEDTLS_ENTROPY_MAX_SOURCES];
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);    /*!< mutex                  */
+    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
 #endif
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
     int MBEDTLS_PRIVATE(initial_entropy_run);
 #endif
-}
-mbedtls_entropy_context;
+} mbedtls_entropy_context;
 
 #if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
 /**
  * \brief           Platform-specific entropy poll callback
  */
-int mbedtls_platform_entropy_poll( void *data,
-                           unsigned char *output, size_t len, size_t *olen );
+int mbedtls_platform_entropy_poll(void *data,
+                                  unsigned char *output,
+                                  size_t len,
+                                  size_t *olen);
 #endif
 
 /**
@@ -158,14 +162,14 @@
  *
  * \param ctx       Entropy context to initialize
  */
-void mbedtls_entropy_init( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_init(mbedtls_entropy_context *ctx);
 
 /**
  * \brief           Free the data in the context
  *
  * \param ctx       Entropy context to free
  */
-void mbedtls_entropy_free( mbedtls_entropy_context *ctx );
+void mbedtls_entropy_free(mbedtls_entropy_context *ctx);
 
 /**
  * \brief           Adds an entropy source to poll
@@ -184,9 +188,11 @@
  *
  * \return          0 if successful or MBEDTLS_ERR_ENTROPY_MAX_SOURCES
  */
-int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
-                        mbedtls_entropy_f_source_ptr f_source, void *p_source,
-                        size_t threshold, int strong );
+int mbedtls_entropy_add_source(mbedtls_entropy_context *ctx,
+                               mbedtls_entropy_f_source_ptr f_source,
+                               void *p_source,
+                               size_t threshold,
+                               int strong);
 
 /**
  * \brief           Trigger an extra gather poll for the accumulator
@@ -196,7 +202,7 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int mbedtls_entropy_gather( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_gather(mbedtls_entropy_context *ctx);
 
 /**
  * \brief           Retrieve entropy from the accumulator
@@ -209,7 +215,7 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int mbedtls_entropy_func( void *data, unsigned char *output, size_t len );
+int mbedtls_entropy_func(void *data, unsigned char *output, size_t len);
 
 /**
  * \brief           Add data to the accumulator manually
@@ -221,8 +227,9 @@
  *
  * \return          0 if successful
  */
-int mbedtls_entropy_update_manual( mbedtls_entropy_context *ctx,
-                           const unsigned char *data, size_t len );
+int mbedtls_entropy_update_manual(mbedtls_entropy_context *ctx,
+                                  const unsigned char *data,
+                                  size_t len);
 
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
 /**
@@ -233,7 +240,7 @@
  *
  * \return          0 if successful
  */
-int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx );
+int mbedtls_entropy_update_nv_seed(mbedtls_entropy_context *ctx);
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
 #if defined(MBEDTLS_FS_IO)
@@ -247,7 +254,8 @@
  *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error, or
  *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_write_seed_file(mbedtls_entropy_context *ctx,
+                                    const char *path);
 
 /**
  * \brief               Read and update a seed file. Seed is added to this
@@ -261,7 +269,8 @@
  *                      MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR on file error,
  *                      MBEDTLS_ERR_ENTROPY_SOURCE_FAILED
  */
-int mbedtls_entropy_update_seed_file( mbedtls_entropy_context *ctx, const char *path );
+int mbedtls_entropy_update_seed_file(mbedtls_entropy_context *ctx,
+                                     const char *path);
 #endif /* MBEDTLS_FS_IO */
 
 #if defined(MBEDTLS_SELF_TEST)
@@ -273,9 +282,9 @@
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int mbedtls_entropy_self_test( int verbose );
+int mbedtls_entropy_self_test(int verbose);
 
-#if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
+#    if defined(MBEDTLS_ENTROPY_HARDWARE_ALT)
 /**
  * \brief          Checkup routine
  *
@@ -289,8 +298,8 @@
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int mbedtls_entropy_source_self_test( int verbose );
-#endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
+int mbedtls_entropy_source_self_test(int verbose);
+#    endif /* MBEDTLS_ENTROPY_HARDWARE_ALT */
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index b546d4d..5ff4366 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -26,9 +26,9 @@
 
 #include <stddef.h>
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+    !defined(__cplusplus)
+#    define inline __inline
 #endif
 
 /**
@@ -109,12 +109,12 @@
 #endif
 
 /** Generic error */
-#define MBEDTLS_ERR_ERROR_GENERIC_ERROR       -0x0001
+#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001
 /** This is a bug in the library */
 #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
 
 /** Hardware accelerator failed */
-#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED     -0x0070
+#define MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED -0x0070
 /** The requested feature is not supported by the platform */
 #define MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED -0x0072
 
@@ -124,15 +124,15 @@
  *        Wrapper macro for mbedtls_error_add(). See that function for
  *        more details.
  */
-#define MBEDTLS_ERROR_ADD( high, low ) \
-        mbedtls_error_add( high, low, __FILE__, __LINE__ )
+#define MBEDTLS_ERROR_ADD(high, low) \
+    mbedtls_error_add(high, low, __FILE__, __LINE__)
 
 #if defined(MBEDTLS_TEST_HOOKS)
 /**
  * \brief Testing hook called before adding/combining two error codes together.
  *        Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
  */
-extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
+extern void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
 #endif
 
 /**
@@ -153,17 +153,17 @@
  * \param file      file where this error code addition occurred.
  * \param line      line where this error code addition occurred.
  */
-static inline int mbedtls_error_add( int high, int low,
-                                     const char *file, int line )
+static inline int
+mbedtls_error_add(int high, int low, const char *file, int line)
 {
 #if defined(MBEDTLS_TEST_HOOKS)
-    if( *mbedtls_test_hook_error_add != NULL )
-        ( *mbedtls_test_hook_error_add )( high, low, file, line );
+    if (*mbedtls_test_hook_error_add != NULL)
+        (*mbedtls_test_hook_error_add)(high, low, file, line);
 #endif
     (void)file;
     (void)line;
 
-    return high + low ;
+    return high + low;
 }
 
 /**
@@ -175,7 +175,7 @@
  * \param buffer    buffer to place representation in
  * \param buflen    length of the buffer
  */
-void mbedtls_strerror( int errnum, char *buffer, size_t buflen );
+void mbedtls_strerror(int errnum, char *buffer, size_t buflen);
 
 /**
  * \brief Translate the high-level part of an Mbed TLS error code into a string
@@ -190,7 +190,7 @@
  * \return The string representation of the error code, or \c NULL if the error
  *         code is unknown.
  */
-const char * mbedtls_high_level_strerr( int error_code );
+const char *mbedtls_high_level_strerr(int error_code);
 
 /**
  * \brief Translate the low-level part of an Mbed TLS error code into a string
@@ -205,7 +205,7 @@
  * \return The string representation of the error code, or \c NULL if the error
  *         code is unknown.
  */
-const char * mbedtls_low_level_strerr( int error_code );
+const char *mbedtls_low_level_strerr(int error_code);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h
index 9d9155f..338f938 100644
--- a/include/mbedtls/gcm.h
+++ b/include/mbedtls/gcm.h
@@ -38,13 +38,13 @@
 
 #include <stdint.h>
 
-#define MBEDTLS_GCM_ENCRYPT     1
-#define MBEDTLS_GCM_DECRYPT     0
+#define MBEDTLS_GCM_ENCRYPT 1
+#define MBEDTLS_GCM_DECRYPT 0
 
 /** Authenticated decryption failed. */
-#define MBEDTLS_ERR_GCM_AUTH_FAILED                       -0x0012
+#define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_GCM_BAD_INPUT                         -0x0014
+#define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014
 
 #ifdef __cplusplus
 extern "C" {
@@ -55,24 +55,26 @@
 /**
  * \brief          The GCM context structure.
  */
-typedef struct mbedtls_gcm_context
-{
-    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);  /*!< The cipher context used. */
-    uint64_t MBEDTLS_PRIVATE(HL)[16];                      /*!< Precalculated HTable low. */
-    uint64_t MBEDTLS_PRIVATE(HH)[16];                      /*!< Precalculated HTable high. */
-    uint64_t MBEDTLS_PRIVATE(len);                         /*!< The total length of the encrypted data. */
-    uint64_t MBEDTLS_PRIVATE(add_len);                     /*!< The total length of the additional data. */
-    unsigned char MBEDTLS_PRIVATE(base_ectr)[16];          /*!< The first ECTR for tag. */
-    unsigned char MBEDTLS_PRIVATE(y)[16];                  /*!< The Y working value. */
-    unsigned char MBEDTLS_PRIVATE(buf)[16];                /*!< The buf working value. */
-    int MBEDTLS_PRIVATE(mode);                             /*!< The operation to perform:
-                                               #MBEDTLS_GCM_ENCRYPT or
-                                               #MBEDTLS_GCM_DECRYPT. */
-}
-mbedtls_gcm_context;
+typedef struct mbedtls_gcm_context {
+    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+                                                             context used. */
+    uint64_t MBEDTLS_PRIVATE(HL)[16]; /*!< Precalculated HTable low. */
+    uint64_t MBEDTLS_PRIVATE(HH)[16]; /*!< Precalculated HTable high. */
+    uint64_t MBEDTLS_PRIVATE(len); /*!< The total length of the encrypted data.
+                                    */
+    uint64_t MBEDTLS_PRIVATE(add_len); /*!< The total length of the additional
+                                          data. */
+    unsigned char MBEDTLS_PRIVATE(base_ectr)[16]; /*!< The first ECTR for tag.
+                                                   */
+    unsigned char MBEDTLS_PRIVATE(y)[16]; /*!< The Y working value. */
+    unsigned char MBEDTLS_PRIVATE(buf)[16]; /*!< The buf working value. */
+    int MBEDTLS_PRIVATE(mode); /*!< The operation to perform:
+                   #MBEDTLS_GCM_ENCRYPT or
+                   #MBEDTLS_GCM_DECRYPT. */
+} mbedtls_gcm_context;
 
-#else  /* !MBEDTLS_GCM_ALT */
-#include "gcm_alt.h"
+#else /* !MBEDTLS_GCM_ALT */
+#    include "gcm_alt.h"
 #endif /* !MBEDTLS_GCM_ALT */
 
 /**
@@ -86,7 +88,7 @@
  *
  * \param ctx       The GCM context to initialize. This must not be \c NULL.
  */
-void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_init(mbedtls_gcm_context *ctx);
 
 /**
  * \brief           This function associates a GCM context with a
@@ -104,10 +106,10 @@
  * \return          \c 0 on success.
  * \return          A cipher-specific error code on failure.
  */
-int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
-                        mbedtls_cipher_id_t cipher,
-                        const unsigned char *key,
-                        unsigned int keybits );
+int mbedtls_gcm_setkey(mbedtls_gcm_context *ctx,
+                       mbedtls_cipher_id_t cipher,
+                       const unsigned char *key,
+                       unsigned int keybits);
 
 /**
  * \brief           This function performs GCM encryption or decryption of a buffer.
@@ -160,17 +162,17 @@
  *                  not valid or a cipher-specific error code if the encryption
  *                  or decryption failed.
  */
-int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
-                       int mode,
-                       size_t length,
-                       const unsigned char *iv,
-                       size_t iv_len,
-                       const unsigned char *add,
-                       size_t add_len,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t tag_len,
-                       unsigned char *tag );
+int mbedtls_gcm_crypt_and_tag(mbedtls_gcm_context *ctx,
+                              int mode,
+                              size_t length,
+                              const unsigned char *iv,
+                              size_t iv_len,
+                              const unsigned char *add,
+                              size_t add_len,
+                              const unsigned char *input,
+                              unsigned char *output,
+                              size_t tag_len,
+                              unsigned char *tag);
 
 /**
  * \brief           This function performs a GCM authenticated decryption of a
@@ -205,16 +207,16 @@
  *                  not valid or a cipher-specific error code if the decryption
  *                  failed.
  */
-int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
-                      size_t length,
-                      const unsigned char *iv,
-                      size_t iv_len,
-                      const unsigned char *add,
-                      size_t add_len,
-                      const unsigned char *tag,
-                      size_t tag_len,
-                      const unsigned char *input,
-                      unsigned char *output );
+int mbedtls_gcm_auth_decrypt(mbedtls_gcm_context *ctx,
+                             size_t length,
+                             const unsigned char *iv,
+                             size_t iv_len,
+                             const unsigned char *add,
+                             size_t add_len,
+                             const unsigned char *tag,
+                             size_t tag_len,
+                             const unsigned char *input,
+                             unsigned char *output);
 
 /**
  * \brief           This function starts a GCM encryption or decryption
@@ -229,10 +231,10 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
-                        int mode,
-                        const unsigned char *iv,
-                        size_t iv_len );
+int mbedtls_gcm_starts(mbedtls_gcm_context *ctx,
+                       int mode,
+                       const unsigned char *iv,
+                       size_t iv_len);
 
 /**
  * \brief           This function feeds an input buffer as associated data
@@ -254,9 +256,9 @@
  *
  * \return          \c 0 on success.
  */
-int mbedtls_gcm_update_ad( mbedtls_gcm_context *ctx,
-                           const unsigned char *add,
-                           size_t add_len );
+int mbedtls_gcm_update_ad(mbedtls_gcm_context *ctx,
+                          const unsigned char *add,
+                          size_t add_len);
 
 /**
  * \brief           This function feeds an input buffer into an ongoing GCM
@@ -309,10 +311,12 @@
  *                 unsupported input/output buffer overlap detected,
  *                 or \p output_size too small.
  */
-int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
-                        const unsigned char *input, size_t input_length,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_length );
+int mbedtls_gcm_update(mbedtls_gcm_context *ctx,
+                       const unsigned char *input,
+                       size_t input_length,
+                       unsigned char *output,
+                       size_t output_size,
+                       size_t *output_length);
 
 /**
  * \brief           This function finishes the GCM operation and generates
@@ -347,10 +351,12 @@
  *                  invalid value of \p tag_len,
  *                  or \p output_size too small.
  */
-int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
-                        unsigned char *output, size_t output_size,
-                        size_t *output_length,
-                        unsigned char *tag, size_t tag_len );
+int mbedtls_gcm_finish(mbedtls_gcm_context *ctx,
+                       unsigned char *output,
+                       size_t output_size,
+                       size_t *output_length,
+                       unsigned char *tag,
+                       size_t tag_len);
 
 /**
  * \brief           This function clears a GCM context and the underlying
@@ -359,7 +365,7 @@
  * \param ctx       The GCM context to clear. If this is \c NULL, the call has
  *                  no effect. Otherwise, this must be initialized.
  */
-void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
+void mbedtls_gcm_free(mbedtls_gcm_context *ctx);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -369,7 +375,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_gcm_self_test( int verbose );
+int mbedtls_gcm_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
@@ -377,5 +383,4 @@
 }
 #endif
 
-
 #endif /* gcm.h */
diff --git a/include/mbedtls/hkdf.h b/include/mbedtls/hkdf.h
index e6bfe05..0e75b71 100644
--- a/include/mbedtls/hkdf.h
+++ b/include/mbedtls/hkdf.h
@@ -34,7 +34,7 @@
  *  \{
  */
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA  -0x5F80
+#define MBEDTLS_ERR_HKDF_BAD_INPUT_DATA -0x5F80
 /* \} name */
 
 #ifdef __cplusplus
@@ -65,10 +65,15 @@
  *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
  *          MD layer.
  */
-int mbedtls_hkdf( const mbedtls_md_info_t *md, const unsigned char *salt,
-                  size_t salt_len, const unsigned char *ikm, size_t ikm_len,
-                  const unsigned char *info, size_t info_len,
-                  unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf(const mbedtls_md_info_t *md,
+                 const unsigned char *salt,
+                 size_t salt_len,
+                 const unsigned char *ikm,
+                 size_t ikm_len,
+                 const unsigned char *info,
+                 size_t info_len,
+                 unsigned char *okm,
+                 size_t okm_len);
 
 /**
  *  \brief  Take the input keying material \p ikm and extract from it a
@@ -94,10 +99,12 @@
  *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
  *          MD layer.
  */
-int mbedtls_hkdf_extract( const mbedtls_md_info_t *md,
-                          const unsigned char *salt, size_t salt_len,
-                          const unsigned char *ikm, size_t ikm_len,
-                          unsigned char *prk );
+int mbedtls_hkdf_extract(const mbedtls_md_info_t *md,
+                         const unsigned char *salt,
+                         size_t salt_len,
+                         const unsigned char *ikm,
+                         size_t ikm_len,
+                         unsigned char *prk);
 
 /**
  *  \brief  Expand the supplied \p prk into several additional pseudorandom
@@ -125,9 +132,13 @@
  *  \return An MBEDTLS_ERR_MD_* error for errors returned from the underlying
  *          MD layer.
  */
-int mbedtls_hkdf_expand( const mbedtls_md_info_t *md, const unsigned char *prk,
-                         size_t prk_len, const unsigned char *info,
-                         size_t info_len, unsigned char *okm, size_t okm_len );
+int mbedtls_hkdf_expand(const mbedtls_md_info_t *md,
+                        const unsigned char *prk,
+                        size_t prk_len,
+                        const unsigned char *info,
+                        size_t info_len,
+                        unsigned char *okm,
+                        size_t okm_len);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 8c0e72d..39401cb 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -32,55 +32,56 @@
 #include "mbedtls/md.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 /*
  * Error codes
  */
 /** Too many random requested in single call. */
-#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG              -0x0003
+#define MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG -0x0003
 /** Input too large (Entropy + additional). */
-#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG                -0x0005
+#define MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG -0x0005
 /** Read/write error in file. */
-#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR                -0x0007
+#define MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR -0x0007
 /** The entropy source failed. */
-#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED        -0x0009
+#define MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED -0x0009
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
 #if !defined(MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
 /** Interval before reseed is performed by default */
-#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000
+#    define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL 10000
 #endif
 
 #if !defined(MBEDTLS_HMAC_DRBG_MAX_INPUT)
 /** Maximum number of additional input bytes */
-#define MBEDTLS_HMAC_DRBG_MAX_INPUT         256
+#    define MBEDTLS_HMAC_DRBG_MAX_INPUT 256
 #endif
 
 #if !defined(MBEDTLS_HMAC_DRBG_MAX_REQUEST)
 /** Maximum number of requested bytes per call */
-#define MBEDTLS_HMAC_DRBG_MAX_REQUEST       1024
+#    define MBEDTLS_HMAC_DRBG_MAX_REQUEST 1024
 #endif
 
 #if !defined(MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT)
 /** Maximum size of (re)seed buffer */
-#define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT    384
+#    define MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT 384
 #endif
 
 /* \} name SECTION: Module settings */
 
 /** No prediction resistance       */
-#define MBEDTLS_HMAC_DRBG_PR_OFF   0
+#define MBEDTLS_HMAC_DRBG_PR_OFF 0
 /** Prediction resistance enabled  */
-#define MBEDTLS_HMAC_DRBG_PR_ON    1
+#define MBEDTLS_HMAC_DRBG_PR_ON 1
 
 #ifdef __cplusplus
 extern "C" {
@@ -89,23 +90,29 @@
 /**
  * HMAC_DRBG context.
  */
-typedef struct mbedtls_hmac_drbg_context
-{
+typedef struct mbedtls_hmac_drbg_context {
     /* Working state: the key K is not stored explicitly,
      * but is implied by the HMAC context */
-    mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx);                    /*!< HMAC context (inc. K)  */
-    unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
-    int MBEDTLS_PRIVATE(reseed_counter);                     /*!< reseed counter         */
+    mbedtls_md_context_t MBEDTLS_PRIVATE(md_ctx); /*!< HMAC context (inc. K)  */
+    unsigned char MBEDTLS_PRIVATE(V)[MBEDTLS_MD_MAX_SIZE]; /*!< V in the spec */
+    int MBEDTLS_PRIVATE(reseed_counter); /*!< reseed counter         */
 
     /* Administrative state */
-    size_t MBEDTLS_PRIVATE(entropy_len);         /*!< entropy bytes grabbed on each (re)seed */
-    int MBEDTLS_PRIVATE(prediction_resistance);  /*!< enable prediction resistance (Automatic
-                                     reseed before every random generation) */
-    int MBEDTLS_PRIVATE(reseed_interval);        /*!< reseed interval   */
+    size_t MBEDTLS_PRIVATE(entropy_len); /*!< entropy bytes grabbed on each
+                                            (re)seed */
+    int MBEDTLS_PRIVATE(prediction_resistance); /*!< enable prediction
+                                    resistance (Automatic reseed before every
+                                    random generation) */
+    int MBEDTLS_PRIVATE(reseed_interval); /*!< reseed interval   */
 
     /* Callbacks */
-    int (*MBEDTLS_PRIVATE(f_entropy))(void *, unsigned char *, size_t); /*!< entropy function */
-    void *MBEDTLS_PRIVATE(p_entropy);            /*!< context for the entropy function        */
+    int (*MBEDTLS_PRIVATE(f_entropy))(void *,
+                                      unsigned char *,
+                                      size_t); /*!<
+                                                  entropy
+                                                  function
+                                                */
+    void *MBEDTLS_PRIVATE(p_entropy); /*!< context for the entropy function */
 
 #if defined(MBEDTLS_THREADING_C)
     /* Invariant: the mutex is initialized if and only if
@@ -126,13 +133,14 @@
  * This function makes the context ready for mbedtls_hmac_drbg_seed(),
  * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
  *
- * \note                The reseed interval is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
+ * \note                The reseed interval is
+ * #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL
  *                      by default. Override this value by calling
  *                      mbedtls_hmac_drbg_set_reseed_interval().
  *
  * \param ctx           HMAC_DRBG context to be initialized.
  */
-void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_init(mbedtls_hmac_drbg_context *ctx);
 
 /**
  * \brief               HMAC_DRBG initial seeding.
@@ -202,12 +210,12 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
  *                      if the call to \p f_entropy failed.
  */
-int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
-                    const mbedtls_md_info_t * md_info,
-                    int (*f_entropy)(void *, unsigned char *, size_t),
-                    void *p_entropy,
-                    const unsigned char *custom,
-                    size_t len );
+int mbedtls_hmac_drbg_seed(mbedtls_hmac_drbg_context *ctx,
+                           const mbedtls_md_info_t *md_info,
+                           int (*f_entropy)(void *, unsigned char *, size_t),
+                           void *p_entropy,
+                           const unsigned char *custom,
+                           size_t len);
 
 /**
  * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
@@ -237,9 +245,10 @@
  * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
  *                      memory to allocate context data.
  */
-int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
-                        const mbedtls_md_info_t * md_info,
-                        const unsigned char *data, size_t data_len );
+int mbedtls_hmac_drbg_seed_buf(mbedtls_hmac_drbg_context *ctx,
+                               const mbedtls_md_info_t *md_info,
+                               const unsigned char *data,
+                               size_t data_len);
 
 /**
  * \brief               This function turns prediction resistance on or off.
@@ -254,8 +263,8 @@
  * \param ctx           The HMAC_DRBG context.
  * \param resistance    #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
  */
-void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
-                                          int resistance );
+void mbedtls_hmac_drbg_set_prediction_resistance(mbedtls_hmac_drbg_context *ctx,
+                                                 int resistance);
 
 /**
  * \brief               This function sets the amount of entropy grabbed on each
@@ -266,8 +275,8 @@
  * \param ctx           The HMAC_DRBG context.
  * \param len           The amount of entropy to grab, in bytes.
  */
-void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
-                                size_t len );
+void mbedtls_hmac_drbg_set_entropy_len(mbedtls_hmac_drbg_context *ctx,
+                                       size_t len);
 
 /**
  * \brief               Set the reseed interval.
@@ -281,8 +290,8 @@
  * \param ctx           The HMAC_DRBG context.
  * \param interval      The reseed interval.
  */
-void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
-                                    int interval );
+void mbedtls_hmac_drbg_set_reseed_interval(mbedtls_hmac_drbg_context *ctx,
+                                           int interval);
 
 /**
  * \brief               This function updates the state of the HMAC_DRBG context.
@@ -301,8 +310,9 @@
  * \return              \c 0 on success, or an error from the underlying
  *                      hash calculation.
  */
-int mbedtls_hmac_drbg_update( mbedtls_hmac_drbg_context *ctx,
-                              const unsigned char *additional, size_t add_len );
+int mbedtls_hmac_drbg_update(mbedtls_hmac_drbg_context *ctx,
+                             const unsigned char *additional,
+                             size_t add_len);
 
 /**
  * \brief               This function reseeds the HMAC_DRBG context, that is
@@ -328,8 +338,9 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
  *                      if a call to the entropy function failed.
  */
-int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
-                      const unsigned char *additional, size_t len );
+int mbedtls_hmac_drbg_reseed(mbedtls_hmac_drbg_context *ctx,
+                             const unsigned char *additional,
+                             size_t len);
 
 /**
  * \brief   This function updates an HMAC_DRBG instance with additional
@@ -362,10 +373,11 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
  *                      \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
  */
-int mbedtls_hmac_drbg_random_with_add( void *p_rng,
-                               unsigned char *output, size_t output_len,
-                               const unsigned char *additional,
-                               size_t add_len );
+int mbedtls_hmac_drbg_random_with_add(void *p_rng,
+                                      unsigned char *output,
+                                      size_t output_len,
+                                      const unsigned char *additional,
+                                      size_t add_len);
 
 /**
  * \brief   This function uses HMAC_DRBG to generate random data.
@@ -394,7 +406,9 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
  *                      \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
  */
-int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
+int mbedtls_hmac_drbg_random(void *p_rng,
+                             unsigned char *output,
+                             size_t out_len);
 
 /**
  * \brief               This function resets HMAC_DRBG context to the state immediately
@@ -402,7 +416,7 @@
  *
  * \param ctx           The HMAC_DRBG context to free.
  */
-void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
+void mbedtls_hmac_drbg_free(mbedtls_hmac_drbg_context *ctx);
 
 #if defined(MBEDTLS_FS_IO)
 /**
@@ -416,7 +430,8 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
  *                      failure.
  */
-int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_write_seed_file(mbedtls_hmac_drbg_context *ctx,
+                                      const char *path);
 
 /**
  * \brief               This function reads and updates a seed file. The seed
@@ -432,10 +447,10 @@
  * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
  *                      seed file is too large.
  */
-int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
+int mbedtls_hmac_drbg_update_seed_file(mbedtls_hmac_drbg_context *ctx,
+                                       const char *path);
 #endif /* MBEDTLS_FS_IO */
 
-
 #if defined(MBEDTLS_SELF_TEST)
 /**
  * \brief               The HMAC_DRBG Checkup routine.
@@ -443,7 +458,7 @@
  * \return              \c 0 if successful.
  * \return              \c 1 if the test failed.
  */
-int mbedtls_hmac_drbg_self_test( int verbose );
+int mbedtls_hmac_drbg_self_test(int verbose);
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 9e48f80..b5b57f1 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -165,8 +165,8 @@
  *
  * Enabling MBEDTLS_PLATFORM_MEMORY without the
  * MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
- * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
- * free() function pointer at runtime.
+ * "mbedtls_platform_set_calloc_free()" allowing you to set an alternative
+ * calloc() and free() function pointer at runtime.
  *
  * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
  * MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
@@ -346,14 +346,14 @@
  * used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
  *
  * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
- * no longer provide the mbedtls_sha1_process() function, but it will still provide
- * the other function (using your mbedtls_sha1_process() function) and the definition
- * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
- * with this definition.
+ * no longer provide the mbedtls_sha1_process() function, but it will still
+ * provide the other function (using your mbedtls_sha1_process() function) and
+ * the definition of mbedtls_sha1_context, so your implementation of
+ * mbedtls_sha1_process must be compatible with this definition.
  *
  * \note If you use the AES_xxx_ALT macros, then it is recommended to also set
- *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES
- *       tables.
+ *       MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the
+ * AES tables.
  *
  * Uncomment a macro to enable alternate implementation of the corresponding
  * function.
@@ -3020,7 +3020,8 @@
 //#define MBEDTLS_MPI_MAX_SIZE            1024
 
 /* CTR_DRBG options */
-/** Amount of entropy used per seed by default (48 with SHA-512, 32 with SHA-256) */
+/** Amount of entropy used per seed by default (48 with SHA-512, 32 with
+ * SHA-256) */
 //#define MBEDTLS_CTR_DRBG_ENTROPY_LEN               48
 /** Interval before reseed is performed by default */
 //#define MBEDTLS_CTR_DRBG_RESEED_INTERVAL        10000
@@ -3052,7 +3053,8 @@
 //#define MBEDTLS_ENTROPY_MAX_SOURCES                20
 /** Maximum amount requested from entropy sources */
 //#define MBEDTLS_ENTROPY_MAX_GATHER                128
-/** Default minimum number of bytes required for the hardware entropy source mbedtls_hardware_poll() before entropy is released */
+/** Default minimum number of bytes required for the hardware entropy source
+ * mbedtls_hardware_poll() before entropy is released */
 //#define MBEDTLS_ENTROPY_MIN_HARDWARE               32
 
 /* Memory buffer allocator options */
@@ -3060,7 +3062,9 @@
 //#define MBEDTLS_MEMORY_ALIGN_MULTIPLE      4
 
 /* Platform options */
-//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
+//#define MBEDTLS_PLATFORM_STD_MEM_HDR   <stdlib.h> /**< Header to include if
+// MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is
+// needed. */
 /** Default allocator to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_CALLOC        calloc
 /** Default free to use, can be undefined */
@@ -3084,19 +3088,23 @@
 //#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read
 /** Default nv_seed_write function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write
-//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to read/write with default implementation */
+//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE  "seedfile" /**< Seed file to
+// read/write with default implementation */
 
 /* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
-/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
+/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be
+ * defined */
 /** Default allocator macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_CALLOC_MACRO        calloc
 /** Default free macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_FREE_MACRO            free
 /** Default exit macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_EXIT_MACRO            exit
-/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
+ * enabled */
 //#define MBEDTLS_PLATFORM_TIME_MACRO            time
-/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
+/** Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be
+ * enabled */
 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t
 /** Default fprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf
@@ -3108,9 +3116,10 @@
 /** Default vsnprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_VSNPRINTF_MACRO    vsnprintf
 /** Default nv_seed_read function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read
+//#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_platform_std_nv_seed_read
 /** Default nv_seed_write function to use, can be undefined */
-//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write
+//#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+// mbedtls_platform_std_nv_seed_write
 
 /* PSA options */
 /**
@@ -3234,7 +3243,8 @@
 
 /** Max size of TLS pre-shared keys, in bytes (default 256 bits) */
 //#define MBEDTLS_PSK_MAX_LEN               32
-/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
+/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
+ * number of cookies issued */
 //#define MBEDTLS_SSL_COOKIE_TIMEOUT        60
 
 /**
@@ -3249,12 +3259,14 @@
  *
  * The value below is only an example, not the default.
  */
-//#define MBEDTLS_SSL_CIPHERSUITES MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
+//#define MBEDTLS_SSL_CIPHERSUITES
+// MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 
 /* X509 options */
 /** Maximum number of intermediate CAs in a verification chain. */
 //#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
-/** Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+/** Maximum length of a path/filename string in bytes including the null
+ * terminator character ('\0'). */
 //#define MBEDTLS_X509_MAX_FILE_PATH_LEN     512
 
 /**
diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h
index fa2b152..56d9082 100644
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@@ -1,4 +1,4 @@
- /**
+/**
  * \file md.h
  *
  * \brief This file contains the generic message-digest wrapper.
@@ -31,13 +31,13 @@
 #include "mbedtls/build_info.h"
 
 /** The selected feature is not available. */
-#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE                -0x5080
+#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_MD_BAD_INPUT_DATA                     -0x5100
+#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100
 /** Failed to allocate memory. */
-#define MBEDTLS_ERR_MD_ALLOC_FAILED                       -0x5180
+#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180
 /** Opening or reading of file failed. */
-#define MBEDTLS_ERR_MD_FILE_IO_ERROR                      -0x5200
+#define MBEDTLS_ERR_MD_FILE_IO_ERROR -0x5200
 
 #ifdef __cplusplus
 extern "C" {
@@ -51,27 +51,28 @@
  *            stronger message digests instead.
  *
  */
-typedef enum {
-    MBEDTLS_MD_NONE=0,    /**< None. */
-    MBEDTLS_MD_MD5,       /**< The MD5 message digest. */
-    MBEDTLS_MD_SHA1,      /**< The SHA-1 message digest. */
-    MBEDTLS_MD_SHA224,    /**< The SHA-224 message digest. */
-    MBEDTLS_MD_SHA256,    /**< The SHA-256 message digest. */
-    MBEDTLS_MD_SHA384,    /**< The SHA-384 message digest. */
-    MBEDTLS_MD_SHA512,    /**< The SHA-512 message digest. */
+typedef enum
+{
+    MBEDTLS_MD_NONE = 0, /**< None. */
+    MBEDTLS_MD_MD5, /**< The MD5 message digest. */
+    MBEDTLS_MD_SHA1, /**< The SHA-1 message digest. */
+    MBEDTLS_MD_SHA224, /**< The SHA-224 message digest. */
+    MBEDTLS_MD_SHA256, /**< The SHA-256 message digest. */
+    MBEDTLS_MD_SHA384, /**< The SHA-384 message digest. */
+    MBEDTLS_MD_SHA512, /**< The SHA-512 message digest. */
     MBEDTLS_MD_RIPEMD160, /**< The RIPEMD-160 message digest. */
 } mbedtls_md_type_t;
 
 #if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_SIZE         64  /* longest known is SHA512 */
+#    define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
 #else
-#define MBEDTLS_MD_MAX_SIZE         32  /* longest known is SHA256 or less */
+#    define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
 #endif
 
 #if defined(MBEDTLS_SHA512_C)
-#define MBEDTLS_MD_MAX_BLOCK_SIZE         128
+#    define MBEDTLS_MD_MAX_BLOCK_SIZE 128
 #else
-#define MBEDTLS_MD_MAX_BLOCK_SIZE         64
+#    define MBEDTLS_MD_MAX_BLOCK_SIZE 64
 #endif
 
 /**
@@ -89,8 +90,7 @@
 /**
  * The generic message-digest context.
  */
-typedef struct mbedtls_md_context_t
-{
+typedef struct mbedtls_md_context_t {
     /** Information about the associated message digest. */
     const mbedtls_md_info_t *MBEDTLS_PRIVATE(md_info);
 
@@ -112,7 +112,7 @@
  *                  message-digest enumeration #mbedtls_md_type_t.
  *                  The last entry is 0.
  */
-const int *mbedtls_md_list( void );
+const int *mbedtls_md_list(void);
 
 /**
  * \brief           This function returns the message-digest information
@@ -123,7 +123,7 @@
  * \return          The message-digest information associated with \p md_name.
  * \return          NULL if the associated message-digest information is not found.
  */
-const mbedtls_md_info_t *mbedtls_md_info_from_string( const char *md_name );
+const mbedtls_md_info_t *mbedtls_md_info_from_string(const char *md_name);
 
 /**
  * \brief           This function returns the message-digest information
@@ -134,7 +134,7 @@
  * \return          The message-digest information associated with \p md_type.
  * \return          NULL if the associated message-digest information is not found.
  */
-const mbedtls_md_info_t *mbedtls_md_info_from_type( mbedtls_md_type_t md_type );
+const mbedtls_md_info_t *mbedtls_md_info_from_type(mbedtls_md_type_t md_type);
 
 /**
  * \brief           This function initializes a message-digest context without
@@ -144,7 +144,7 @@
  *                  context for mbedtls_md_setup() for binding it to a
  *                  message-digest algorithm.
  */
-void mbedtls_md_init( mbedtls_md_context_t *ctx );
+void mbedtls_md_init(mbedtls_md_context_t *ctx);
 
 /**
  * \brief           This function clears the internal structure of \p ctx and
@@ -159,8 +159,7 @@
  *                  You must not call this function if you have not called
  *                  mbedtls_md_init().
  */
-void mbedtls_md_free( mbedtls_md_context_t *ctx );
-
+void mbedtls_md_free(mbedtls_md_context_t *ctx);
 
 /**
  * \brief           This function selects the message digest algorithm to use,
@@ -181,7 +180,9 @@
  *                  failure.
  * \return          #MBEDTLS_ERR_MD_ALLOC_FAILED on memory-allocation failure.
  */
-int mbedtls_md_setup( mbedtls_md_context_t *ctx, const mbedtls_md_info_t *md_info, int hmac );
+int mbedtls_md_setup(mbedtls_md_context_t *ctx,
+                     const mbedtls_md_info_t *md_info,
+                     int hmac);
 
 /**
  * \brief           This function clones the state of an message-digest
@@ -202,8 +203,8 @@
  * \return          \c 0 on success.
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification failure.
  */
-int mbedtls_md_clone( mbedtls_md_context_t *dst,
-                      const mbedtls_md_context_t *src );
+int mbedtls_md_clone(mbedtls_md_context_t *dst,
+                     const mbedtls_md_context_t *src);
 
 /**
  * \brief           This function extracts the message-digest size from the
@@ -214,7 +215,7 @@
  *
  * \return          The size of the message-digest output in Bytes.
  */
-unsigned char mbedtls_md_get_size( const mbedtls_md_info_t *md_info );
+unsigned char mbedtls_md_get_size(const mbedtls_md_info_t *md_info);
 
 /**
  * \brief           This function extracts the message-digest type from the
@@ -225,7 +226,7 @@
  *
  * \return          The type of the message digest.
  */
-mbedtls_md_type_t mbedtls_md_get_type( const mbedtls_md_info_t *md_info );
+mbedtls_md_type_t mbedtls_md_get_type(const mbedtls_md_info_t *md_info);
 
 /**
  * \brief           This function extracts the message-digest name from the
@@ -236,7 +237,7 @@
  *
  * \return          The name of the message digest.
  */
-const char *mbedtls_md_get_name( const mbedtls_md_info_t *md_info );
+const char *mbedtls_md_get_name(const mbedtls_md_info_t *md_info);
 
 /**
  * \brief           This function starts a message-digest computation.
@@ -251,7 +252,7 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_starts( mbedtls_md_context_t *ctx );
+int mbedtls_md_starts(mbedtls_md_context_t *ctx);
 
 /**
  * \brief           This function feeds an input buffer into an ongoing
@@ -269,7 +270,9 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_update( mbedtls_md_context_t *ctx, const unsigned char *input, size_t ilen );
+int mbedtls_md_update(mbedtls_md_context_t *ctx,
+                      const unsigned char *input,
+                      size_t ilen);
 
 /**
  * \brief           This function finishes the digest operation,
@@ -289,7 +292,7 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_finish( mbedtls_md_context_t *ctx, unsigned char *output );
+int mbedtls_md_finish(mbedtls_md_context_t *ctx, unsigned char *output);
 
 /**
  * \brief          This function calculates the message-digest of a buffer,
@@ -309,8 +312,10 @@
  * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                 failure.
  */
-int mbedtls_md( const mbedtls_md_info_t *md_info, const unsigned char *input, size_t ilen,
-        unsigned char *output );
+int mbedtls_md(const mbedtls_md_info_t *md_info,
+               const unsigned char *input,
+               size_t ilen,
+               unsigned char *output);
 
 #if defined(MBEDTLS_FS_IO)
 /**
@@ -330,8 +335,9 @@
  *                 the file pointed by \p path.
  * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info was NULL.
  */
-int mbedtls_md_file( const mbedtls_md_info_t *md_info, const char *path,
-                     unsigned char *output );
+int mbedtls_md_file(const mbedtls_md_info_t *md_info,
+                    const char *path,
+                    unsigned char *output);
 #endif /* MBEDTLS_FS_IO */
 
 /**
@@ -352,8 +358,9 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_hmac_starts( mbedtls_md_context_t *ctx, const unsigned char *key,
-                    size_t keylen );
+int mbedtls_md_hmac_starts(mbedtls_md_context_t *ctx,
+                           const unsigned char *key,
+                           size_t keylen);
 
 /**
  * \brief           This function feeds an input buffer into an ongoing HMAC
@@ -374,8 +381,9 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_hmac_update( mbedtls_md_context_t *ctx, const unsigned char *input,
-                    size_t ilen );
+int mbedtls_md_hmac_update(mbedtls_md_context_t *ctx,
+                           const unsigned char *input,
+                           size_t ilen);
 
 /**
  * \brief           This function finishes the HMAC operation, and writes
@@ -395,7 +403,7 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_hmac_finish( mbedtls_md_context_t *ctx, unsigned char *output);
+int mbedtls_md_hmac_finish(mbedtls_md_context_t *ctx, unsigned char *output);
 
 /**
  * \brief           This function prepares to authenticate a new message with
@@ -412,7 +420,7 @@
  * \return          #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                  failure.
  */
-int mbedtls_md_hmac_reset( mbedtls_md_context_t *ctx );
+int mbedtls_md_hmac_reset(mbedtls_md_context_t *ctx);
 
 /**
  * \brief          This function calculates the full generic HMAC
@@ -436,12 +444,15 @@
  * \return         #MBEDTLS_ERR_MD_BAD_INPUT_DATA on parameter-verification
  *                 failure.
  */
-int mbedtls_md_hmac( const mbedtls_md_info_t *md_info, const unsigned char *key, size_t keylen,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output );
+int mbedtls_md_hmac(const mbedtls_md_info_t *md_info,
+                    const unsigned char *key,
+                    size_t keylen,
+                    const unsigned char *input,
+                    size_t ilen,
+                    unsigned char *output);
 
 /* Internal use */
-int mbedtls_md_process( mbedtls_md_context_t *ctx, const unsigned char *data );
+int mbedtls_md_process(mbedtls_md_context_t *ctx, const unsigned char *data);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/md5.h b/include/mbedtls/md5.h
index e7befc3..26e191a 100644
--- a/include/mbedtls/md5.h
+++ b/include/mbedtls/md5.h
@@ -48,16 +48,15 @@
  *                 stronger message digests instead.
  *
  */
-typedef struct mbedtls_md5_context
-{
-    uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< number of bytes processed  */
-    uint32_t MBEDTLS_PRIVATE(state)[4];          /*!< intermediate digest state  */
-    unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< data block being processed */
-}
-mbedtls_md5_context;
+typedef struct mbedtls_md5_context {
+    uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed  */
+    uint32_t MBEDTLS_PRIVATE(state)[4]; /*!< intermediate digest state  */
+    unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
+                                                */
+} mbedtls_md5_context;
 
-#else  /* MBEDTLS_MD5_ALT */
-#include "md5_alt.h"
+#else /* MBEDTLS_MD5_ALT */
+#    include "md5_alt.h"
 #endif /* MBEDTLS_MD5_ALT */
 
 /**
@@ -70,7 +69,7 @@
  *                 stronger message digests instead.
  *
  */
-void mbedtls_md5_init( mbedtls_md5_context *ctx );
+void mbedtls_md5_init(mbedtls_md5_context *ctx);
 
 /**
  * \brief          Clear MD5 context
@@ -82,7 +81,7 @@
  *                 stronger message digests instead.
  *
  */
-void mbedtls_md5_free( mbedtls_md5_context *ctx );
+void mbedtls_md5_free(mbedtls_md5_context *ctx);
 
 /**
  * \brief          Clone (the state of) an MD5 context
@@ -95,8 +94,8 @@
  *                 stronger message digests instead.
  *
  */
-void mbedtls_md5_clone( mbedtls_md5_context *dst,
-                        const mbedtls_md5_context *src );
+void mbedtls_md5_clone(mbedtls_md5_context *dst,
+                       const mbedtls_md5_context *src);
 
 /**
  * \brief          MD5 context setup
@@ -110,7 +109,7 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_md5_starts( mbedtls_md5_context *ctx );
+int mbedtls_md5_starts(mbedtls_md5_context *ctx);
 
 /**
  * \brief          MD5 process buffer
@@ -126,9 +125,9 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_md5_update( mbedtls_md5_context *ctx,
-                        const unsigned char *input,
-                        size_t ilen );
+int mbedtls_md5_update(mbedtls_md5_context *ctx,
+                       const unsigned char *input,
+                       size_t ilen);
 
 /**
  * \brief          MD5 final digest
@@ -143,8 +142,7 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_md5_finish( mbedtls_md5_context *ctx,
-                        unsigned char output[16] );
+int mbedtls_md5_finish(mbedtls_md5_context *ctx, unsigned char output[16]);
 
 /**
  * \brief          MD5 process data block (internal use only)
@@ -159,8 +157,8 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_internal_md5_process( mbedtls_md5_context *ctx,
-                                  const unsigned char data[64] );
+int mbedtls_internal_md5_process(mbedtls_md5_context *ctx,
+                                 const unsigned char data[64]);
 
 /**
  * \brief          Output = MD5( input buffer )
@@ -176,9 +174,9 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_md5( const unsigned char *input,
-                 size_t ilen,
-                 unsigned char output[16] );
+int mbedtls_md5(const unsigned char *input,
+                size_t ilen,
+                unsigned char output[16]);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -192,7 +190,7 @@
  *                 stronger message digests instead.
  *
  */
-int mbedtls_md5_self_test( int verbose );
+int mbedtls_md5_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/memory_buffer_alloc.h b/include/mbedtls/memory_buffer_alloc.h
index 67ba4f1..72caf1b 100644
--- a/include/mbedtls/memory_buffer_alloc.h
+++ b/include/mbedtls/memory_buffer_alloc.h
@@ -30,21 +30,23 @@
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
 #if !defined(MBEDTLS_MEMORY_ALIGN_MULTIPLE)
 /** Align on multiples of this value */
-#define MBEDTLS_MEMORY_ALIGN_MULTIPLE       4
+#    define MBEDTLS_MEMORY_ALIGN_MULTIPLE 4
 #endif
 
 /* \} name SECTION: Module settings */
 
-#define MBEDTLS_MEMORY_VERIFY_NONE         0
-#define MBEDTLS_MEMORY_VERIFY_ALLOC        (1 << 0)
-#define MBEDTLS_MEMORY_VERIFY_FREE         (1 << 1)
-#define MBEDTLS_MEMORY_VERIFY_ALWAYS       (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
+#define MBEDTLS_MEMORY_VERIFY_NONE  0
+#define MBEDTLS_MEMORY_VERIFY_ALLOC (1 << 0)
+#define MBEDTLS_MEMORY_VERIFY_FREE  (1 << 1)
+#define MBEDTLS_MEMORY_VERIFY_ALWAYS \
+    (MBEDTLS_MEMORY_VERIFY_ALLOC | MBEDTLS_MEMORY_VERIFY_FREE)
 
 #ifdef __cplusplus
 extern "C" {
@@ -65,12 +67,12 @@
  * \param buf   buffer to use as heap
  * \param len   size of the buffer
  */
-void mbedtls_memory_buffer_alloc_init( unsigned char *buf, size_t len );
+void mbedtls_memory_buffer_alloc_init(unsigned char *buf, size_t len);
 
 /**
  * \brief   Free the mutex for thread-safety and clear remaining memory
  */
-void mbedtls_memory_buffer_alloc_free( void );
+void mbedtls_memory_buffer_alloc_free(void);
 
 /**
  * \brief   Determine when the allocator should automatically verify the state
@@ -80,7 +82,7 @@
  * \param verify    One of MBEDTLS_MEMORY_VERIFY_NONE, MBEDTLS_MEMORY_VERIFY_ALLOC,
  *                  MBEDTLS_MEMORY_VERIFY_FREE or MBEDTLS_MEMORY_VERIFY_ALWAYS
  */
-void mbedtls_memory_buffer_set_verify( int verify );
+void mbedtls_memory_buffer_set_verify(int verify);
 
 #if defined(MBEDTLS_MEMORY_DEBUG)
 /**
@@ -89,7 +91,7 @@
  *          Prints out a list of 'still allocated' blocks and their stack
  *          trace if MBEDTLS_MEMORY_BACKTRACE is defined.
  */
-void mbedtls_memory_buffer_alloc_status( void );
+void mbedtls_memory_buffer_alloc_status(void);
 
 /**
  * \brief   Get the peak heap usage so far
@@ -99,12 +101,12 @@
  *                      into smaller blocks but larger than the requested size.
  * \param max_blocks    Peak number of blocks in use, including free and used
  */
-void mbedtls_memory_buffer_alloc_max_get( size_t *max_used, size_t *max_blocks );
+void mbedtls_memory_buffer_alloc_max_get(size_t *max_used, size_t *max_blocks);
 
 /**
  * \brief   Reset peak statistics
  */
-void mbedtls_memory_buffer_alloc_max_reset( void );
+void mbedtls_memory_buffer_alloc_max_reset(void);
 
 /**
  * \brief   Get the current heap usage
@@ -114,7 +116,7 @@
  *                      into smaller blocks but larger than the requested size.
  * \param cur_blocks    Current number of blocks in use, including free and used
  */
-void mbedtls_memory_buffer_alloc_cur_get( size_t *cur_used, size_t *cur_blocks );
+void mbedtls_memory_buffer_alloc_cur_get(size_t *cur_used, size_t *cur_blocks);
 #endif /* MBEDTLS_MEMORY_DEBUG */
 
 /**
@@ -128,7 +130,7 @@
  *
  * \return             0 if verified, 1 otherwise
  */
-int mbedtls_memory_buffer_alloc_verify( void );
+int mbedtls_memory_buffer_alloc_verify(void);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -136,7 +138,7 @@
  *
  * \return         0 if successful, or 1 if a test failed
  */
-int mbedtls_memory_buffer_alloc_self_test( int verbose );
+int mbedtls_memory_buffer_alloc_self_test(int verbose);
 #endif
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index 1a0f790..5aa57d4 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -47,34 +47,34 @@
 #include <stdint.h>
 
 /** Failed to open a socket. */
-#define MBEDTLS_ERR_NET_SOCKET_FAILED                     -0x0042
+#define MBEDTLS_ERR_NET_SOCKET_FAILED -0x0042
 /** The connection to the given server / port failed. */
-#define MBEDTLS_ERR_NET_CONNECT_FAILED                    -0x0044
+#define MBEDTLS_ERR_NET_CONNECT_FAILED -0x0044
 /** Binding of the socket failed. */
-#define MBEDTLS_ERR_NET_BIND_FAILED                       -0x0046
+#define MBEDTLS_ERR_NET_BIND_FAILED -0x0046
 /** Could not listen on the socket. */
-#define MBEDTLS_ERR_NET_LISTEN_FAILED                     -0x0048
+#define MBEDTLS_ERR_NET_LISTEN_FAILED -0x0048
 /** Could not accept the incoming connection. */
-#define MBEDTLS_ERR_NET_ACCEPT_FAILED                     -0x004A
+#define MBEDTLS_ERR_NET_ACCEPT_FAILED -0x004A
 /** Reading information from the socket failed. */
-#define MBEDTLS_ERR_NET_RECV_FAILED                       -0x004C
+#define MBEDTLS_ERR_NET_RECV_FAILED -0x004C
 /** Sending information through the socket failed. */
-#define MBEDTLS_ERR_NET_SEND_FAILED                       -0x004E
+#define MBEDTLS_ERR_NET_SEND_FAILED -0x004E
 /** Connection was reset by peer. */
-#define MBEDTLS_ERR_NET_CONN_RESET                        -0x0050
+#define MBEDTLS_ERR_NET_CONN_RESET -0x0050
 /** Failed to get an IP address for the given hostname. */
-#define MBEDTLS_ERR_NET_UNKNOWN_HOST                      -0x0052
+#define MBEDTLS_ERR_NET_UNKNOWN_HOST -0x0052
 /** Buffer is too small to hold the data. */
-#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL                  -0x0043
+#define MBEDTLS_ERR_NET_BUFFER_TOO_SMALL -0x0043
 /** The context is invalid, eg because it was free()ed. */
-#define MBEDTLS_ERR_NET_INVALID_CONTEXT                   -0x0045
+#define MBEDTLS_ERR_NET_INVALID_CONTEXT -0x0045
 /** Polling the net context failed. */
-#define MBEDTLS_ERR_NET_POLL_FAILED                       -0x0047
+#define MBEDTLS_ERR_NET_POLL_FAILED -0x0047
 /** Input invalid. */
-#define MBEDTLS_ERR_NET_BAD_INPUT_DATA                    -0x0049
+#define MBEDTLS_ERR_NET_BAD_INPUT_DATA -0x0049
 
 /** The backlog that listen() should use. */
-#define MBEDTLS_NET_LISTEN_BACKLOG         10
+#define MBEDTLS_NET_LISTEN_BACKLOG 10
 
 /** The TCP transport protocol */
 #define MBEDTLS_NET_PROTO_TCP 0
@@ -82,7 +82,7 @@
 #define MBEDTLS_NET_PROTO_UDP 1
 
 /** Used in \c mbedtls_net_poll to check for pending data  */
-#define MBEDTLS_NET_POLL_READ  1
+#define MBEDTLS_NET_POLL_READ 1
 /** Used in \c mbedtls_net_poll to check if write possible */
 #define MBEDTLS_NET_POLL_WRITE 2
 
@@ -97,11 +97,9 @@
  * (eg two file descriptors for combined IPv4 + IPv6 support, or additional
  * structures for hand-made UDP demultiplexing).
  */
-typedef struct mbedtls_net_context
-{
-    int MBEDTLS_PRIVATE(fd);             /**< The underlying file descriptor                 */
-}
-mbedtls_net_context;
+typedef struct mbedtls_net_context {
+    int MBEDTLS_PRIVATE(fd); /**< The underlying file descriptor */
+} mbedtls_net_context;
 
 /**
  * \brief          Initialize a context
@@ -109,7 +107,7 @@
  *
  * \param ctx      Context to initialize
  */
-void mbedtls_net_init( mbedtls_net_context *ctx );
+void mbedtls_net_init(mbedtls_net_context *ctx);
 
 /**
  * \brief          Initiate a connection with host:port in the given protocol
@@ -126,7 +124,10 @@
  *
  * \note           Sets the socket in connected mode even with UDP.
  */
-int mbedtls_net_connect( mbedtls_net_context *ctx, const char *host, const char *port, int proto );
+int mbedtls_net_connect(mbedtls_net_context *ctx,
+                        const char *host,
+                        const char *port,
+                        int proto);
 
 /**
  * \brief          Create a receiving socket on bind_ip:port in the chosen
@@ -146,7 +147,10 @@
  * \note           Regardless of the protocol, opens the sockets and binds it.
  *                 In addition, make the socket listening if protocol is TCP.
  */
-int mbedtls_net_bind( mbedtls_net_context *ctx, const char *bind_ip, const char *port, int proto );
+int mbedtls_net_bind(mbedtls_net_context *ctx,
+                     const char *bind_ip,
+                     const char *port,
+                     int proto);
 
 /**
  * \brief           Accept a connection from a remote client
@@ -166,9 +170,11 @@
  *                  MBEDTLS_ERR_SSL_WANT_READ if bind_fd was set to
  *                  non-blocking and accept() would block.
  */
-int mbedtls_net_accept( mbedtls_net_context *bind_ctx,
-                        mbedtls_net_context *client_ctx,
-                        void *client_ip, size_t buf_size, size_t *ip_len );
+int mbedtls_net_accept(mbedtls_net_context *bind_ctx,
+                       mbedtls_net_context *client_ctx,
+                       void *client_ip,
+                       size_t buf_size,
+                       size_t *ip_len);
 
 /**
  * \brief          Check and wait for the context to be ready for read/write
@@ -195,7 +201,7 @@
  * \return         Bitmask composed of MBEDTLS_NET_POLL_READ/WRITE
  *                 on success or timeout, or a negative return code otherwise.
  */
-int mbedtls_net_poll( mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout );
+int mbedtls_net_poll(mbedtls_net_context *ctx, uint32_t rw, uint32_t timeout);
 
 /**
  * \brief          Set the socket blocking
@@ -204,7 +210,7 @@
  *
  * \return         0 if successful, or a non-zero error code
  */
-int mbedtls_net_set_block( mbedtls_net_context *ctx );
+int mbedtls_net_set_block(mbedtls_net_context *ctx);
 
 /**
  * \brief          Set the socket non-blocking
@@ -213,7 +219,7 @@
  *
  * \return         0 if successful, or a non-zero error code
  */
-int mbedtls_net_set_nonblock( mbedtls_net_context *ctx );
+int mbedtls_net_set_nonblock(mbedtls_net_context *ctx);
 
 /**
  * \brief          Portable usleep helper
@@ -223,7 +229,7 @@
  * \note           Real amount of time slept will not be less than
  *                 select()'s timeout granularity (typically, 10ms).
  */
-void mbedtls_net_usleep( unsigned long usec );
+void mbedtls_net_usleep(unsigned long usec);
 
 /**
  * \brief          Read at most 'len' characters. If no error occurs,
@@ -237,7 +243,7 @@
  *                 or a non-zero error code; with a non-blocking socket,
  *                 MBEDTLS_ERR_SSL_WANT_READ indicates read() would block.
  */
-int mbedtls_net_recv( void *ctx, unsigned char *buf, size_t len );
+int mbedtls_net_recv(void *ctx, unsigned char *buf, size_t len);
 
 /**
  * \brief          Write at most 'len' characters. If no error occurs,
@@ -251,7 +257,7 @@
  *                 or a non-zero error code; with a non-blocking socket,
  *                 MBEDTLS_ERR_SSL_WANT_WRITE indicates write() would block.
  */
-int mbedtls_net_send( void *ctx, const unsigned char *buf, size_t len );
+int mbedtls_net_send(void *ctx, const unsigned char *buf, size_t len);
 
 /**
  * \brief          Read at most 'len' characters, blocking for at most
@@ -279,22 +285,24 @@
  *                 non-blocking. Handling timeouts with non-blocking reads
  *                 requires a different strategy.
  */
-int mbedtls_net_recv_timeout( void *ctx, unsigned char *buf, size_t len,
-                      uint32_t timeout );
+int mbedtls_net_recv_timeout(void *ctx,
+                             unsigned char *buf,
+                             size_t len,
+                             uint32_t timeout);
 
 /**
  * \brief          Closes down the connection and free associated data
  *
  * \param ctx      The context to close
  */
-void mbedtls_net_close( mbedtls_net_context *ctx );
+void mbedtls_net_close(mbedtls_net_context *ctx);
 
 /**
  * \brief          Gracefully shutdown the connection and free associated data
  *
  * \param ctx      The context to free
  */
-void mbedtls_net_free( mbedtls_net_context *ctx );
+void mbedtls_net_free(mbedtls_net_context *ctx);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/nist_kw.h b/include/mbedtls/nist_kw.h
index bd6c658..0e30319 100644
--- a/include/mbedtls/nist_kw.h
+++ b/include/mbedtls/nist_kw.h
@@ -62,11 +62,12 @@
  *           Don't make any assumptions on this context!
  */
 typedef struct {
-    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx);    /*!< The cipher context used. */
+    mbedtls_cipher_context_t MBEDTLS_PRIVATE(cipher_ctx); /*!< The cipher
+                                                             context used. */
 } mbedtls_nist_kw_context;
 
-#else  /* MBEDTLS_NIST_key wrapping_ALT */
-#include "nist_kw_alt.h"
+#else /* MBEDTLS_NIST_key wrapping_ALT */
+#    include "nist_kw_alt.h"
 #endif /* MBEDTLS_NIST_KW_ALT */
 
 /**
@@ -77,7 +78,7 @@
  * \param ctx       The key wrapping context to initialize.
  *
  */
-void mbedtls_nist_kw_init( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_init(mbedtls_nist_kw_context *ctx);
 
 /**
  * \brief           This function initializes the key wrapping context set in the
@@ -95,11 +96,11 @@
  *                  which are not supported.
  * \return          cipher-specific error code on failure of the underlying cipher.
  */
-int mbedtls_nist_kw_setkey( mbedtls_nist_kw_context *ctx,
-                            mbedtls_cipher_id_t cipher,
-                            const unsigned char *key,
-                            unsigned int keybits,
-                            const int is_wrap );
+int mbedtls_nist_kw_setkey(mbedtls_nist_kw_context *ctx,
+                           mbedtls_cipher_id_t cipher,
+                           const unsigned char *key,
+                           unsigned int keybits,
+                           const int is_wrap);
 
 /**
  * \brief   This function releases and clears the specified key wrapping context
@@ -107,7 +108,7 @@
  *
  * \param ctx       The key wrapping context to clear.
  */
-void mbedtls_nist_kw_free( mbedtls_nist_kw_context *ctx );
+void mbedtls_nist_kw_free(mbedtls_nist_kw_context *ctx);
 
 /**
  * \brief           This function encrypts a buffer using key wrapping.
@@ -130,9 +131,13 @@
  * \return          \c MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA for invalid input length.
  * \return          cipher-specific error code on failure of the underlying cipher.
  */
-int mbedtls_nist_kw_wrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
-                          const unsigned char *input, size_t in_len,
-                          unsigned char *output, size_t* out_len, size_t out_size );
+int mbedtls_nist_kw_wrap(mbedtls_nist_kw_context *ctx,
+                         mbedtls_nist_kw_mode_t mode,
+                         const unsigned char *input,
+                         size_t in_len,
+                         unsigned char *output,
+                         size_t *out_len,
+                         size_t out_size);
 
 /**
  * \brief           This function decrypts a buffer using key wrapping.
@@ -157,10 +162,13 @@
  * \return          \c MBEDTLS_ERR_CIPHER_AUTH_FAILED for verification failure of the ciphertext.
  * \return          cipher-specific error code on failure of the underlying cipher.
  */
-int mbedtls_nist_kw_unwrap( mbedtls_nist_kw_context *ctx, mbedtls_nist_kw_mode_t mode,
-                            const unsigned char *input, size_t in_len,
-                            unsigned char *output, size_t* out_len, size_t out_size);
-
+int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
+                           mbedtls_nist_kw_mode_t mode,
+                           const unsigned char *input,
+                           size_t in_len,
+                           unsigned char *output,
+                           size_t *out_len,
+                           size_t out_size);
 
 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
 /**
@@ -169,7 +177,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_nist_kw_self_test( int verbose );
+int mbedtls_nist_kw_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h
index 836e455..df4b44a 100644
--- a/include/mbedtls/oid.h
+++ b/include/mbedtls/oid.h
@@ -31,249 +31,395 @@
 #include <stddef.h>
 
 #if defined(MBEDTLS_CIPHER_C)
-#include "mbedtls/cipher.h"
+#    include "mbedtls/cipher.h"
 #endif
 
 #if defined(MBEDTLS_MD_C)
-#include "mbedtls/md.h"
+#    include "mbedtls/md.h"
 #endif
 
 /** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND                         -0x002E
+#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
 /** output buffer is too small */
-#define MBEDTLS_ERR_OID_BUF_TOO_SMALL                     -0x000B
+#define MBEDTLS_ERR_OID_BUF_TOO_SMALL -0x000B
 
 /* This is for the benefit of X.509, but defined here in order to avoid
  * having a "backwards" include of x.509.h here */
 /*
  * X.509 extension types (internal, arbitrary values for bitsets)
  */
-#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER    (1 << 0)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER      (1 << 1)
-#define MBEDTLS_OID_X509_EXT_KEY_USAGE                   (1 << 2)
-#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES        (1 << 3)
-#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS             (1 << 4)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME            (1 << 5)
-#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME             (1 << 6)
-#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS     (1 << 7)
-#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS           (1 << 8)
-#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS            (1 << 9)
-#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS          (1 << 10)
-#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE          (1 << 11)
-#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS     (1 << 12)
-#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY          (1 << 13)
-#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL                (1 << 14)
-#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE                (1 << 16)
+#define MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER   (1 << 1)
+#define MBEDTLS_OID_X509_EXT_KEY_USAGE                (1 << 2)
+#define MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES     (1 << 3)
+#define MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS          (1 << 4)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME         (1 << 5)
+#define MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME          (1 << 6)
+#define MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS  (1 << 7)
+#define MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS        (1 << 8)
+#define MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS         (1 << 9)
+#define MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS       (1 << 10)
+#define MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE       (1 << 11)
+#define MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS  (1 << 12)
+#define MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY       (1 << 13)
+#define MBEDTLS_OID_X509_EXT_FRESHEST_CRL             (1 << 14)
+#define MBEDTLS_OID_X509_EXT_NS_CERT_TYPE             (1 << 16)
 
 /*
  * Top level OID tuples
  */
-#define MBEDTLS_OID_ISO_MEMBER_BODIES           "\x2a"          /* {iso(1) member-body(2)} */
-#define MBEDTLS_OID_ISO_IDENTIFIED_ORG          "\x2b"          /* {iso(1) identified-organization(3)} */
-#define MBEDTLS_OID_ISO_CCITT_DS                "\x55"          /* {joint-iso-ccitt(2) ds(5)} */
-#define MBEDTLS_OID_ISO_ITU_COUNTRY             "\x60"          /* {joint-iso-itu-t(2) country(16)} */
+#define MBEDTLS_OID_ISO_MEMBER_BODIES "\x2a" /* {iso(1) member-body(2)} */
+#define MBEDTLS_OID_ISO_IDENTIFIED_ORG \
+    "\x2b" /* {iso(1) identified-organization(3)} */
+#define MBEDTLS_OID_ISO_CCITT_DS "\x55" /* {joint-iso-ccitt(2) ds(5)} */
+#define MBEDTLS_OID_ISO_ITU_COUNTRY \
+    "\x60" /* {joint-iso-itu-t(2) country(16)} */
 
 /*
  * ISO Member bodies OID parts
  */
-#define MBEDTLS_OID_COUNTRY_US                  "\x86\x48"      /* {us(840)} */
-#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY       "\x86\xf7\x0d"  /* {rsadsi(113549)} */
-#define MBEDTLS_OID_RSA_COMPANY                 MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
-#define MBEDTLS_OID_ORG_ANSI_X9_62              "\xce\x3d" /* ansi-X9-62(10045) */
-#define MBEDTLS_OID_ANSI_X9_62                  MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
-                                        MBEDTLS_OID_ORG_ANSI_X9_62
+#define MBEDTLS_OID_COUNTRY_US            "\x86\x48" /* {us(840)} */
+#define MBEDTLS_OID_ORG_RSA_DATA_SECURITY "\x86\xf7\x0d" /* {rsadsi(113549)} */
+#define MBEDTLS_OID_RSA_COMPANY                          \
+    MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+        MBEDTLS_OID_ORG_RSA_DATA_SECURITY /* {iso(1) member-body(2) us(840) rsadsi(113549)} */
+#define MBEDTLS_OID_ORG_ANSI_X9_62 "\xce\x3d" /* ansi-X9-62(10045) */
+#define MBEDTLS_OID_ANSI_X9_62                           \
+    MBEDTLS_OID_ISO_MEMBER_BODIES MBEDTLS_OID_COUNTRY_US \
+        MBEDTLS_OID_ORG_ANSI_X9_62
 
 /*
  * ISO Identified organization OID parts
  */
-#define MBEDTLS_OID_ORG_DOD                     "\x06"          /* {dod(6)} */
-#define MBEDTLS_OID_ORG_OIW                     "\x0e"
-#define MBEDTLS_OID_OIW_SECSIG                  MBEDTLS_OID_ORG_OIW "\x03"
-#define MBEDTLS_OID_OIW_SECSIG_ALG              MBEDTLS_OID_OIW_SECSIG "\x02"
-#define MBEDTLS_OID_OIW_SECSIG_SHA1             MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
-#define MBEDTLS_OID_ORG_CERTICOM                "\x81\x04"  /* certicom(132) */
-#define MBEDTLS_OID_CERTICOM                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
-#define MBEDTLS_OID_ORG_TELETRUST               "\x24" /* teletrust(36) */
-#define MBEDTLS_OID_TELETRUST                   MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
+#define MBEDTLS_OID_ORG_DOD         "\x06" /* {dod(6)} */
+#define MBEDTLS_OID_ORG_OIW         "\x0e"
+#define MBEDTLS_OID_OIW_SECSIG      MBEDTLS_OID_ORG_OIW "\x03"
+#define MBEDTLS_OID_OIW_SECSIG_ALG  MBEDTLS_OID_OIW_SECSIG "\x02"
+#define MBEDTLS_OID_OIW_SECSIG_SHA1 MBEDTLS_OID_OIW_SECSIG_ALG "\x1a"
+#define MBEDTLS_OID_ORG_CERTICOM    "\x81\x04" /* certicom(132) */
+#define MBEDTLS_OID_CERTICOM \
+    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_CERTICOM
+#define MBEDTLS_OID_ORG_TELETRUST "\x24" /* teletrust(36) */
+#define MBEDTLS_OID_TELETRUST \
+    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_TELETRUST
 
 /*
  * ISO ITU OID parts
  */
-#define MBEDTLS_OID_ORGANIZATION                "\x01"          /* {organization(1)} */
-#define MBEDTLS_OID_ISO_ITU_US_ORG              MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
+#define MBEDTLS_OID_ORGANIZATION "\x01" /* {organization(1)} */
+#define MBEDTLS_OID_ISO_ITU_US_ORG                     \
+    MBEDTLS_OID_ISO_ITU_COUNTRY MBEDTLS_OID_COUNTRY_US \
+        MBEDTLS_OID_ORGANIZATION /* {joint-iso-itu-t(2) country(16) us(840) organization(1)} */
 
-#define MBEDTLS_OID_ORG_GOV                     "\x65"          /* {gov(101)} */
-#define MBEDTLS_OID_GOV                         MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
+#define MBEDTLS_OID_ORG_GOV "\x65" /* {gov(101)} */
+#define MBEDTLS_OID_GOV        \
+    MBEDTLS_OID_ISO_ITU_US_ORG \
+    MBEDTLS_OID_ORG_GOV /* {joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101)} */
 
-#define MBEDTLS_OID_ORG_NETSCAPE                "\x86\xF8\x42"  /* {netscape(113730)} */
-#define MBEDTLS_OID_NETSCAPE                    MBEDTLS_OID_ISO_ITU_US_ORG MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
+#define MBEDTLS_OID_ORG_NETSCAPE "\x86\xF8\x42" /* {netscape(113730)} */
+#define MBEDTLS_OID_NETSCAPE   \
+    MBEDTLS_OID_ISO_ITU_US_ORG \
+    MBEDTLS_OID_ORG_NETSCAPE /* Netscape OID {joint-iso-itu-t(2) country(16) us(840) organization(1) netscape(113730)} */
 
 /* ISO arc for standard certificate and CRL extensions */
-#define MBEDTLS_OID_ID_CE                       MBEDTLS_OID_ISO_CCITT_DS "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
+#define MBEDTLS_OID_ID_CE    \
+    MBEDTLS_OID_ISO_CCITT_DS \
+    "\x1D" /**< id-ce OBJECT IDENTIFIER  ::=  {joint-iso-ccitt(2) ds(5) 29} */
 
-#define MBEDTLS_OID_NIST_ALG                    MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) */
+#define MBEDTLS_OID_NIST_ALG                                                \
+    MBEDTLS_OID_GOV "\x03\x04" /** { joint-iso-itu-t(2) country(16) us(840) \
+                                  organization(1) gov(101) csor(3)          \
+                                  nistAlgorithm(4) */
 
 /**
  * Private Internet Extensions
  * { iso(1) identified-organization(3) dod(6) internet(1)
  *                      security(5) mechanisms(5) pkix(7) }
  */
-#define MBEDTLS_OID_INTERNET                    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
-#define MBEDTLS_OID_PKIX                        MBEDTLS_OID_INTERNET "\x05\x05\x07"
+#define MBEDTLS_OID_INTERNET \
+    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_ORG_DOD "\x01"
+#define MBEDTLS_OID_PKIX MBEDTLS_OID_INTERNET "\x05\x05\x07"
 
 /*
  * Arc for standard naming attributes
  */
-#define MBEDTLS_OID_AT                          MBEDTLS_OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
-#define MBEDTLS_OID_AT_CN                       MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
-#define MBEDTLS_OID_AT_SUR_NAME                 MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
-#define MBEDTLS_OID_AT_SERIAL_NUMBER            MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
-#define MBEDTLS_OID_AT_COUNTRY                  MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
-#define MBEDTLS_OID_AT_LOCALITY                 MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
-#define MBEDTLS_OID_AT_STATE                    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
-#define MBEDTLS_OID_AT_ORGANIZATION             MBEDTLS_OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
-#define MBEDTLS_OID_AT_ORG_UNIT                 MBEDTLS_OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
-#define MBEDTLS_OID_AT_TITLE                    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
-#define MBEDTLS_OID_AT_POSTAL_ADDRESS           MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
-#define MBEDTLS_OID_AT_POSTAL_CODE              MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
-#define MBEDTLS_OID_AT_GIVEN_NAME               MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
-#define MBEDTLS_OID_AT_INITIALS                 MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
-#define MBEDTLS_OID_AT_GENERATION_QUALIFIER     MBEDTLS_OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
-#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER        MBEDTLS_OID_AT "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
-#define MBEDTLS_OID_AT_DN_QUALIFIER             MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
-#define MBEDTLS_OID_AT_PSEUDONYM                MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+#define MBEDTLS_OID_AT       \
+    MBEDTLS_OID_ISO_CCITT_DS \
+    "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
+#define MBEDTLS_OID_AT_CN \
+    MBEDTLS_OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define MBEDTLS_OID_AT_SUR_NAME \
+    MBEDTLS_OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
+#define MBEDTLS_OID_AT_SERIAL_NUMBER \
+    MBEDTLS_OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
+#define MBEDTLS_OID_AT_COUNTRY \
+    MBEDTLS_OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
+#define MBEDTLS_OID_AT_LOCALITY \
+    MBEDTLS_OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
+#define MBEDTLS_OID_AT_STATE \
+    MBEDTLS_OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
+#define MBEDTLS_OID_AT_ORGANIZATION \
+    MBEDTLS_OID_AT                  \
+    "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
+#define MBEDTLS_OID_AT_ORG_UNIT \
+    MBEDTLS_OID_AT              \
+    "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define MBEDTLS_OID_AT_TITLE \
+    MBEDTLS_OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
+#define MBEDTLS_OID_AT_POSTAL_ADDRESS \
+    MBEDTLS_OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
+#define MBEDTLS_OID_AT_POSTAL_CODE \
+    MBEDTLS_OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define MBEDTLS_OID_AT_GIVEN_NAME \
+    MBEDTLS_OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define MBEDTLS_OID_AT_INITIALS \
+    MBEDTLS_OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define MBEDTLS_OID_AT_GENERATION_QUALIFIER \
+    MBEDTLS_OID_AT                          \
+    "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define MBEDTLS_OID_AT_UNIQUE_IDENTIFIER \
+    MBEDTLS_OID_AT                       \
+    "\x2D" /**< id-at-uniqueIdentifier AttributType:= {id-at 45} */
+#define MBEDTLS_OID_AT_DN_QUALIFIER \
+    MBEDTLS_OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define MBEDTLS_OID_AT_PSEUDONYM \
+    MBEDTLS_OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
 
-#define MBEDTLS_OID_UID                         "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
-#define MBEDTLS_OID_DOMAIN_COMPONENT            "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
+#define MBEDTLS_OID_UID \
+    "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x01" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) uid(1)} */
+#define MBEDTLS_OID_DOMAIN_COMPONENT \
+    "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
 
 /*
  * OIDs for standard certificate extensions
  */
-#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER    MBEDTLS_OID_ID_CE "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
-#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER      MBEDTLS_OID_ID_CE "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
-#define MBEDTLS_OID_KEY_USAGE                   MBEDTLS_OID_ID_CE "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
-#define MBEDTLS_OID_CERTIFICATE_POLICIES        MBEDTLS_OID_ID_CE "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
-#define MBEDTLS_OID_POLICY_MAPPINGS             MBEDTLS_OID_ID_CE "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
-#define MBEDTLS_OID_SUBJECT_ALT_NAME            MBEDTLS_OID_ID_CE "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
-#define MBEDTLS_OID_ISSUER_ALT_NAME             MBEDTLS_OID_ID_CE "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
-#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS     MBEDTLS_OID_ID_CE "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
-#define MBEDTLS_OID_BASIC_CONSTRAINTS           MBEDTLS_OID_ID_CE "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
-#define MBEDTLS_OID_NAME_CONSTRAINTS            MBEDTLS_OID_ID_CE "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
-#define MBEDTLS_OID_POLICY_CONSTRAINTS          MBEDTLS_OID_ID_CE "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
-#define MBEDTLS_OID_EXTENDED_KEY_USAGE          MBEDTLS_OID_ID_CE "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
-#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS     MBEDTLS_OID_ID_CE "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
-#define MBEDTLS_OID_INIHIBIT_ANYPOLICY          MBEDTLS_OID_ID_CE "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
-#define MBEDTLS_OID_FRESHEST_CRL                MBEDTLS_OID_ID_CE "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
+#define MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER \
+    MBEDTLS_OID_ID_CE                        \
+    "\x23" /**< id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 35 } */
+#define MBEDTLS_OID_SUBJECT_KEY_IDENTIFIER \
+    MBEDTLS_OID_ID_CE                      \
+    "\x0E" /**< id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::=  { id-ce 14 } */
+#define MBEDTLS_OID_KEY_USAGE \
+    MBEDTLS_OID_ID_CE         \
+    "\x0F" /**< id-ce-keyUsage OBJECT IDENTIFIER ::=  { id-ce 15 } */
+#define MBEDTLS_OID_CERTIFICATE_POLICIES \
+    MBEDTLS_OID_ID_CE                    \
+    "\x20" /**< id-ce-certificatePolicies OBJECT IDENTIFIER ::=  { id-ce 32 } */
+#define MBEDTLS_OID_POLICY_MAPPINGS \
+    MBEDTLS_OID_ID_CE               \
+    "\x21" /**< id-ce-policyMappings OBJECT IDENTIFIER ::=  { id-ce 33 } */
+#define MBEDTLS_OID_SUBJECT_ALT_NAME \
+    MBEDTLS_OID_ID_CE                \
+    "\x11" /**< id-ce-subjectAltName OBJECT IDENTIFIER ::=  { id-ce 17 } */
+#define MBEDTLS_OID_ISSUER_ALT_NAME \
+    MBEDTLS_OID_ID_CE               \
+    "\x12" /**< id-ce-issuerAltName OBJECT IDENTIFIER ::=  { id-ce 18 } */
+#define MBEDTLS_OID_SUBJECT_DIRECTORY_ATTRS \
+    MBEDTLS_OID_ID_CE                       \
+    "\x09" /**< id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=  { id-ce 9 } */
+#define MBEDTLS_OID_BASIC_CONSTRAINTS \
+    MBEDTLS_OID_ID_CE                 \
+    "\x13" /**< id-ce-basicConstraints OBJECT IDENTIFIER ::=  { id-ce 19 } */
+#define MBEDTLS_OID_NAME_CONSTRAINTS \
+    MBEDTLS_OID_ID_CE                \
+    "\x1E" /**< id-ce-nameConstraints OBJECT IDENTIFIER ::=  { id-ce 30 } */
+#define MBEDTLS_OID_POLICY_CONSTRAINTS \
+    MBEDTLS_OID_ID_CE                  \
+    "\x24" /**< id-ce-policyConstraints OBJECT IDENTIFIER ::=  { id-ce 36 } */
+#define MBEDTLS_OID_EXTENDED_KEY_USAGE \
+    MBEDTLS_OID_ID_CE                  \
+    "\x25" /**< id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 } */
+#define MBEDTLS_OID_CRL_DISTRIBUTION_POINTS \
+    MBEDTLS_OID_ID_CE                       \
+    "\x1F" /**< id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::=  { id-ce 31 } */
+#define MBEDTLS_OID_INIHIBIT_ANYPOLICY \
+    MBEDTLS_OID_ID_CE                  \
+    "\x36" /**< id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::=  { id-ce 54 } */
+#define MBEDTLS_OID_FRESHEST_CRL \
+    MBEDTLS_OID_ID_CE            \
+    "\x2E" /**< id-ce-freshestCRL OBJECT IDENTIFIER ::=  { id-ce 46 } */
 
 /*
  * Certificate policies
  */
-#define MBEDTLS_OID_ANY_POLICY              MBEDTLS_OID_CERTIFICATE_POLICIES "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
+#define MBEDTLS_OID_ANY_POLICY       \
+    MBEDTLS_OID_CERTIFICATE_POLICIES \
+    "\x00" /**< anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } */
 
 /*
  * Netscape certificate extensions
  */
-#define MBEDTLS_OID_NS_CERT                 MBEDTLS_OID_NETSCAPE "\x01"
-#define MBEDTLS_OID_NS_CERT_TYPE            MBEDTLS_OID_NS_CERT  "\x01"
-#define MBEDTLS_OID_NS_BASE_URL             MBEDTLS_OID_NS_CERT  "\x02"
-#define MBEDTLS_OID_NS_REVOCATION_URL       MBEDTLS_OID_NS_CERT  "\x03"
-#define MBEDTLS_OID_NS_CA_REVOCATION_URL    MBEDTLS_OID_NS_CERT  "\x04"
-#define MBEDTLS_OID_NS_RENEWAL_URL          MBEDTLS_OID_NS_CERT  "\x07"
-#define MBEDTLS_OID_NS_CA_POLICY_URL        MBEDTLS_OID_NS_CERT  "\x08"
-#define MBEDTLS_OID_NS_SSL_SERVER_NAME      MBEDTLS_OID_NS_CERT  "\x0C"
-#define MBEDTLS_OID_NS_COMMENT              MBEDTLS_OID_NS_CERT  "\x0D"
-#define MBEDTLS_OID_NS_DATA_TYPE            MBEDTLS_OID_NETSCAPE "\x02"
-#define MBEDTLS_OID_NS_CERT_SEQUENCE        MBEDTLS_OID_NS_DATA_TYPE "\x05"
+#define MBEDTLS_OID_NS_CERT              MBEDTLS_OID_NETSCAPE "\x01"
+#define MBEDTLS_OID_NS_CERT_TYPE         MBEDTLS_OID_NS_CERT "\x01"
+#define MBEDTLS_OID_NS_BASE_URL          MBEDTLS_OID_NS_CERT "\x02"
+#define MBEDTLS_OID_NS_REVOCATION_URL    MBEDTLS_OID_NS_CERT "\x03"
+#define MBEDTLS_OID_NS_CA_REVOCATION_URL MBEDTLS_OID_NS_CERT "\x04"
+#define MBEDTLS_OID_NS_RENEWAL_URL       MBEDTLS_OID_NS_CERT "\x07"
+#define MBEDTLS_OID_NS_CA_POLICY_URL     MBEDTLS_OID_NS_CERT "\x08"
+#define MBEDTLS_OID_NS_SSL_SERVER_NAME   MBEDTLS_OID_NS_CERT "\x0C"
+#define MBEDTLS_OID_NS_COMMENT           MBEDTLS_OID_NS_CERT "\x0D"
+#define MBEDTLS_OID_NS_DATA_TYPE         MBEDTLS_OID_NETSCAPE "\x02"
+#define MBEDTLS_OID_NS_CERT_SEQUENCE     MBEDTLS_OID_NS_DATA_TYPE "\x05"
 
 /*
  * OIDs for CRL extensions
  */
-#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD    MBEDTLS_OID_ID_CE "\x10"
-#define MBEDTLS_OID_CRL_NUMBER                  MBEDTLS_OID_ID_CE "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
+#define MBEDTLS_OID_PRIVATE_KEY_USAGE_PERIOD MBEDTLS_OID_ID_CE "\x10"
+#define MBEDTLS_OID_CRL_NUMBER \
+    MBEDTLS_OID_ID_CE          \
+    "\x14" /**< id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } */
 
 /*
  * X.509 v3 Extended key usage OIDs
  */
-#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE      MBEDTLS_OID_EXTENDED_KEY_USAGE "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
+#define MBEDTLS_OID_ANY_EXTENDED_KEY_USAGE \
+    MBEDTLS_OID_EXTENDED_KEY_USAGE         \
+    "\x00" /**< anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } */
 
-#define MBEDTLS_OID_KP                          MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
-#define MBEDTLS_OID_SERVER_AUTH                 MBEDTLS_OID_KP "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
-#define MBEDTLS_OID_CLIENT_AUTH                 MBEDTLS_OID_KP "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
-#define MBEDTLS_OID_CODE_SIGNING                MBEDTLS_OID_KP "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
-#define MBEDTLS_OID_EMAIL_PROTECTION            MBEDTLS_OID_KP "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
-#define MBEDTLS_OID_TIME_STAMPING               MBEDTLS_OID_KP "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
-#define MBEDTLS_OID_OCSP_SIGNING                MBEDTLS_OID_KP "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
+#define MBEDTLS_OID_KP \
+    MBEDTLS_OID_PKIX "\x03" /**< id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } */
+#define MBEDTLS_OID_SERVER_AUTH \
+    MBEDTLS_OID_KP              \
+    "\x01" /**< id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } */
+#define MBEDTLS_OID_CLIENT_AUTH \
+    MBEDTLS_OID_KP              \
+    "\x02" /**< id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } */
+#define MBEDTLS_OID_CODE_SIGNING \
+    MBEDTLS_OID_KP               \
+    "\x03" /**< id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } */
+#define MBEDTLS_OID_EMAIL_PROTECTION \
+    MBEDTLS_OID_KP                   \
+    "\x04" /**< id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } */
+#define MBEDTLS_OID_TIME_STAMPING \
+    MBEDTLS_OID_KP                \
+    "\x08" /**< id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } */
+#define MBEDTLS_OID_OCSP_SIGNING \
+    MBEDTLS_OID_KP               \
+    "\x09" /**< id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } */
 
 /**
  * Wi-SUN Alliance Field Area Network
  * { iso(1) identified-organization(3) dod(6) internet(1)
  *                      private(4) enterprise(1) WiSUN(45605) FieldAreaNetwork(1) }
  */
-#define MBEDTLS_OID_WISUN_FAN                   MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
+#define MBEDTLS_OID_WISUN_FAN MBEDTLS_OID_INTERNET "\x04\x01\x82\xe4\x25\x01"
 
-#define MBEDTLS_OID_ON                          MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
-#define MBEDTLS_OID_ON_HW_MODULE_NAME           MBEDTLS_OID_ON "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
+#define MBEDTLS_OID_ON \
+    MBEDTLS_OID_PKIX "\x08" /**< id-on OBJECT IDENTIFIER ::= { id-pkix 8 } */
+#define MBEDTLS_OID_ON_HW_MODULE_NAME \
+    MBEDTLS_OID_ON                    \
+    "\x04" /**< id-on-hardwareModuleName OBJECT IDENTIFIER ::= { id-on 4 } */
 
 /*
  * PKCS definition OIDs
  */
 
-#define MBEDTLS_OID_PKCS                MBEDTLS_OID_RSA_COMPANY "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
-#define MBEDTLS_OID_PKCS1               MBEDTLS_OID_PKCS "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
-#define MBEDTLS_OID_PKCS5               MBEDTLS_OID_PKCS "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
-#define MBEDTLS_OID_PKCS9               MBEDTLS_OID_PKCS "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
-#define MBEDTLS_OID_PKCS12              MBEDTLS_OID_PKCS "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
+#define MBEDTLS_OID_PKCS    \
+    MBEDTLS_OID_RSA_COMPANY \
+    "\x01" /**< pkcs OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) 1 } */
+#define MBEDTLS_OID_PKCS1 \
+    MBEDTLS_OID_PKCS      \
+    "\x01" /**< pkcs-1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } */
+#define MBEDTLS_OID_PKCS5 \
+    MBEDTLS_OID_PKCS      \
+    "\x05" /**< pkcs-5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 5 } */
+#define MBEDTLS_OID_PKCS9 \
+    MBEDTLS_OID_PKCS      \
+    "\x09" /**< pkcs-9 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } */
+#define MBEDTLS_OID_PKCS12 \
+    MBEDTLS_OID_PKCS       \
+    "\x0c" /**< pkcs-12 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 12 } */
 
 /*
  * PKCS#1 OIDs
  */
-#define MBEDTLS_OID_PKCS1_RSA           MBEDTLS_OID_PKCS1 "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
-#define MBEDTLS_OID_PKCS1_MD5           MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
-#define MBEDTLS_OID_PKCS1_SHA1          MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
-#define MBEDTLS_OID_PKCS1_SHA224        MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
-#define MBEDTLS_OID_PKCS1_SHA256        MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
-#define MBEDTLS_OID_PKCS1_SHA384        MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
-#define MBEDTLS_OID_PKCS1_SHA512        MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
+#define MBEDTLS_OID_PKCS1_RSA \
+    MBEDTLS_OID_PKCS1         \
+    "\x01" /**< rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } */
+#define MBEDTLS_OID_PKCS1_MD5 \
+    MBEDTLS_OID_PKCS1 "\x04" /**< md5WithRSAEncryption ::= { pkcs-1 4 } */
+#define MBEDTLS_OID_PKCS1_SHA1 \
+    MBEDTLS_OID_PKCS1 "\x05" /**< sha1WithRSAEncryption ::= { pkcs-1 5 } */
+#define MBEDTLS_OID_PKCS1_SHA224 \
+    MBEDTLS_OID_PKCS1 "\x0e" /**< sha224WithRSAEncryption ::= { pkcs-1 14 } */
+#define MBEDTLS_OID_PKCS1_SHA256 \
+    MBEDTLS_OID_PKCS1 "\x0b" /**< sha256WithRSAEncryption ::= { pkcs-1 11 } */
+#define MBEDTLS_OID_PKCS1_SHA384 \
+    MBEDTLS_OID_PKCS1 "\x0c" /**< sha384WithRSAEncryption ::= { pkcs-1 12 } */
+#define MBEDTLS_OID_PKCS1_SHA512 \
+    MBEDTLS_OID_PKCS1 "\x0d" /**< sha512WithRSAEncryption ::= { pkcs-1 13 } */
 
-#define MBEDTLS_OID_RSA_SHA_OBS         "\x2B\x0E\x03\x02\x1D"
+#define MBEDTLS_OID_RSA_SHA_OBS "\x2B\x0E\x03\x02\x1D"
 
-#define MBEDTLS_OID_PKCS9_EMAIL         MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
+#define MBEDTLS_OID_PKCS9_EMAIL \
+    MBEDTLS_OID_PKCS9 "\x01" /**< emailAddress AttributeType ::= { pkcs-9 1 } */
 
 /* RFC 4055 */
-#define MBEDTLS_OID_RSASSA_PSS          MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
-#define MBEDTLS_OID_MGF1                MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
+#define MBEDTLS_OID_RSASSA_PSS \
+    MBEDTLS_OID_PKCS1 "\x0a" /**< id-RSASSA-PSS ::= { pkcs-1 10 } */
+#define MBEDTLS_OID_MGF1 \
+    MBEDTLS_OID_PKCS1 "\x08" /**< id-mgf1 ::= { pkcs-1 8 } */
 
 /*
  * Digest algorithms
  */
-#define MBEDTLS_OID_DIGEST_ALG_MD5              MBEDTLS_OID_RSA_COMPANY "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA1             MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA224           MBEDTLS_OID_NIST_ALG "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
-#define MBEDTLS_OID_DIGEST_ALG_SHA256           MBEDTLS_OID_NIST_ALG "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
+#define MBEDTLS_OID_DIGEST_ALG_MD5 \
+    MBEDTLS_OID_RSA_COMPANY        \
+    "\x02\x05" /**< id-mbedtls_md5 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 5 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA1 \
+    MBEDTLS_OID_ISO_IDENTIFIED_ORG  \
+    MBEDTLS_OID_OIW_SECSIG_SHA1 /**< id-mbedtls_sha1 OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 26 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA224 \
+    MBEDTLS_OID_NIST_ALG              \
+    "\x02\x04" /**< id-sha224 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 4 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA256 \
+    MBEDTLS_OID_NIST_ALG              \
+    "\x02\x01" /**< id-mbedtls_sha256 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 1 } */
 
-#define MBEDTLS_OID_DIGEST_ALG_SHA384           MBEDTLS_OID_NIST_ALG "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA384 \
+    MBEDTLS_OID_NIST_ALG              \
+    "\x02\x02" /**< id-sha384 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 2 } */
 
-#define MBEDTLS_OID_DIGEST_ALG_SHA512           MBEDTLS_OID_NIST_ALG "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
+#define MBEDTLS_OID_DIGEST_ALG_SHA512 \
+    MBEDTLS_OID_NIST_ALG              \
+    "\x02\x03" /**< id-mbedtls_sha512 OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistalgorithm(4) hashalgs(2) 3 } */
 
-#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160        MBEDTLS_OID_TELETRUST "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
+#define MBEDTLS_OID_DIGEST_ALG_RIPEMD160 \
+    MBEDTLS_OID_TELETRUST                \
+    "\x03\x02\x01" /**< id-ripemd160 OBJECT IDENTIFIER :: { iso(1) identified-organization(3) teletrust(36) algorithm(3) hashAlgorithm(2) ripemd160(1) } */
 
-#define MBEDTLS_OID_HMAC_SHA1                   MBEDTLS_OID_RSA_COMPANY "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
+#define MBEDTLS_OID_HMAC_SHA1 \
+    MBEDTLS_OID_RSA_COMPANY   \
+    "\x02\x07" /**< id-hmacWithSHA1 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 7 } */
 
-#define MBEDTLS_OID_HMAC_SHA224                 MBEDTLS_OID_RSA_COMPANY "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
+#define MBEDTLS_OID_HMAC_SHA224 \
+    MBEDTLS_OID_RSA_COMPANY     \
+    "\x02\x08" /**< id-hmacWithSHA224 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 8 } */
 
-#define MBEDTLS_OID_HMAC_SHA256                 MBEDTLS_OID_RSA_COMPANY "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
+#define MBEDTLS_OID_HMAC_SHA256 \
+    MBEDTLS_OID_RSA_COMPANY     \
+    "\x02\x09" /**< id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 } */
 
-#define MBEDTLS_OID_HMAC_SHA384                 MBEDTLS_OID_RSA_COMPANY "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
+#define MBEDTLS_OID_HMAC_SHA384 \
+    MBEDTLS_OID_RSA_COMPANY     \
+    "\x02\x0A" /**< id-hmacWithSHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 10 } */
 
-#define MBEDTLS_OID_HMAC_SHA512                 MBEDTLS_OID_RSA_COMPANY "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
+#define MBEDTLS_OID_HMAC_SHA512 \
+    MBEDTLS_OID_RSA_COMPANY     \
+    "\x02\x0B" /**< id-hmacWithSHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 11 } */
 
 /*
  * Encryption algorithms
  */
-#define MBEDTLS_OID_DES_CBC                     MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
-#define MBEDTLS_OID_DES_EDE3_CBC                MBEDTLS_OID_RSA_COMPANY "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
-#define MBEDTLS_OID_AES                         MBEDTLS_OID_NIST_ALG "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
+#define MBEDTLS_OID_DES_CBC                                   \
+    MBEDTLS_OID_ISO_IDENTIFIED_ORG MBEDTLS_OID_OIW_SECSIG_ALG \
+        "\x07" /**< desCBC OBJECT IDENTIFIER ::= { iso(1) identified-organization(3) oiw(14) secsig(3) algorithms(2) 7 } */
+#define MBEDTLS_OID_DES_EDE3_CBC \
+    MBEDTLS_OID_RSA_COMPANY      \
+    "\x03\x07" /**< des-ede3-cbc OBJECT IDENTIFIER ::= { iso(1) member-body(2) -- us(840) rsadsi(113549) encryptionAlgorithm(3) 7 } */
+#define MBEDTLS_OID_AES  \
+    MBEDTLS_OID_NIST_ALG \
+    "\x01" /** aes OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) 1 } */
 
 /*
  * Key Wrapping algorithms
@@ -281,41 +427,76 @@
 /*
  * RFC 5649
  */
-#define MBEDTLS_OID_AES128_KW                   MBEDTLS_OID_AES "\x05" /** id-aes128-wrap     OBJECT IDENTIFIER ::= { aes 5 } */
-#define MBEDTLS_OID_AES128_KWP                  MBEDTLS_OID_AES "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
-#define MBEDTLS_OID_AES192_KW                   MBEDTLS_OID_AES "\x19" /** id-aes192-wrap     OBJECT IDENTIFIER ::= { aes 25 } */
-#define MBEDTLS_OID_AES192_KWP                  MBEDTLS_OID_AES "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
-#define MBEDTLS_OID_AES256_KW                   MBEDTLS_OID_AES "\x2d" /** id-aes256-wrap     OBJECT IDENTIFIER ::= { aes 45 } */
-#define MBEDTLS_OID_AES256_KWP                  MBEDTLS_OID_AES "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
+#define MBEDTLS_OID_AES128_KW \
+    MBEDTLS_OID_AES           \
+    "\x05" /** id-aes128-wrap     OBJECT IDENTIFIER ::= { aes 5 } */
+#define MBEDTLS_OID_AES128_KWP \
+    MBEDTLS_OID_AES            \
+    "\x08" /** id-aes128-wrap-pad OBJECT IDENTIFIER ::= { aes 8 } */
+#define MBEDTLS_OID_AES192_KW \
+    MBEDTLS_OID_AES           \
+    "\x19" /** id-aes192-wrap     OBJECT IDENTIFIER ::= { aes 25 } */
+#define MBEDTLS_OID_AES192_KWP \
+    MBEDTLS_OID_AES            \
+    "\x1c" /** id-aes192-wrap-pad OBJECT IDENTIFIER ::= { aes 28 } */
+#define MBEDTLS_OID_AES256_KW \
+    MBEDTLS_OID_AES           \
+    "\x2d" /** id-aes256-wrap     OBJECT IDENTIFIER ::= { aes 45 } */
+#define MBEDTLS_OID_AES256_KWP \
+    MBEDTLS_OID_AES            \
+    "\x30" /** id-aes256-wrap-pad OBJECT IDENTIFIER ::= { aes 48 } */
 /*
  * PKCS#5 OIDs
  */
-#define MBEDTLS_OID_PKCS5_PBKDF2                MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
-#define MBEDTLS_OID_PKCS5_PBES2                 MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
-#define MBEDTLS_OID_PKCS5_PBMAC1                MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
+#define MBEDTLS_OID_PKCS5_PBKDF2 \
+    MBEDTLS_OID_PKCS5 "\x0c" /**< id-PBKDF2 OBJECT IDENTIFIER ::= {pkcs-5 12} */
+#define MBEDTLS_OID_PKCS5_PBES2 \
+    MBEDTLS_OID_PKCS5 "\x0d" /**< id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13} */
+#define MBEDTLS_OID_PKCS5_PBMAC1 \
+    MBEDTLS_OID_PKCS5 "\x0e" /**< id-PBMAC1 OBJECT IDENTIFIER ::= {pkcs-5 14} */
 
 /*
  * PKCS#5 PBES1 algorithms
  */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC       MBEDTLS_OID_PKCS5 "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
-#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC       MBEDTLS_OID_PKCS5 "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC      MBEDTLS_OID_PKCS5 "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
-#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC      MBEDTLS_OID_PKCS5 "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_DES_CBC \
+    MBEDTLS_OID_PKCS5                     \
+    "\x03" /**< pbeWithMD5AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 3} */
+#define MBEDTLS_OID_PKCS5_PBE_MD5_RC2_CBC \
+    MBEDTLS_OID_PKCS5                     \
+    "\x06" /**< pbeWithMD5AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 6} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_DES_CBC \
+    MBEDTLS_OID_PKCS5                      \
+    "\x0a" /**< pbeWithSHA1AndDES-CBC OBJECT IDENTIFIER ::= {pkcs-5 10} */
+#define MBEDTLS_OID_PKCS5_PBE_SHA1_RC2_CBC \
+    MBEDTLS_OID_PKCS5                      \
+    "\x0b" /**< pbeWithSHA1AndRC2-CBC OBJECT IDENTIFIER ::= {pkcs-5 11} */
 
 /*
  * PKCS#8 OIDs
  */
-#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ           MBEDTLS_OID_PKCS9 "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
+#define MBEDTLS_OID_PKCS9_CSR_EXT_REQ \
+    MBEDTLS_OID_PKCS9                 \
+    "\x0e" /**< extensionRequest OBJECT IDENTIFIER ::= {pkcs-9 14} */
 
 /*
  * PKCS#12 PBE OIDs
  */
-#define MBEDTLS_OID_PKCS12_PBE                      MBEDTLS_OID_PKCS12 "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
+#define MBEDTLS_OID_PKCS12_PBE \
+    MBEDTLS_OID_PKCS12         \
+    "\x01" /**< pkcs-12PbeIds OBJECT IDENTIFIER ::= {pkcs-12 1} */
 
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC    MBEDTLS_OID_PKCS12_PBE "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC     MBEDTLS_OID_PKCS12_PBE "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
-#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC      MBEDTLS_OID_PKCS12_PBE "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC \
+    MBEDTLS_OID_PKCS12_PBE                       \
+    "\x03" /**< pbeWithSHAAnd3-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 3} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC \
+    MBEDTLS_OID_PKCS12_PBE                       \
+    "\x04" /**< pbeWithSHAAnd2-KeyTripleDES-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 4} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_128_CBC \
+    MBEDTLS_OID_PKCS12_PBE                      \
+    "\x05" /**< pbeWithSHAAnd128BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 5} */
+#define MBEDTLS_OID_PKCS12_PBE_SHA1_RC2_40_CBC \
+    MBEDTLS_OID_PKCS12_PBE                     \
+    "\x06" /**< pbeWithSHAAnd40BitRC2-CBC OBJECT IDENTIFIER ::= {pkcs-12PbeIds 6} */
 
 /*
  * EC key algorithms from RFC 5480
@@ -323,12 +504,12 @@
 
 /* id-ecPublicKey OBJECT IDENTIFIER ::= {
  *       iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 } */
-#define MBEDTLS_OID_EC_ALG_UNRESTRICTED         MBEDTLS_OID_ANSI_X9_62 "\x02\01"
+#define MBEDTLS_OID_EC_ALG_UNRESTRICTED MBEDTLS_OID_ANSI_X9_62 "\x02\01"
 
 /*   id-ecDH OBJECT IDENTIFIER ::= {
  *     iso(1) identified-organization(3) certicom(132)
  *     schemes(1) ecdh(12) } */
-#define MBEDTLS_OID_EC_ALG_ECDH                 MBEDTLS_OID_CERTICOM "\x01\x0c"
+#define MBEDTLS_OID_EC_ALG_ECDH MBEDTLS_OID_CERTICOM "\x01\x0c"
 
 /*
  * ECParameters namedCurve identifiers, from RFC 5480, RFC 5639, and SEC2
@@ -336,35 +517,35 @@
 
 /* secp192r1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 1 } */
-#define MBEDTLS_OID_EC_GRP_SECP192R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
+#define MBEDTLS_OID_EC_GRP_SECP192R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x01"
 
 /* secp224r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 33 } */
-#define MBEDTLS_OID_EC_GRP_SECP224R1        MBEDTLS_OID_CERTICOM "\x00\x21"
+#define MBEDTLS_OID_EC_GRP_SECP224R1 MBEDTLS_OID_CERTICOM "\x00\x21"
 
 /* secp256r1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3) prime(1) 7 } */
-#define MBEDTLS_OID_EC_GRP_SECP256R1        MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
+#define MBEDTLS_OID_EC_GRP_SECP256R1 MBEDTLS_OID_ANSI_X9_62 "\x03\x01\x07"
 
 /* secp384r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 34 } */
-#define MBEDTLS_OID_EC_GRP_SECP384R1        MBEDTLS_OID_CERTICOM "\x00\x22"
+#define MBEDTLS_OID_EC_GRP_SECP384R1 MBEDTLS_OID_CERTICOM "\x00\x22"
 
 /* secp521r1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 35 } */
-#define MBEDTLS_OID_EC_GRP_SECP521R1        MBEDTLS_OID_CERTICOM "\x00\x23"
+#define MBEDTLS_OID_EC_GRP_SECP521R1 MBEDTLS_OID_CERTICOM "\x00\x23"
 
 /* secp192k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 31 } */
-#define MBEDTLS_OID_EC_GRP_SECP192K1        MBEDTLS_OID_CERTICOM "\x00\x1f"
+#define MBEDTLS_OID_EC_GRP_SECP192K1 MBEDTLS_OID_CERTICOM "\x00\x1f"
 
 /* secp224k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 32 } */
-#define MBEDTLS_OID_EC_GRP_SECP224K1        MBEDTLS_OID_CERTICOM "\x00\x20"
+#define MBEDTLS_OID_EC_GRP_SECP224K1 MBEDTLS_OID_CERTICOM "\x00\x20"
 
 /* secp256k1 OBJECT IDENTIFIER ::= {
  *   iso(1) identified-organization(3) certicom(132) curve(0) 10 } */
-#define MBEDTLS_OID_EC_GRP_SECP256K1        MBEDTLS_OID_CERTICOM "\x00\x0a"
+#define MBEDTLS_OID_EC_GRP_SECP256K1 MBEDTLS_OID_CERTICOM "\x00\x0a"
 
 /* RFC 5639 4.1
  * ecStdCurvesAndGeneration OBJECT IDENTIFIER::= {iso(1)
@@ -372,16 +553,17 @@
  * algorithm(3) ecSign(2) 8}
  * ellipticCurve OBJECT IDENTIFIER ::= {ecStdCurvesAndGeneration 1}
  * versionOne OBJECT IDENTIFIER ::= {ellipticCurve 1} */
-#define MBEDTLS_OID_EC_BRAINPOOL_V1         MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
+#define MBEDTLS_OID_EC_BRAINPOOL_V1 \
+    MBEDTLS_OID_TELETRUST "\x03\x03\x02\x08\x01\x01"
 
 /* brainpoolP256r1 OBJECT IDENTIFIER ::= {versionOne 7} */
-#define MBEDTLS_OID_EC_GRP_BP256R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
+#define MBEDTLS_OID_EC_GRP_BP256R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x07"
 
 /* brainpoolP384r1 OBJECT IDENTIFIER ::= {versionOne 11} */
-#define MBEDTLS_OID_EC_GRP_BP384R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
+#define MBEDTLS_OID_EC_GRP_BP384R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0B"
 
 /* brainpoolP512r1 OBJECT IDENTIFIER ::= {versionOne 13} */
-#define MBEDTLS_OID_EC_GRP_BP512R1          MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
+#define MBEDTLS_OID_EC_GRP_BP512R1 MBEDTLS_OID_EC_BRAINPOOL_V1 "\x0D"
 
 /*
  * SEC1 C.1
@@ -389,38 +571,41 @@
  * prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 }
  * id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1)}
  */
-#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE   MBEDTLS_OID_ANSI_X9_62 "\x01"
-#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD  MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62 "\x01"
+#define MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD \
+    MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE "\x01"
 
 /*
  * ECDSA signature identifiers, from RFC 5480
  */
-#define MBEDTLS_OID_ANSI_X9_62_SIG          MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
-#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2     MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG \
+    MBEDTLS_OID_ANSI_X9_62 "\x04" /* signatures(4) */
+#define MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 \
+    MBEDTLS_OID_ANSI_X9_62_SIG "\x03" /* ecdsa-with-SHA2(3) */
 
 /* ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA1              MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
+#define MBEDTLS_OID_ECDSA_SHA1 MBEDTLS_OID_ANSI_X9_62_SIG "\x01"
 
 /* ecdsa-with-SHA224 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 1 } */
-#define MBEDTLS_OID_ECDSA_SHA224            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
+#define MBEDTLS_OID_ECDSA_SHA224 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x01"
 
 /* ecdsa-with-SHA256 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 2 } */
-#define MBEDTLS_OID_ECDSA_SHA256            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
+#define MBEDTLS_OID_ECDSA_SHA256 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x02"
 
 /* ecdsa-with-SHA384 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 3 } */
-#define MBEDTLS_OID_ECDSA_SHA384            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
+#define MBEDTLS_OID_ECDSA_SHA384 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x03"
 
 /* ecdsa-with-SHA512 OBJECT IDENTIFIER ::= {
  *   iso(1) member-body(2) us(840) ansi-X9-62(10045) signatures(4)
  *   ecdsa-with-SHA2(3) 4 } */
-#define MBEDTLS_OID_ECDSA_SHA512            MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
+#define MBEDTLS_OID_ECDSA_SHA512 MBEDTLS_OID_ANSI_X9_62_SIG_SHA2 "\x04"
 
 #ifdef __cplusplus
 extern "C" {
@@ -429,13 +614,12 @@
 /**
  * \brief Base OID descriptor structure
  */
-typedef struct mbedtls_oid_descriptor_t
-{
-    const char *MBEDTLS_PRIVATE(asn1);               /*!< OID ASN.1 representation       */
-    size_t MBEDTLS_PRIVATE(asn1_len);                /*!< length of asn1                 */
+typedef struct mbedtls_oid_descriptor_t {
+    const char *MBEDTLS_PRIVATE(asn1); /*!< OID ASN.1 representation       */
+    size_t MBEDTLS_PRIVATE(asn1_len); /*!< length of asn1                 */
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
-    const char *MBEDTLS_PRIVATE(name);               /*!< official name (e.g. from RFC)  */
-    const char *MBEDTLS_PRIVATE(description);        /*!< human friendly description     */
+    const char *MBEDTLS_PRIVATE(name); /*!< official name (e.g. from RFC)  */
+    const char *MBEDTLS_PRIVATE(description); /*!< human friendly description */
 #endif
 } mbedtls_oid_descriptor_t;
 
@@ -450,7 +634,9 @@
  * \return          Length of the string written (excluding final NULL) or
  *                  MBEDTLS_ERR_OID_BUF_TOO_SMALL in case of error
  */
-int mbedtls_oid_get_numeric_string( char *buf, size_t size, const mbedtls_asn1_buf *oid );
+int mbedtls_oid_get_numeric_string(char *buf,
+                                   size_t size,
+                                   const mbedtls_asn1_buf *oid);
 
 /**
  * \brief          Translate an X.509 extension OID into local values
@@ -460,7 +646,7 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_x509_ext_type( const mbedtls_asn1_buf *oid, int *ext_type );
+int mbedtls_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
 
 /**
  * \brief          Translate an X.509 attribute type OID into the short name
@@ -471,7 +657,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_attr_short_name( const mbedtls_asn1_buf *oid, const char **short_name );
+int mbedtls_oid_get_attr_short_name(const mbedtls_asn1_buf *oid,
+                                    const char **short_name);
 
 /**
  * \brief          Translate PublicKeyAlgorithm OID into pk_type
@@ -481,7 +668,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_pk_alg( const mbedtls_asn1_buf *oid, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_pk_alg(const mbedtls_asn1_buf *oid,
+                           mbedtls_pk_type_t *pk_alg);
 
 /**
  * \brief          Translate pk_type into PublicKeyAlgorithm OID
@@ -492,8 +680,9 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_oid_by_pk_alg( mbedtls_pk_type_t pk_alg,
-                           const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_pk_alg(mbedtls_pk_type_t pk_alg,
+                                  const char **oid,
+                                  size_t *olen);
 
 #if defined(MBEDTLS_ECP_C)
 /**
@@ -504,7 +693,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_ec_grp( const mbedtls_asn1_buf *oid, mbedtls_ecp_group_id *grp_id );
+int mbedtls_oid_get_ec_grp(const mbedtls_asn1_buf *oid,
+                           mbedtls_ecp_group_id *grp_id);
 
 /**
  * \brief          Translate EC group identifier into NamedCurve OID
@@ -515,8 +705,9 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_oid_by_ec_grp( mbedtls_ecp_group_id grp_id,
-                           const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_ec_grp(mbedtls_ecp_group_id grp_id,
+                                  const char **oid,
+                                  size_t *olen);
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_MD_C)
@@ -529,8 +720,9 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_sig_alg( const mbedtls_asn1_buf *oid,
-                     mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg );
+int mbedtls_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
+                            mbedtls_md_type_t *md_alg,
+                            mbedtls_pk_type_t *pk_alg);
 
 /**
  * \brief          Translate SignatureAlgorithm OID into description
@@ -540,7 +732,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_sig_alg_desc( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid,
+                                 const char **desc);
 
 /**
  * \brief          Translate md_type and pk_type into SignatureAlgorithm OID
@@ -552,8 +745,10 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_oid_by_sig_alg( mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                            const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg,
+                                   mbedtls_md_type_t md_alg,
+                                   const char **oid,
+                                   size_t *olen);
 
 /**
  * \brief          Translate hash algorithm OID into md_type
@@ -563,7 +758,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg );
+int mbedtls_oid_get_md_alg(const mbedtls_asn1_buf *oid,
+                           mbedtls_md_type_t *md_alg);
 
 /**
  * \brief          Translate hmac algorithm OID into md_type
@@ -573,7 +769,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
+int mbedtls_oid_get_md_hmac(const mbedtls_asn1_buf *oid,
+                            mbedtls_md_type_t *md_hmac);
 #endif /* MBEDTLS_MD_C */
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -585,7 +782,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid,
+                                       const char **desc);
 #endif
 
 /**
@@ -596,7 +794,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_certificate_policies( const mbedtls_asn1_buf *oid, const char **desc );
+int mbedtls_oid_get_certificate_policies(const mbedtls_asn1_buf *oid,
+                                         const char **desc);
 
 /**
  * \brief          Translate md_type into hash algorithm OID
@@ -607,7 +806,9 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_oid_by_md( mbedtls_md_type_t md_alg, const char **oid, size_t *olen );
+int mbedtls_oid_get_oid_by_md(mbedtls_md_type_t md_alg,
+                              const char **oid,
+                              size_t *olen);
 
 #if defined(MBEDTLS_CIPHER_C)
 /**
@@ -618,7 +819,8 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_cipher_alg( const mbedtls_asn1_buf *oid, mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_cipher_alg(const mbedtls_asn1_buf *oid,
+                               mbedtls_cipher_type_t *cipher_alg);
 #endif /* MBEDTLS_CIPHER_C */
 
 #if defined(MBEDTLS_PKCS12_C)
@@ -632,8 +834,9 @@
  *
  * \return         0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
  */
-int mbedtls_oid_get_pkcs12_pbe_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg,
-                            mbedtls_cipher_type_t *cipher_alg );
+int mbedtls_oid_get_pkcs12_pbe_alg(const mbedtls_asn1_buf *oid,
+                                   mbedtls_md_type_t *md_alg,
+                                   mbedtls_cipher_type_t *cipher_alg);
 #endif /* MBEDTLS_PKCS12_C */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/pem.h b/include/mbedtls/pem.h
index baceb07..ec7fe03 100644
--- a/include/mbedtls/pem.h
+++ b/include/mbedtls/pem.h
@@ -34,23 +34,23 @@
  * \{
  */
 /** No PEM header or footer found. */
-#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT          -0x1080
+#define MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT -0x1080
 /** PEM string is not as expected. */
-#define MBEDTLS_ERR_PEM_INVALID_DATA                      -0x1100
+#define MBEDTLS_ERR_PEM_INVALID_DATA -0x1100
 /** Failed to allocate memory. */
-#define MBEDTLS_ERR_PEM_ALLOC_FAILED                      -0x1180
+#define MBEDTLS_ERR_PEM_ALLOC_FAILED -0x1180
 /** RSA IV is not in hex-format. */
-#define MBEDTLS_ERR_PEM_INVALID_ENC_IV                    -0x1200
+#define MBEDTLS_ERR_PEM_INVALID_ENC_IV -0x1200
 /** Unsupported key encryption algorithm. */
-#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG                   -0x1280
+#define MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG -0x1280
 /** Private key password can't be empty. */
-#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED                 -0x1300
+#define MBEDTLS_ERR_PEM_PASSWORD_REQUIRED -0x1300
 /** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH                 -0x1380
+#define MBEDTLS_ERR_PEM_PASSWORD_MISMATCH -0x1380
 /** Unavailable feature, e.g. hashing/encryption combination. */
-#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE               -0x1400
+#define MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE -0x1400
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA                    -0x1480
+#define MBEDTLS_ERR_PEM_BAD_INPUT_DATA -0x1480
 /* \} name */
 
 #ifdef __cplusplus
@@ -61,20 +61,19 @@
 /**
  * \brief       PEM context structure
  */
-typedef struct mbedtls_pem_context
-{
-    unsigned char *MBEDTLS_PRIVATE(buf);     /*!< buffer for decoded data             */
-    size_t MBEDTLS_PRIVATE(buflen);          /*!< length of the buffer                */
-    unsigned char *MBEDTLS_PRIVATE(info);    /*!< buffer for extra header information */
-}
-mbedtls_pem_context;
+typedef struct mbedtls_pem_context {
+    unsigned char *MBEDTLS_PRIVATE(buf); /*!< buffer for decoded data */
+    size_t MBEDTLS_PRIVATE(buflen); /*!< length of the buffer                */
+    unsigned char *MBEDTLS_PRIVATE(info); /*!< buffer for extra header
+                                             information */
+} mbedtls_pem_context;
 
 /**
  * \brief       PEM context setup
  *
  * \param ctx   context to be initialized
  */
-void mbedtls_pem_init( mbedtls_pem_context *ctx );
+void mbedtls_pem_init(mbedtls_pem_context *ctx);
 
 /**
  * \brief       Read a buffer for PEM information and store the resulting
@@ -98,17 +97,20 @@
  *
  * \return          0 on success, or a specific PEM error code
  */
-int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const char *footer,
-                     const unsigned char *data,
-                     const unsigned char *pwd,
-                     size_t pwdlen, size_t *use_len );
+int mbedtls_pem_read_buffer(mbedtls_pem_context *ctx,
+                            const char *header,
+                            const char *footer,
+                            const unsigned char *data,
+                            const unsigned char *pwd,
+                            size_t pwdlen,
+                            size_t *use_len);
 
 /**
  * \brief       PEM context memory freeing
  *
  * \param ctx   context to be freed
  */
-void mbedtls_pem_free( mbedtls_pem_context *ctx );
+void mbedtls_pem_free(mbedtls_pem_context *ctx);
 #endif /* MBEDTLS_PEM_PARSE_C */
 
 #if defined(MBEDTLS_PEM_WRITE_C)
@@ -138,9 +140,13 @@
  *                  the required minimum size of \p buf.
  * \return          Another PEM or BASE64 error code on other kinds of failure.
  */
-int mbedtls_pem_write_buffer( const char *header, const char *footer,
-                      const unsigned char *der_data, size_t der_len,
-                      unsigned char *buf, size_t buf_len, size_t *olen );
+int mbedtls_pem_write_buffer(const char *header,
+                             const char *footer,
+                             const unsigned char *der_data,
+                             size_t der_len,
+                             unsigned char *buf,
+                             size_t buf_len,
+                             size_t *olen);
 #endif /* MBEDTLS_PEM_WRITE_C */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index 15d1a39..a78ba23 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -29,56 +29,56 @@
 #include "mbedtls/md.h"
 
 #if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+#    include "mbedtls/rsa.h"
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-#include "mbedtls/ecp.h"
+#    include "mbedtls/ecp.h"
 #endif
 
 #if defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdsa.h"
+#    include "mbedtls/ecdsa.h"
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+#    include "psa/crypto.h"
 #endif
 
-#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
-    !defined(inline) && !defined(__cplusplus)
-#define inline __inline
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && !defined(inline) && \
+    !defined(__cplusplus)
+#    define inline __inline
 #endif
 
 /** Memory allocation failed. */
-#define MBEDTLS_ERR_PK_ALLOC_FAILED        -0x3F80
+#define MBEDTLS_ERR_PK_ALLOC_FAILED -0x3F80
 /** Type mismatch, eg attempt to encrypt with an ECDSA key */
-#define MBEDTLS_ERR_PK_TYPE_MISMATCH       -0x3F00
+#define MBEDTLS_ERR_PK_TYPE_MISMATCH -0x3F00
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_PK_BAD_INPUT_DATA      -0x3E80
+#define MBEDTLS_ERR_PK_BAD_INPUT_DATA -0x3E80
 /** Read/write of file failed. */
-#define MBEDTLS_ERR_PK_FILE_IO_ERROR       -0x3E00
+#define MBEDTLS_ERR_PK_FILE_IO_ERROR -0x3E00
 /** Unsupported key version */
 #define MBEDTLS_ERR_PK_KEY_INVALID_VERSION -0x3D80
 /** Invalid key tag or value. */
-#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT  -0x3D00
+#define MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -0x3D00
 /** Key algorithm is unsupported (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG      -0x3C80
+#define MBEDTLS_ERR_PK_UNKNOWN_PK_ALG -0x3C80
 /** Private key password can't be empty. */
-#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED   -0x3C00
+#define MBEDTLS_ERR_PK_PASSWORD_REQUIRED -0x3C00
 /** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH   -0x3B80
+#define MBEDTLS_ERR_PK_PASSWORD_MISMATCH -0x3B80
 /** The pubkey tag or value is invalid (only RSA and EC are supported). */
-#define MBEDTLS_ERR_PK_INVALID_PUBKEY      -0x3B00
+#define MBEDTLS_ERR_PK_INVALID_PUBKEY -0x3B00
 /** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_PK_INVALID_ALG         -0x3A80
+#define MBEDTLS_ERR_PK_INVALID_ALG -0x3A80
 /** Elliptic curve is unsupported (only NIST curves are supported). */
 #define MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE -0x3A00
 /** Unavailable feature, e.g. RSA disabled for RSA key. */
 #define MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE -0x3980
 /** The buffer contains a valid signature followed by more data. */
-#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH    -0x3900
+#define MBEDTLS_ERR_PK_SIG_LEN_MISMATCH -0x3900
 /** The output buffer is too small. */
-#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL    -0x3880
+#define MBEDTLS_ERR_PK_BUFFER_TOO_SMALL -0x3880
 
 #ifdef __cplusplus
 extern "C" {
@@ -87,8 +87,9 @@
 /**
  * \brief          Public key types
  */
-typedef enum {
-    MBEDTLS_PK_NONE=0,
+typedef enum
+{
+    MBEDTLS_PK_NONE = 0,
     MBEDTLS_PK_RSA,
     MBEDTLS_PK_ECKEY,
     MBEDTLS_PK_ECKEY_DH,
@@ -102,8 +103,7 @@
  * \brief           Options for RSASSA-PSS signature verification.
  *                  See \c mbedtls_rsa_rsassa_pss_verify_ext()
  */
-typedef struct mbedtls_pk_rsassa_pss_options
-{
+typedef struct mbedtls_pk_rsassa_pss_options {
     mbedtls_md_type_t MBEDTLS_PRIVATE(mgf1_hash_id);
     int MBEDTLS_PRIVATE(expected_salt_len);
 
@@ -123,42 +123,43 @@
  */
 #define MBEDTLS_PK_SIGNATURE_MAX_SIZE 0
 
-#if ( defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT) ) && \
+#if (defined(MBEDTLS_RSA_C) || defined(MBEDTLS_PK_RSA_ALT_SUPPORT)) && \
     MBEDTLS_MPI_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
 /* For RSA, the signature can be as large as the bignum module allows.
  * For RSA_ALT, the signature size is not necessarily tied to what the
  * bignum module can do, but in the absence of any specific setting,
  * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
+#    undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#    define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
 #endif
 
-#if defined(MBEDTLS_ECDSA_C) &&                                 \
+#if defined(MBEDTLS_ECDSA_C) && \
     MBEDTLS_ECDSA_MAX_LEN > MBEDTLS_PK_SIGNATURE_MAX_SIZE
 /* For ECDSA, the ecdsa module exports a constant for the maximum
  * signature size. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
+#    undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#    define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_ECDSA_MAX_LEN
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-#if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#    if PSA_SIGNATURE_MAX_SIZE > MBEDTLS_PK_SIGNATURE_MAX_SIZE
 /* PSA_SIGNATURE_MAX_SIZE is the maximum size of a signature made
  * through the PSA API in the PSA representation. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
-#endif
+#        undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#        define MBEDTLS_PK_SIGNATURE_MAX_SIZE PSA_SIGNATURE_MAX_SIZE
+#    endif
 
-#if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#    if PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 > MBEDTLS_PK_SIGNATURE_MAX_SIZE
 /* The Mbed TLS representation is different for ECDSA signatures:
  * PSA uses the raw concatenation of r and s,
  * whereas Mbed TLS uses the ASN.1 representation (SEQUENCE of two INTEGERs).
  * Add the overhead of ASN.1: up to (1+2) + 2 * (1+2+1) for the
  * types, lengths (represented by up to 2 bytes), and potential leading
  * zeros of the INTEGERs and the SEQUENCE. */
-#undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
-#define MBEDTLS_PK_SIGNATURE_MAX_SIZE ( PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11 )
-#endif
+#        undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
+#        define MBEDTLS_PK_SIGNATURE_MAX_SIZE \
+            (PSA_VENDOR_ECDSA_SIGNATURE_MAX_SIZE + 11)
+#    endif
 #endif /* defined(MBEDTLS_USE_PSA_CRYPTO) */
 
 /**
@@ -174,8 +175,7 @@
 /**
  * \brief           Item to send to the debug module
  */
-typedef struct mbedtls_pk_debug_item
-{
+typedef struct mbedtls_pk_debug_item {
     mbedtls_pk_debug_type MBEDTLS_PRIVATE(type);
     const char *MBEDTLS_PRIVATE(name);
     void *MBEDTLS_PRIVATE(value);
@@ -192,20 +192,20 @@
 /**
  * \brief           Public key container
  */
-typedef struct mbedtls_pk_context
-{
-    const mbedtls_pk_info_t *   MBEDTLS_PRIVATE(pk_info); /**< Public key information         */
-    void *                      MBEDTLS_PRIVATE(pk_ctx);  /**< Underlying public key context  */
+typedef struct mbedtls_pk_context {
+    const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
+                                                          information         */
+    void *MBEDTLS_PRIVATE(pk_ctx); /**< Underlying public key context  */
 } mbedtls_pk_context;
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /**
  * \brief           Context for resuming operations
  */
-typedef struct
-{
-    const mbedtls_pk_info_t *   MBEDTLS_PRIVATE(pk_info); /**< Public key information         */
-    void *                      MBEDTLS_PRIVATE(rs_ctx);  /**< Underlying restart context     */
+typedef struct {
+    const mbedtls_pk_info_t *MBEDTLS_PRIVATE(pk_info); /**< Public key
+                                                          information         */
+    void *MBEDTLS_PRIVATE(rs_ctx); /**< Underlying restart context     */
 } mbedtls_pk_restart_ctx;
 #else /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 /* Now we can declare functions that take a pointer to that */
@@ -219,9 +219,9 @@
  * \warning You must make sure the PK context actually holds an RSA context
  * before using this function!
  */
-static inline mbedtls_rsa_context *mbedtls_pk_rsa( const mbedtls_pk_context pk )
+static inline mbedtls_rsa_context *mbedtls_pk_rsa(const mbedtls_pk_context pk)
 {
-    return( (mbedtls_rsa_context *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+    return ((mbedtls_rsa_context *)(pk).MBEDTLS_PRIVATE(pk_ctx));
 }
 #endif /* MBEDTLS_RSA_C */
 
@@ -232,9 +232,9 @@
  * \warning You must make sure the PK context actually holds an EC context
  * before using this function!
  */
-static inline mbedtls_ecp_keypair *mbedtls_pk_ec( const mbedtls_pk_context pk )
+static inline mbedtls_ecp_keypair *mbedtls_pk_ec(const mbedtls_pk_context pk)
 {
-    return( (mbedtls_ecp_keypair *) (pk).MBEDTLS_PRIVATE(pk_ctx) );
+    return ((mbedtls_ecp_keypair *)(pk).MBEDTLS_PRIVATE(pk_ctx));
 }
 #endif /* MBEDTLS_ECP_C */
 
@@ -242,14 +242,21 @@
 /**
  * \brief           Types for RSA-alt abstraction
  */
-typedef int (*mbedtls_pk_rsa_alt_decrypt_func)( void *ctx, size_t *olen,
-                    const unsigned char *input, unsigned char *output,
-                    size_t output_max_len );
-typedef int (*mbedtls_pk_rsa_alt_sign_func)( void *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-                    mbedtls_md_type_t md_alg, unsigned int hashlen,
-                    const unsigned char *hash, unsigned char *sig );
-typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)( void *ctx );
+typedef int (*mbedtls_pk_rsa_alt_decrypt_func)(void *ctx,
+                                               size_t *olen,
+                                               const unsigned char *input,
+                                               unsigned char *output,
+                                               size_t output_max_len);
+typedef int (*mbedtls_pk_rsa_alt_sign_func)(void *ctx,
+                                            int (*f_rng)(void *,
+                                                         unsigned char *,
+                                                         size_t),
+                                            void *p_rng,
+                                            mbedtls_md_type_t md_alg,
+                                            unsigned int hashlen,
+                                            const unsigned char *hash,
+                                            unsigned char *sig);
+typedef size_t (*mbedtls_pk_rsa_alt_key_len_func)(void *ctx);
 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 
 /**
@@ -259,7 +266,7 @@
  *
  * \return          The PK info associated with the type or NULL if not found.
  */
-const mbedtls_pk_info_t *mbedtls_pk_info_from_type( mbedtls_pk_type_t pk_type );
+const mbedtls_pk_info_t *mbedtls_pk_info_from_type(mbedtls_pk_type_t pk_type);
 
 /**
  * \brief           Initialize a #mbedtls_pk_context (as NONE).
@@ -267,7 +274,7 @@
  * \param ctx       The context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_pk_init( mbedtls_pk_context *ctx );
+void mbedtls_pk_init(mbedtls_pk_context *ctx);
 
 /**
  * \brief           Free the components of a #mbedtls_pk_context.
@@ -280,7 +287,7 @@
  *                  PSA key and you still need to call psa_destroy_key()
  *                  independently if you want to destroy that key.
  */
-void mbedtls_pk_free( mbedtls_pk_context *ctx );
+void mbedtls_pk_free(mbedtls_pk_context *ctx);
 
 #if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /**
@@ -289,7 +296,7 @@
  * \param ctx       The context to initialize.
  *                  This must not be \c NULL.
  */
-void mbedtls_pk_restart_init( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_init(mbedtls_pk_restart_ctx *ctx);
 
 /**
  * \brief           Free the components of a restart context
@@ -297,7 +304,7 @@
  * \param ctx       The context to clear. It must have been initialized.
  *                  If this is \c NULL, this function does nothing.
  */
-void mbedtls_pk_restart_free( mbedtls_pk_restart_ctx *ctx );
+void mbedtls_pk_restart_free(mbedtls_pk_restart_ctx *ctx);
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 
 /**
@@ -315,7 +322,7 @@
  * \note            For contexts holding an RSA-alt key, use
  *                  \c mbedtls_pk_setup_rsa_alt() instead.
  */
-int mbedtls_pk_setup( mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info );
+int mbedtls_pk_setup(mbedtls_pk_context *ctx, const mbedtls_pk_info_t *info);
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
@@ -346,8 +353,7 @@
  *                  ECC key pair.
  * \return          #MBEDTLS_ERR_PK_ALLOC_FAILED on allocation failure.
  */
-int mbedtls_pk_setup_opaque( mbedtls_pk_context *ctx,
-                             const psa_key_id_t key );
+int mbedtls_pk_setup_opaque(mbedtls_pk_context *ctx, const psa_key_id_t key);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
@@ -366,10 +372,11 @@
  *
  * \note            This function replaces \c mbedtls_pk_setup() for RSA-alt.
  */
-int mbedtls_pk_setup_rsa_alt( mbedtls_pk_context *ctx, void * key,
-                         mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
-                         mbedtls_pk_rsa_alt_sign_func sign_func,
-                         mbedtls_pk_rsa_alt_key_len_func key_len_func );
+int mbedtls_pk_setup_rsa_alt(mbedtls_pk_context *ctx,
+                             void *key,
+                             mbedtls_pk_rsa_alt_decrypt_func decrypt_func,
+                             mbedtls_pk_rsa_alt_sign_func sign_func,
+                             mbedtls_pk_rsa_alt_key_len_func key_len_func);
 #endif /* MBEDTLS_PK_RSA_ALT_SUPPORT */
 
 /**
@@ -379,7 +386,7 @@
  *
  * \return          Key size in bits, or 0 on error
  */
-size_t mbedtls_pk_get_bitlen( const mbedtls_pk_context *ctx );
+size_t mbedtls_pk_get_bitlen(const mbedtls_pk_context *ctx);
 
 /**
  * \brief           Get the length in bytes of the underlying key
@@ -388,9 +395,9 @@
  *
  * \return          Key length in bytes, or 0 on error
  */
-static inline size_t mbedtls_pk_get_len( const mbedtls_pk_context *ctx )
+static inline size_t mbedtls_pk_get_len(const mbedtls_pk_context *ctx)
 {
-    return ( mbedtls_pk_get_bitlen( ctx ) + 7 ) / 8 ;
+    return (mbedtls_pk_get_bitlen(ctx) + 7) / 8;
 }
 
 /**
@@ -405,7 +412,7 @@
  *                  been initialized but not set up, or that has been
  *                  cleared with mbedtls_pk_free().
  */
-int mbedtls_pk_can_do( const mbedtls_pk_context *ctx, mbedtls_pk_type_t type );
+int mbedtls_pk_can_do(const mbedtls_pk_context *ctx, mbedtls_pk_type_t type);
 
 /**
  * \brief           Verify signature (including padding if relevant).
@@ -434,9 +441,12 @@
  *                  Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
  *                  to verify RSASSA_PSS signatures.
  */
-int mbedtls_pk_verify( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify(mbedtls_pk_context *ctx,
+                      mbedtls_md_type_t md_alg,
+                      const unsigned char *hash,
+                      size_t hash_len,
+                      const unsigned char *sig,
+                      size_t sig_len);
 
 /**
  * \brief           Restartable version of \c mbedtls_pk_verify()
@@ -458,11 +468,13 @@
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  */
-int mbedtls_pk_verify_restartable( mbedtls_pk_context *ctx,
-               mbedtls_md_type_t md_alg,
-               const unsigned char *hash, size_t hash_len,
-               const unsigned char *sig, size_t sig_len,
-               mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_verify_restartable(mbedtls_pk_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  const unsigned char *hash,
+                                  size_t hash_len,
+                                  const unsigned char *sig,
+                                  size_t sig_len,
+                                  mbedtls_pk_restart_ctx *rs_ctx);
 
 /**
  * \brief           Verify signature, with options.
@@ -493,10 +505,14 @@
  *                  to a mbedtls_pk_rsassa_pss_options structure,
  *                  otherwise it must be NULL.
  */
-int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
-                   mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-                   const unsigned char *hash, size_t hash_len,
-                   const unsigned char *sig, size_t sig_len );
+int mbedtls_pk_verify_ext(mbedtls_pk_type_t type,
+                          const void *options,
+                          mbedtls_pk_context *ctx,
+                          mbedtls_md_type_t md_alg,
+                          const unsigned char *hash,
+                          size_t hash_len,
+                          const unsigned char *sig,
+                          size_t sig_len);
 
 /**
  * \brief           Make signature, including padding if relevant.
@@ -526,10 +542,15 @@
  * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
  *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
  */
-int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_sign(mbedtls_pk_context *ctx,
+                    mbedtls_md_type_t md_alg,
+                    const unsigned char *hash,
+                    size_t hash_len,
+                    unsigned char *sig,
+                    size_t sig_size,
+                    size_t *sig_len,
+                    int (*f_rng)(void *, unsigned char *, size_t),
+                    void *p_rng);
 
 /**
  * \brief           Restartable version of \c mbedtls_pk_sign()
@@ -560,12 +581,16 @@
  * \return          #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
  *                  operations was reached: see \c mbedtls_ecp_set_max_ops().
  */
-int mbedtls_pk_sign_restartable( mbedtls_pk_context *ctx,
-             mbedtls_md_type_t md_alg,
-             const unsigned char *hash, size_t hash_len,
-             unsigned char *sig, size_t sig_size, size_t *sig_len,
-             int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-             mbedtls_pk_restart_ctx *rs_ctx );
+int mbedtls_pk_sign_restartable(mbedtls_pk_context *ctx,
+                                mbedtls_md_type_t md_alg,
+                                const unsigned char *hash,
+                                size_t hash_len,
+                                unsigned char *sig,
+                                size_t sig_size,
+                                size_t *sig_len,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng,
+                                mbedtls_pk_restart_ctx *rs_ctx);
 
 /**
  * \brief           Decrypt message (including padding if relevant).
@@ -584,10 +609,14 @@
  *
  * \return          0 on success, or a specific error code.
  */
-int mbedtls_pk_decrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_decrypt(mbedtls_pk_context *ctx,
+                       const unsigned char *input,
+                       size_t ilen,
+                       unsigned char *output,
+                       size_t *olen,
+                       size_t osize,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng);
 
 /**
  * \brief           Encrypt message (including padding if relevant).
@@ -607,10 +636,14 @@
  *
  * \return          0 on success, or a specific error code.
  */
-int mbedtls_pk_encrypt( mbedtls_pk_context *ctx,
-                const unsigned char *input, size_t ilen,
-                unsigned char *output, size_t *olen, size_t osize,
-                int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_encrypt(mbedtls_pk_context *ctx,
+                       const unsigned char *input,
+                       size_t ilen,
+                       unsigned char *output,
+                       size_t *olen,
+                       size_t osize,
+                       int (*f_rng)(void *, unsigned char *, size_t),
+                       void *p_rng);
 
 /**
  * \brief           Check if a public-private pair of keys matches.
@@ -626,10 +659,10 @@
  * \return          #MBEDTLS_ERR_PK_BAD_INPUT_DATA if a context is invalid.
  * \return          Another non-zero value if the keys do not match.
  */
-int mbedtls_pk_check_pair( const mbedtls_pk_context *pub,
-                           const mbedtls_pk_context *prv,
-                           int (*f_rng)(void *, unsigned char *, size_t),
-                           void *p_rng );
+int mbedtls_pk_check_pair(const mbedtls_pk_context *pub,
+                          const mbedtls_pk_context *prv,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng);
 
 /**
  * \brief           Export debug information
@@ -639,7 +672,8 @@
  *
  * \return          0 on success or MBEDTLS_ERR_PK_BAD_INPUT_DATA
  */
-int mbedtls_pk_debug( const mbedtls_pk_context *ctx, mbedtls_pk_debug_item *items );
+int mbedtls_pk_debug(const mbedtls_pk_context *ctx,
+                     mbedtls_pk_debug_item *items);
 
 /**
  * \brief           Access the type name
@@ -648,7 +682,7 @@
  *
  * \return          Type name on success, or "invalid PK"
  */
-const char * mbedtls_pk_get_name( const mbedtls_pk_context *ctx );
+const char *mbedtls_pk_get_name(const mbedtls_pk_context *ctx);
 
 /**
  * \brief           Get the key type
@@ -658,7 +692,7 @@
  * \return          Type on success.
  * \return          #MBEDTLS_PK_NONE for a context that has not been set up.
  */
-mbedtls_pk_type_t mbedtls_pk_get_type( const mbedtls_pk_context *ctx );
+mbedtls_pk_type_t mbedtls_pk_get_type(const mbedtls_pk_context *ctx);
 
 #if defined(MBEDTLS_PK_PARSE_C)
 /** \ingroup pk_module */
@@ -692,10 +726,13 @@
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int mbedtls_pk_parse_key( mbedtls_pk_context *ctx,
-              const unsigned char *key, size_t keylen,
-              const unsigned char *pwd, size_t pwdlen,
-              int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_parse_key(mbedtls_pk_context *ctx,
+                         const unsigned char *key,
+                         size_t keylen,
+                         const unsigned char *pwd,
+                         size_t pwdlen,
+                         int (*f_rng)(void *, unsigned char *, size_t),
+                         void *p_rng);
 
 /** \ingroup pk_module */
 /**
@@ -719,10 +756,11 @@
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
-                         const unsigned char *key, size_t keylen );
+int mbedtls_pk_parse_public_key(mbedtls_pk_context *ctx,
+                                const unsigned char *key,
+                                size_t keylen);
 
-#if defined(MBEDTLS_FS_IO)
+#    if defined(MBEDTLS_FS_IO)
 /** \ingroup pk_module */
 /**
  * \brief           Load and parse a private key
@@ -746,9 +784,11 @@
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int mbedtls_pk_parse_keyfile( mbedtls_pk_context *ctx,
-                  const char *path, const char *password,
-                  int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+int mbedtls_pk_parse_keyfile(mbedtls_pk_context *ctx,
+                             const char *path,
+                             const char *password,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 
 /** \ingroup pk_module */
 /**
@@ -767,8 +807,8 @@
  *
  * \return          0 if successful, or a specific PK or PEM error code
  */
-int mbedtls_pk_parse_public_keyfile( mbedtls_pk_context *ctx, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_pk_parse_public_keyfile(mbedtls_pk_context *ctx, const char *path);
+#    endif /* MBEDTLS_FS_IO */
 #endif /* MBEDTLS_PK_PARSE_C */
 
 #if defined(MBEDTLS_PK_WRITE_C)
@@ -785,7 +825,9 @@
  * \return          length of data written if successful, or a specific
  *                  error code
  */
-int mbedtls_pk_write_key_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_key_der(const mbedtls_pk_context *ctx,
+                             unsigned char *buf,
+                             size_t size);
 
 /**
  * \brief           Write a public key to a SubjectPublicKeyInfo DER structure
@@ -800,9 +842,11 @@
  * \return          length of data written if successful, or a specific
  *                  error code
  */
-int mbedtls_pk_write_pubkey_der( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_der(const mbedtls_pk_context *ctx,
+                                unsigned char *buf,
+                                size_t size);
 
-#if defined(MBEDTLS_PEM_WRITE_C)
+#    if defined(MBEDTLS_PEM_WRITE_C)
 /**
  * \brief           Write a public key to a PEM string
  *
@@ -813,7 +857,9 @@
  *
  * \return          0 if successful, or a specific error code
  */
-int mbedtls_pk_write_pubkey_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
+int mbedtls_pk_write_pubkey_pem(const mbedtls_pk_context *ctx,
+                                unsigned char *buf,
+                                size_t size);
 
 /**
  * \brief           Write a private key to a PKCS#1 or SEC1 PEM string
@@ -825,8 +871,10 @@
  *
  * \return          0 if successful, or a specific error code
  */
-int mbedtls_pk_write_key_pem( const mbedtls_pk_context *ctx, unsigned char *buf, size_t size );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_pk_write_key_pem(const mbedtls_pk_context *ctx,
+                             unsigned char *buf,
+                             size_t size);
+#    endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_PK_WRITE_C */
 
 /*
@@ -845,8 +893,9 @@
  *
  * \return          0 if successful, or a specific PK error code
  */
-int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
-                        mbedtls_pk_context *pk );
+int mbedtls_pk_parse_subpubkey(unsigned char **p,
+                               const unsigned char *end,
+                               mbedtls_pk_context *pk);
 #endif /* MBEDTLS_PK_PARSE_C */
 
 #if defined(MBEDTLS_PK_WRITE_C)
@@ -860,8 +909,9 @@
  *
  * \return          the length written or a negative error code
  */
-int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start,
-                     const mbedtls_pk_context *key );
+int mbedtls_pk_write_pubkey(unsigned char **p,
+                            unsigned char *start,
+                            const mbedtls_pk_context *key);
 #endif /* MBEDTLS_PK_WRITE_C */
 
 /*
@@ -869,7 +919,7 @@
  * know you do.
  */
 #if defined(MBEDTLS_FS_IO)
-int mbedtls_pk_load_file( const char *path, unsigned char **buf, size_t *n );
+int mbedtls_pk_load_file(const char *path, unsigned char **buf, size_t *n);
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
@@ -893,9 +943,9 @@
  * \return          \c 0 if successful.
  * \return          An Mbed TLS error code otherwise.
  */
-int mbedtls_pk_wrap_as_opaque( mbedtls_pk_context *pk,
-                               psa_key_id_t *key,
-                               psa_algorithm_t hash_alg );
+int mbedtls_pk_wrap_as_opaque(mbedtls_pk_context *pk,
+                              psa_key_id_t *key,
+                              psa_algorithm_t hash_alg);
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/pkcs12.h b/include/mbedtls/pkcs12.h
index f78ea3c..d472d90 100644
--- a/include/mbedtls/pkcs12.h
+++ b/include/mbedtls/pkcs12.h
@@ -31,23 +31,23 @@
 #include <stddef.h>
 
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA                 -0x1F80
+#define MBEDTLS_ERR_PKCS12_BAD_INPUT_DATA -0x1F80
 /** Feature not available, e.g. unsupported encryption scheme. */
-#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE            -0x1F00
+#define MBEDTLS_ERR_PKCS12_FEATURE_UNAVAILABLE -0x1F00
 /** PBE ASN.1 data not as expected. */
-#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT             -0x1E80
+#define MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT -0x1E80
 /** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH              -0x1E00
+#define MBEDTLS_ERR_PKCS12_PASSWORD_MISMATCH -0x1E00
 
 /** encryption/decryption key */
-#define MBEDTLS_PKCS12_DERIVE_KEY       1
+#define MBEDTLS_PKCS12_DERIVE_KEY 1
 /** initialization vector     */
-#define MBEDTLS_PKCS12_DERIVE_IV        2
+#define MBEDTLS_PKCS12_DERIVE_IV 2
 /** integrity / MAC key       */
-#define MBEDTLS_PKCS12_DERIVE_MAC_KEY   3
+#define MBEDTLS_PKCS12_DERIVE_MAC_KEY 3
 
-#define MBEDTLS_PKCS12_PBE_DECRYPT      0
-#define MBEDTLS_PKCS12_PBE_ENCRYPT      1
+#define MBEDTLS_PKCS12_PBE_DECRYPT 0
+#define MBEDTLS_PKCS12_PBE_ENCRYPT 1
 
 #ifdef __cplusplus
 extern "C" {
@@ -71,11 +71,15 @@
  *
  * \return           0 if successful, or a MBEDTLS_ERR_XXX code
  */
-int mbedtls_pkcs12_pbe( mbedtls_asn1_buf *pbe_params, int mode,
-                mbedtls_cipher_type_t cipher_type, mbedtls_md_type_t md_type,
-                const unsigned char *pwd,  size_t pwdlen,
-                const unsigned char *input, size_t len,
-                unsigned char *output );
+int mbedtls_pkcs12_pbe(mbedtls_asn1_buf *pbe_params,
+                       int mode,
+                       mbedtls_cipher_type_t cipher_type,
+                       mbedtls_md_type_t md_type,
+                       const unsigned char *pwd,
+                       size_t pwdlen,
+                       const unsigned char *input,
+                       size_t len,
+                       unsigned char *output);
 
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
@@ -100,10 +104,15 @@
  *
  * \return          0 if successful, or a MD, BIGNUM type error.
  */
-int mbedtls_pkcs12_derivation( unsigned char *data, size_t datalen,
-                       const unsigned char *pwd, size_t pwdlen,
-                       const unsigned char *salt, size_t saltlen,
-                       mbedtls_md_type_t mbedtls_md, int id, int iterations );
+int mbedtls_pkcs12_derivation(unsigned char *data,
+                              size_t datalen,
+                              const unsigned char *pwd,
+                              size_t pwdlen,
+                              const unsigned char *salt,
+                              size_t saltlen,
+                              mbedtls_md_type_t mbedtls_md,
+                              int id,
+                              int iterations);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/pkcs5.h b/include/mbedtls/pkcs5.h
index 71d716b..9578279 100644
--- a/include/mbedtls/pkcs5.h
+++ b/include/mbedtls/pkcs5.h
@@ -33,16 +33,16 @@
 #include <stdint.h>
 
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA                  -0x2f80
+#define MBEDTLS_ERR_PKCS5_BAD_INPUT_DATA -0x2f80
 /** Unexpected ASN.1 data. */
-#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT                  -0x2f00
+#define MBEDTLS_ERR_PKCS5_INVALID_FORMAT -0x2f00
 /** Requested encryption or digest alg not available. */
-#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE             -0x2e80
+#define MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE -0x2e80
 /** Given private key password does not allow for correct decryption. */
-#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH               -0x2e00
+#define MBEDTLS_ERR_PKCS5_PASSWORD_MISMATCH -0x2e00
 
-#define MBEDTLS_PKCS5_DECRYPT      0
-#define MBEDTLS_PKCS5_ENCRYPT      1
+#define MBEDTLS_PKCS5_DECRYPT 0
+#define MBEDTLS_PKCS5_ENCRYPT 1
 
 #ifdef __cplusplus
 extern "C" {
@@ -63,10 +63,13 @@
  *
  * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
  */
-int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
-                 const unsigned char *pwd,  size_t pwdlen,
-                 const unsigned char *data, size_t datalen,
-                 unsigned char *output );
+int mbedtls_pkcs5_pbes2(const mbedtls_asn1_buf *pbe_params,
+                        int mode,
+                        const unsigned char *pwd,
+                        size_t pwdlen,
+                        const unsigned char *data,
+                        size_t datalen,
+                        unsigned char *output);
 
 #endif /* MBEDTLS_ASN1_PARSE_C */
 
@@ -84,10 +87,14 @@
  *
  * \returns        0 on success, or a MBEDTLS_ERR_XXX code if verification fails.
  */
-int mbedtls_pkcs5_pbkdf2_hmac( mbedtls_md_context_t *ctx, const unsigned char *password,
-                       size_t plen, const unsigned char *salt, size_t slen,
-                       unsigned int iteration_count,
-                       uint32_t key_length, unsigned char *output );
+int mbedtls_pkcs5_pbkdf2_hmac(mbedtls_md_context_t *ctx,
+                              const unsigned char *password,
+                              size_t plen,
+                              const unsigned char *salt,
+                              size_t slen,
+                              unsigned int iteration_count,
+                              uint32_t key_length,
+                              unsigned char *output);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -96,7 +103,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_pkcs5_self_test( int verbose );
+int mbedtls_pkcs5_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 81f981d..a626fc0 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -35,7 +35,7 @@
 #include "mbedtls/build_info.h"
 
 #if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#    include "mbedtls/platform_time.h"
 #endif
 
 #ifdef __cplusplus
@@ -46,7 +46,8 @@
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
@@ -55,97 +56,100 @@
  * and vsnprintf. This affects MSVC and MinGW builds.
  */
 #if defined(__MINGW32__) || (defined(_MSC_VER) && _MSC_VER <= 1900)
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
-#define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
+#    define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF
+#    define MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF
 #endif
 
 #if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS)
-#include <stdio.h>
-#include <stdlib.h>
-#include <time.h>
-#if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
+#    include <stdio.h>
+#    include <stdlib.h>
+#    include <time.h>
+#    if !defined(MBEDTLS_PLATFORM_STD_SNPRINTF)
+#        if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 /** The default \c snprintf function to use.  */
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   mbedtls_platform_win32_snprintf
-#else
+#            define MBEDTLS_PLATFORM_STD_SNPRINTF \
+                mbedtls_platform_win32_snprintf
+#        else
 /** The default \c snprintf function to use.  */
-#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
-#if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
+#            define MBEDTLS_PLATFORM_STD_SNPRINTF snprintf
+#        endif
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_VSNPRINTF)
+#        if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
 /** The default \c vsnprintf function to use.  */
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF   mbedtls_platform_win32_vsnprintf
-#else
+#            define MBEDTLS_PLATFORM_STD_VSNPRINTF \
+                mbedtls_platform_win32_vsnprintf
+#        else
 /** The default \c vsnprintf function to use.  */
-#define MBEDTLS_PLATFORM_STD_VSNPRINTF   vsnprintf
-#endif
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
+#            define MBEDTLS_PLATFORM_STD_VSNPRINTF vsnprintf
+#        endif
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_PRINTF)
 /** The default \c printf function to use. */
-#define MBEDTLS_PLATFORM_STD_PRINTF   printf
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
+#        define MBEDTLS_PLATFORM_STD_PRINTF printf
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_FPRINTF)
 /** The default \c fprintf function to use. */
-#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#        define MBEDTLS_PLATFORM_STD_FPRINTF fprintf
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_CALLOC)
 /** The default \c calloc function to use. */
-#define MBEDTLS_PLATFORM_STD_CALLOC   calloc
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_FREE)
+#        define MBEDTLS_PLATFORM_STD_CALLOC calloc
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_FREE)
 /** The default \c free function to use. */
-#define MBEDTLS_PLATFORM_STD_FREE       free
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT)
+#        define MBEDTLS_PLATFORM_STD_FREE free
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_EXIT)
 /** The default \c exit function to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT      exit
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_TIME)
+#        define MBEDTLS_PLATFORM_STD_EXIT exit
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_TIME)
 /** The default \c time function to use. */
-#define MBEDTLS_PLATFORM_STD_TIME       time
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
+#        define MBEDTLS_PLATFORM_STD_TIME time
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
 /** The default exit value to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS  EXIT_SUCCESS
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
+#        define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS EXIT_SUCCESS
+#    endif
+#    if !defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
 /** The default exit value to use. */
-#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE  EXIT_FAILURE
-#endif
-#if defined(MBEDTLS_FS_IO)
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_READ   mbedtls_platform_std_nv_seed_read
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE  mbedtls_platform_std_nv_seed_write
-#endif
-#if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
-#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE   "seedfile"
-#endif
-#endif /* MBEDTLS_FS_IO */
+#        define MBEDTLS_PLATFORM_STD_EXIT_FAILURE EXIT_FAILURE
+#    endif
+#    if defined(MBEDTLS_FS_IO)
+#        if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_READ)
+#            define MBEDTLS_PLATFORM_STD_NV_SEED_READ \
+                mbedtls_platform_std_nv_seed_read
+#        endif
+#        if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_WRITE)
+#            define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE \
+                mbedtls_platform_std_nv_seed_write
+#        endif
+#        if !defined(MBEDTLS_PLATFORM_STD_NV_SEED_FILE)
+#            define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile"
+#        endif
+#    endif /* MBEDTLS_FS_IO */
 #else /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
-#if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
-#include MBEDTLS_PLATFORM_STD_MEM_HDR
-#endif
+#    if defined(MBEDTLS_PLATFORM_STD_MEM_HDR)
+#        include MBEDTLS_PLATFORM_STD_MEM_HDR
+#    endif
 #endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
 
-
 /* \} name SECTION: Module settings */
 
 /*
  * The function pointers for calloc and free.
  */
 #if defined(MBEDTLS_PLATFORM_MEMORY)
-#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
-    defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
-#define mbedtls_free       MBEDTLS_PLATFORM_FREE_MACRO
-#define mbedtls_calloc     MBEDTLS_PLATFORM_CALLOC_MACRO
-#else
+#    if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
+        defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#        define mbedtls_free   MBEDTLS_PLATFORM_FREE_MACRO
+#        define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
+#    else
 /* For size_t */
-#include <stddef.h>
-extern void *mbedtls_calloc( size_t n, size_t size );
-extern void mbedtls_free( void *ptr );
+#        include <stddef.h>
+extern void *mbedtls_calloc(size_t n, size_t size);
+extern void mbedtls_free(void *ptr);
 
 /**
  * \brief               This function dynamically sets the memory-management
@@ -156,12 +160,12 @@
  *
  * \return              \c 0.
  */
-int mbedtls_platform_set_calloc_free( void * (*calloc_func)( size_t, size_t ),
-                              void (*free_func)( void * ) );
-#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
+int mbedtls_platform_set_calloc_free(void *(*calloc_func)(size_t, size_t),
+                                     void (*free_func)(void *));
+#    endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
 #else /* !MBEDTLS_PLATFORM_MEMORY */
-#define mbedtls_free       free
-#define mbedtls_calloc     calloc
+#    define mbedtls_free   free
+#    define mbedtls_calloc calloc
 #endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
 
 /*
@@ -169,8 +173,8 @@
  */
 #if defined(MBEDTLS_PLATFORM_FPRINTF_ALT)
 /* We need FILE * */
-#include <stdio.h>
-extern int (*mbedtls_fprintf)( FILE *stream, const char *format, ... );
+#    include <stdio.h>
+extern int (*mbedtls_fprintf)(FILE *stream, const char *format, ...);
 
 /**
  * \brief                This function dynamically configures the fprintf
@@ -181,21 +185,22 @@
  *
  * \return               \c 0.
  */
-int mbedtls_platform_set_fprintf( int (*fprintf_func)( FILE *stream, const char *,
-                                               ... ) );
+int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream,
+                                                     const char *,
+                                                     ...));
 #else
-#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
-#define mbedtls_fprintf    MBEDTLS_PLATFORM_FPRINTF_MACRO
-#else
-#define mbedtls_fprintf    fprintf
-#endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
+#    if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
+#        define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
+#    else
+#        define mbedtls_fprintf fprintf
+#    endif /* MBEDTLS_PLATFORM_FPRINTF_MACRO */
 #endif /* MBEDTLS_PLATFORM_FPRINTF_ALT */
 
 /*
  * The function pointers for printf
  */
 #if defined(MBEDTLS_PLATFORM_PRINTF_ALT)
-extern int (*mbedtls_printf)( const char *format, ... );
+extern int (*mbedtls_printf)(const char *format, ...);
 
 /**
  * \brief               This function dynamically configures the snprintf
@@ -206,13 +211,13 @@
  *
  * \return              \c 0 on success.
  */
-int mbedtls_platform_set_printf( int (*printf_func)( const char *, ... ) );
+int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
 #else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
-#define mbedtls_printf     MBEDTLS_PLATFORM_PRINTF_MACRO
-#else
-#define mbedtls_printf     printf
-#endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
+#    if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
+#        define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
+#    else
+#        define mbedtls_printf printf
+#    endif /* MBEDTLS_PLATFORM_PRINTF_MACRO */
 #endif /* MBEDTLS_PLATFORM_PRINTF_ALT */
 
 /*
@@ -226,11 +231,11 @@
  */
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_SNPRINTF)
 /* For Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_snprintf( char *s, size_t n, const char *fmt, ... );
+int mbedtls_platform_win32_snprintf(char *s, size_t n, const char *fmt, ...);
 #endif
 
 #if defined(MBEDTLS_PLATFORM_SNPRINTF_ALT)
-extern int (*mbedtls_snprintf)( char * s, size_t n, const char * format, ... );
+extern int (*mbedtls_snprintf)(char *s, size_t n, const char *format, ...);
 
 /**
  * \brief                 This function allows configuring a custom
@@ -240,14 +245,14 @@
  *
  * \return                \c 0 on success.
  */
-int mbedtls_platform_set_snprintf( int (*snprintf_func)( char * s, size_t n,
-                                                 const char * format, ... ) );
+int mbedtls_platform_set_snprintf(
+    int (*snprintf_func)(char *s, size_t n, const char *format, ...));
 #else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
-#define mbedtls_snprintf   MBEDTLS_PLATFORM_SNPRINTF_MACRO
-#else
-#define mbedtls_snprintf   MBEDTLS_PLATFORM_STD_SNPRINTF
-#endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
+#    if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
+#        define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
+#    else
+#        define mbedtls_snprintf MBEDTLS_PLATFORM_STD_SNPRINTF
+#    endif /* MBEDTLS_PLATFORM_SNPRINTF_MACRO */
 #endif /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
 
 /*
@@ -260,14 +265,20 @@
  *   the destination buffer is too short.
  */
 #if defined(MBEDTLS_PLATFORM_HAS_NON_CONFORMING_VSNPRINTF)
-#include <stdarg.h>
+#    include <stdarg.h>
 /* For Older Windows (inc. MSYS2), we provide our own fixed implementation */
-int mbedtls_platform_win32_vsnprintf( char *s, size_t n, const char *fmt, va_list arg );
+int mbedtls_platform_win32_vsnprintf(char *s,
+                                     size_t n,
+                                     const char *fmt,
+                                     va_list arg);
 #endif
 
 #if defined(MBEDTLS_PLATFORM_VSNPRINTF_ALT)
-#include <stdarg.h>
-extern int (*mbedtls_vsnprintf)( char * s, size_t n, const char * format, va_list arg );
+#    include <stdarg.h>
+extern int (*mbedtls_vsnprintf)(char *s,
+                                size_t n,
+                                const char *format,
+                                va_list arg);
 
 /**
  * \brief   Set your own snprintf function pointer
@@ -276,21 +287,21 @@
  *
  * \return  \c 0
  */
-int mbedtls_platform_set_vsnprintf( int (*vsnprintf_func)( char * s, size_t n,
-                                                 const char * format, va_list arg ) );
+int mbedtls_platform_set_vsnprintf(
+    int (*vsnprintf_func)(char *s, size_t n, const char *format, va_list arg));
 #else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
-#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
-#define mbedtls_vsnprintf   MBEDTLS_PLATFORM_VSNPRINTF_MACRO
-#else
-#define mbedtls_vsnprintf   vsnprintf
-#endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
+#    if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
+#        define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
+#    else
+#        define mbedtls_vsnprintf vsnprintf
+#    endif /* MBEDTLS_PLATFORM_VSNPRINTF_MACRO */
 #endif /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
 
 /*
  * The function pointers for exit
  */
 #if defined(MBEDTLS_PLATFORM_EXIT_ALT)
-extern void (*mbedtls_exit)( int status );
+extern void (*mbedtls_exit)(int status);
 
 /**
  * \brief             This function dynamically configures the exit
@@ -301,27 +312,27 @@
  *
  * \return            \c 0 on success.
  */
-int mbedtls_platform_set_exit( void (*exit_func)( int status ) );
+int mbedtls_platform_set_exit(void (*exit_func)(int status));
 #else
-#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
-#define mbedtls_exit   MBEDTLS_PLATFORM_EXIT_MACRO
-#else
-#define mbedtls_exit   exit
-#endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
+#    if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
+#        define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
+#    else
+#        define mbedtls_exit exit
+#    endif /* MBEDTLS_PLATFORM_EXIT_MACRO */
 #endif /* MBEDTLS_PLATFORM_EXIT_ALT */
 
 /*
  * The default exit values
  */
 #if defined(MBEDTLS_PLATFORM_STD_EXIT_SUCCESS)
-#define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
+#    define MBEDTLS_EXIT_SUCCESS MBEDTLS_PLATFORM_STD_EXIT_SUCCESS
 #else
-#define MBEDTLS_EXIT_SUCCESS 0
+#    define MBEDTLS_EXIT_SUCCESS 0
 #endif
 #if defined(MBEDTLS_PLATFORM_STD_EXIT_FAILURE)
-#define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
+#    define MBEDTLS_EXIT_FAILURE MBEDTLS_PLATFORM_STD_EXIT_FAILURE
 #else
-#define MBEDTLS_EXIT_FAILURE 1
+#    define MBEDTLS_EXIT_FAILURE 1
 #endif
 
 /*
@@ -331,15 +342,15 @@
  * Only enabled when the NV seed entropy source is enabled
  */
 #if defined(MBEDTLS_ENTROPY_NV_SEED)
-#if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
+#    if !defined(MBEDTLS_PLATFORM_NO_STD_FUNCTIONS) && defined(MBEDTLS_FS_IO)
 /* Internal standard platform definitions */
-int mbedtls_platform_std_nv_seed_read( unsigned char *buf, size_t buf_len );
-int mbedtls_platform_std_nv_seed_write( unsigned char *buf, size_t buf_len );
-#endif
+int mbedtls_platform_std_nv_seed_read(unsigned char *buf, size_t buf_len);
+int mbedtls_platform_std_nv_seed_write(unsigned char *buf, size_t buf_len);
+#    endif
 
-#if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
-extern int (*mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len );
-extern int (*mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len );
+#    if defined(MBEDTLS_PLATFORM_NV_SEED_ALT)
+extern int (*mbedtls_nv_seed_read)(unsigned char *buf, size_t buf_len);
+extern int (*mbedtls_nv_seed_write)(unsigned char *buf, size_t buf_len);
 
 /**
  * \brief   This function allows configuring custom seed file writing and
@@ -350,20 +361,20 @@
  *
  * \return  \c 0 on success.
  */
-int mbedtls_platform_set_nv_seed(
-            int (*nv_seed_read_func)( unsigned char *buf, size_t buf_len ),
-            int (*nv_seed_write_func)( unsigned char *buf, size_t buf_len )
-            );
-#else
-#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
-    defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
-#define mbedtls_nv_seed_read    MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
-#define mbedtls_nv_seed_write   MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
-#else
-#define mbedtls_nv_seed_read    mbedtls_platform_std_nv_seed_read
-#define mbedtls_nv_seed_write   mbedtls_platform_std_nv_seed_write
-#endif
-#endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
+int mbedtls_platform_set_nv_seed(int (*nv_seed_read_func)(unsigned char *buf,
+                                                          size_t buf_len),
+                                 int (*nv_seed_write_func)(unsigned char *buf,
+                                                           size_t buf_len));
+#    else
+#        if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
+            defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
+#            define mbedtls_nv_seed_read  MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+#            define mbedtls_nv_seed_write MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO
+#        else
+#            define mbedtls_nv_seed_read  mbedtls_platform_std_nv_seed_read
+#            define mbedtls_nv_seed_write mbedtls_platform_std_nv_seed_write
+#        endif
+#    endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */
 #endif /* MBEDTLS_ENTROPY_NV_SEED */
 
 #if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
@@ -374,14 +385,13 @@
  * \note    This structure may be used to assist platform-specific
  *          setup or teardown operations.
  */
-typedef struct mbedtls_platform_context
-{
-    char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are not portable. */
-}
-mbedtls_platform_context;
+typedef struct mbedtls_platform_context {
+    char MBEDTLS_PRIVATE(dummy); /**< A placeholder member, as empty structs are
+                                    not portable. */
+} mbedtls_platform_context;
 
 #else
-#include "platform_alt.h"
+#    include "platform_alt.h"
 #endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
 
 /**
@@ -393,13 +403,14 @@
  *          Its implementation is platform-specific, and unless
  *          platform-specific code is provided, it does nothing.
  *
- * \note    The usage and necessity of this function is dependent on the platform.
+ * \note    The usage and necessity of this function is dependent on the
+ * platform.
  *
  * \param   ctx     The platform context.
  *
  * \return  \c 0 on success.
  */
-int mbedtls_platform_setup( mbedtls_platform_context *ctx );
+int mbedtls_platform_setup(mbedtls_platform_context *ctx);
 /**
  * \brief   This function performs any platform teardown operations.
  *
@@ -409,12 +420,13 @@
  *          Its implementation is platform-specific, and unless
  *          platform-specific code is provided, it does nothing.
  *
- * \note    The usage and necessity of this function is dependent on the platform.
+ * \note    The usage and necessity of this function is dependent on the
+ * platform.
  *
  * \param   ctx     The platform context.
  *
  */
-void mbedtls_platform_teardown( mbedtls_platform_context *ctx );
+void mbedtls_platform_teardown(mbedtls_platform_context *ctx);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index 8d4b95d..7e70c67 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -32,7 +32,8 @@
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
@@ -43,7 +44,7 @@
 typedef MBEDTLS_PLATFORM_TIME_TYPE_MACRO mbedtls_time_t;
 #else
 /* For time_t */
-#include <time.h>
+#    include <time.h>
 typedef time_t mbedtls_time_t;
 #endif /* MBEDTLS_PLATFORM_TIME_TYPE_MACRO */
 
@@ -51,7 +52,7 @@
  * The function pointers for time
  */
 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
-extern mbedtls_time_t (*mbedtls_time)( mbedtls_time_t* time );
+extern mbedtls_time_t (*mbedtls_time)(mbedtls_time_t *time);
 
 /**
  * \brief   Set your own time function pointer
@@ -60,13 +61,13 @@
  *
  * \return              0
  */
-int mbedtls_platform_set_time( mbedtls_time_t (*time_func)( mbedtls_time_t* time ) );
+int mbedtls_platform_set_time(mbedtls_time_t (*time_func)(mbedtls_time_t *time));
 #else
-#if defined(MBEDTLS_PLATFORM_TIME_MACRO)
-#define mbedtls_time    MBEDTLS_PLATFORM_TIME_MACRO
-#else
-#define mbedtls_time   time
-#endif /* MBEDTLS_PLATFORM_TIME_MACRO */
+#    if defined(MBEDTLS_PLATFORM_TIME_MACRO)
+#        define mbedtls_time MBEDTLS_PLATFORM_TIME_MACRO
+#    else
+#        define mbedtls_time time
+#    endif /* MBEDTLS_PLATFORM_TIME_MACRO */
 #endif /* MBEDTLS_PLATFORM_TIME_ALT */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 1a0a135..2269f7f 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -27,8 +27,8 @@
 
 #include <stddef.h>
 #if defined(MBEDTLS_HAVE_TIME_DATE)
-#include "mbedtls/platform_time.h"
-#include <time.h>
+#    include "mbedtls/platform_time.h"
+#    include <time.h>
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #ifdef __cplusplus
@@ -36,28 +36,32 @@
 #endif
 
 /* Internal macros meant to be called only from within the library. */
-#define MBEDTLS_INTERNAL_VALIDATE_RET( cond, ret )  do { } while( 0 )
-#define MBEDTLS_INTERNAL_VALIDATE( cond )           do { } while( 0 )
+#define MBEDTLS_INTERNAL_VALIDATE_RET(cond, ret) \
+    do {                                         \
+    } while (0)
+#define MBEDTLS_INTERNAL_VALIDATE(cond) \
+    do {                                \
+    } while (0)
 
 /* Internal helper macros for deprecating API constants. */
 #if !defined(MBEDTLS_DEPRECATED_REMOVED)
-#if defined(MBEDTLS_DEPRECATED_WARNING)
+#    if defined(MBEDTLS_DEPRECATED_WARNING)
 /* Deliberately don't (yet) export MBEDTLS_DEPRECATED here
  * to avoid conflict with other headers which define and use
  * it, too. We might want to move all these definitions here at
  * some point for uniformity. */
-#define MBEDTLS_DEPRECATED __attribute__((deprecated))
-MBEDTLS_DEPRECATED typedef char const * mbedtls_deprecated_string_constant_t;
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_string_constant_t) ( VAL ) )
+#        define MBEDTLS_DEPRECATED __attribute__((deprecated))
+MBEDTLS_DEPRECATED typedef char const *mbedtls_deprecated_string_constant_t;
+#        define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL) \
+            ((mbedtls_deprecated_string_constant_t)(VAL))
 MBEDTLS_DEPRECATED typedef int mbedtls_deprecated_numeric_constant_t;
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL )       \
-    ( (mbedtls_deprecated_numeric_constant_t) ( VAL ) )
-#undef MBEDTLS_DEPRECATED
-#else /* MBEDTLS_DEPRECATED_WARNING */
-#define MBEDTLS_DEPRECATED_STRING_CONSTANT( VAL ) VAL
-#define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT( VAL ) VAL
-#endif /* MBEDTLS_DEPRECATED_WARNING */
+#        define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) \
+            ((mbedtls_deprecated_numeric_constant_t)(VAL))
+#        undef MBEDTLS_DEPRECATED
+#    else /* MBEDTLS_DEPRECATED_WARNING */
+#        define MBEDTLS_DEPRECATED_STRING_CONSTANT(VAL)  VAL
+#        define MBEDTLS_DEPRECATED_NUMERIC_CONSTANT(VAL) VAL
+#    endif /* MBEDTLS_DEPRECATED_WARNING */
 #endif /* MBEDTLS_DEPRECATED_REMOVED */
 
 /**
@@ -82,7 +86,7 @@
  * \param len   Length of the buffer in bytes
  *
  */
-void mbedtls_platform_zeroize( void *buf, size_t len );
+void mbedtls_platform_zeroize(void *buf, size_t len);
 
 #if defined(MBEDTLS_HAVE_TIME_DATE)
 /**
@@ -111,8 +115,8 @@
  * \return      Pointer to an object of type struct tm on success, otherwise
  *              NULL
  */
-struct tm *mbedtls_platform_gmtime_r( const mbedtls_time_t *tt,
-                                      struct tm *tm_buf );
+struct tm *mbedtls_platform_gmtime_r(const mbedtls_time_t *tt,
+                                     struct tm *tm_buf);
 #endif /* MBEDTLS_HAVE_TIME_DATE */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/poly1305.h b/include/mbedtls/poly1305.h
index 6657aa2..fe7fe9e 100644
--- a/include/mbedtls/poly1305.h
+++ b/include/mbedtls/poly1305.h
@@ -39,7 +39,7 @@
 #include <stddef.h>
 
 /** Invalid input parameter(s). */
-#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA         -0x0057
+#define MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA -0x0057
 
 #ifdef __cplusplus
 extern "C" {
@@ -47,18 +47,20 @@
 
 #if !defined(MBEDTLS_POLY1305_ALT)
 
-typedef struct mbedtls_poly1305_context
-{
-    uint32_t MBEDTLS_PRIVATE(r)[4];      /** The value for 'r' (low 128 bits of the key). */
-    uint32_t MBEDTLS_PRIVATE(s)[4];      /** The value for 's' (high 128 bits of the key). */
-    uint32_t MBEDTLS_PRIVATE(acc)[5];    /** The accumulator number. */
-    uint8_t MBEDTLS_PRIVATE(queue)[16];  /** The current partial block of data. */
-    size_t MBEDTLS_PRIVATE(queue_len);   /** The number of bytes stored in 'queue'. */
-}
-mbedtls_poly1305_context;
+typedef struct mbedtls_poly1305_context {
+    uint32_t MBEDTLS_PRIVATE(r)[4]; /** The value for 'r' (low 128 bits of the
+                                       key). */
+    uint32_t MBEDTLS_PRIVATE(s)[4]; /** The value for 's' (high 128 bits of the
+                                       key). */
+    uint32_t MBEDTLS_PRIVATE(acc)[5]; /** The accumulator number. */
+    uint8_t MBEDTLS_PRIVATE(queue)[16]; /** The current partial block of data.
+                                         */
+    size_t MBEDTLS_PRIVATE(queue_len); /** The number of bytes stored in
+                                          'queue'. */
+} mbedtls_poly1305_context;
 
-#else  /* MBEDTLS_POLY1305_ALT */
-#include "poly1305_alt.h"
+#else /* MBEDTLS_POLY1305_ALT */
+#    include "poly1305_alt.h"
 #endif /* MBEDTLS_POLY1305_ALT */
 
 /**
@@ -76,7 +78,7 @@
  * \param ctx       The Poly1305 context to initialize. This must
  *                  not be \c NULL.
  */
-void mbedtls_poly1305_init( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_init(mbedtls_poly1305_context *ctx);
 
 /**
  * \brief           This function releases and clears the specified
@@ -86,7 +88,7 @@
  *                  case this function is a no-op. If it is not \c NULL, it must
  *                  point to an initialized Poly1305 context.
  */
-void mbedtls_poly1305_free( mbedtls_poly1305_context *ctx );
+void mbedtls_poly1305_free(mbedtls_poly1305_context *ctx);
 
 /**
  * \brief           This function sets the one-time authentication key.
@@ -101,8 +103,8 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_poly1305_starts( mbedtls_poly1305_context *ctx,
-                             const unsigned char key[32] );
+int mbedtls_poly1305_starts(mbedtls_poly1305_context *ctx,
+                            const unsigned char key[32]);
 
 /**
  * \brief           This functions feeds an input buffer into an ongoing
@@ -122,9 +124,9 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_poly1305_update( mbedtls_poly1305_context *ctx,
-                             const unsigned char *input,
-                             size_t ilen );
+int mbedtls_poly1305_update(mbedtls_poly1305_context *ctx,
+                            const unsigned char *input,
+                            size_t ilen);
 
 /**
  * \brief           This function generates the Poly1305 Message
@@ -138,8 +140,8 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_poly1305_finish( mbedtls_poly1305_context *ctx,
-                             unsigned char mac[16] );
+int mbedtls_poly1305_finish(mbedtls_poly1305_context *ctx,
+                            unsigned char mac[16]);
 
 /**
  * \brief           This function calculates the Poly1305 MAC of the input
@@ -159,10 +161,10 @@
  * \return          \c 0 on success.
  * \return          A negative error code on failure.
  */
-int mbedtls_poly1305_mac( const unsigned char key[32],
-                          const unsigned char *input,
-                          size_t ilen,
-                          unsigned char mac[16] );
+int mbedtls_poly1305_mac(const unsigned char key[32],
+                         const unsigned char *input,
+                         size_t ilen,
+                         unsigned char mac[16]);
 
 #if defined(MBEDTLS_SELF_TEST)
 /**
@@ -171,7 +173,7 @@
  * \return          \c 0 on success.
  * \return          \c 1 on failure.
  */
-int mbedtls_poly1305_self_test( int verbose );
+int mbedtls_poly1305_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/private_access.h b/include/mbedtls/private_access.h
index 98d3419..c1db5ed 100644
--- a/include/mbedtls/private_access.h
+++ b/include/mbedtls/private_access.h
@@ -1,4 +1,4 @@
- /**
+/**
  * \file private_access.h
  *
  * \brief Macro wrapper for struct's memebrs.
@@ -24,9 +24,9 @@
 #define MBEDTLS_PRIVATE_ACCESS_H
 
 #ifndef MBEDTLS_ALLOW_PRIVATE_ACCESS
-#define MBEDTLS_PRIVATE(member) private_##member
+#    define MBEDTLS_PRIVATE(member) private_##member
 #else
-#define MBEDTLS_PRIVATE(member) member
+#    define MBEDTLS_PRIVATE(member) member
 #endif
 
 #endif /* MBEDTLS_PRIVATE_ACCESS_H */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index 1584ef2..71dadca 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -31,23 +31,22 @@
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
 
-#include "psa/crypto.h"
+#    include "psa/crypto.h"
 
-#include "mbedtls/ecp.h"
-#include "mbedtls/md.h"
-#include "mbedtls/pk.h"
-#include "mbedtls/oid.h"
-#include "mbedtls/error.h"
+#    include "mbedtls/ecp.h"
+#    include "mbedtls/md.h"
+#    include "mbedtls/pk.h"
+#    include "mbedtls/oid.h"
+#    include "mbedtls/error.h"
 
-#include <string.h>
+#    include <string.h>
 
 /* Translations for symmetric crypto. */
 
-static inline psa_key_type_t mbedtls_psa_translate_cipher_type(
-    mbedtls_cipher_type_t cipher )
+static inline psa_key_type_t
+mbedtls_psa_translate_cipher_type(mbedtls_cipher_type_t cipher)
 {
-    switch( cipher )
-    {
+    switch (cipher) {
         case MBEDTLS_CIPHER_AES_128_CCM:
         case MBEDTLS_CIPHER_AES_192_CCM:
         case MBEDTLS_CIPHER_AES_256_CCM:
@@ -57,301 +56,293 @@
         case MBEDTLS_CIPHER_AES_128_CBC:
         case MBEDTLS_CIPHER_AES_192_CBC:
         case MBEDTLS_CIPHER_AES_256_CBC:
-            return PSA_KEY_TYPE_AES ;
+            return PSA_KEY_TYPE_AES;
 
-        /* ARIA not yet supported in PSA. */
-        /* case MBEDTLS_CIPHER_ARIA_128_CCM:
-           case MBEDTLS_CIPHER_ARIA_192_CCM:
-           case MBEDTLS_CIPHER_ARIA_256_CCM:
-           case MBEDTLS_CIPHER_ARIA_128_GCM:
-           case MBEDTLS_CIPHER_ARIA_192_GCM:
-           case MBEDTLS_CIPHER_ARIA_256_GCM:
-           case MBEDTLS_CIPHER_ARIA_128_CBC:
-           case MBEDTLS_CIPHER_ARIA_192_CBC:
-           case MBEDTLS_CIPHER_ARIA_256_CBC:
-               return PSA_KEY_TYPE_ARIA ; */
+            /* ARIA not yet supported in PSA. */
+            /* case MBEDTLS_CIPHER_ARIA_128_CCM:
+               case MBEDTLS_CIPHER_ARIA_192_CCM:
+               case MBEDTLS_CIPHER_ARIA_256_CCM:
+               case MBEDTLS_CIPHER_ARIA_128_GCM:
+               case MBEDTLS_CIPHER_ARIA_192_GCM:
+               case MBEDTLS_CIPHER_ARIA_256_GCM:
+               case MBEDTLS_CIPHER_ARIA_128_CBC:
+               case MBEDTLS_CIPHER_ARIA_192_CBC:
+               case MBEDTLS_CIPHER_ARIA_256_CBC:
+                   return PSA_KEY_TYPE_ARIA ; */
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 
-static inline psa_algorithm_t mbedtls_psa_translate_cipher_mode(
-    mbedtls_cipher_mode_t mode, size_t taglen )
+static inline psa_algorithm_t
+mbedtls_psa_translate_cipher_mode(mbedtls_cipher_mode_t mode, size_t taglen)
 {
-    switch( mode )
-    {
+    switch (mode) {
         case MBEDTLS_MODE_ECB:
-            return PSA_ALG_ECB_NO_PADDING ;
+            return PSA_ALG_ECB_NO_PADDING;
         case MBEDTLS_MODE_GCM:
-            return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_GCM, taglen ) ;
+            return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, taglen);
         case MBEDTLS_MODE_CCM:
-            return PSA_ALG_AEAD_WITH_SHORTENED_TAG( PSA_ALG_CCM, taglen ) ;
+            return PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_CCM, taglen);
         case MBEDTLS_MODE_CBC:
-            if( taglen == 0 )
-                return PSA_ALG_CBC_NO_PADDING ;
+            if (taglen == 0)
+                return PSA_ALG_CBC_NO_PADDING;
             else
-                return 0 ;
+                return 0;
         default:
-            return 0 ;
+            return 0;
     }
 }
 
-static inline psa_key_usage_t mbedtls_psa_translate_cipher_operation(
-    mbedtls_operation_t op )
+static inline psa_key_usage_t
+mbedtls_psa_translate_cipher_operation(mbedtls_operation_t op)
 {
-    switch( op )
-    {
+    switch (op) {
         case MBEDTLS_ENCRYPT:
-            return PSA_KEY_USAGE_ENCRYPT ;
+            return PSA_KEY_USAGE_ENCRYPT;
         case MBEDTLS_DECRYPT:
-            return PSA_KEY_USAGE_DECRYPT ;
+            return PSA_KEY_USAGE_DECRYPT;
         default:
-            return 0 ;
+            return 0;
     }
 }
 
 /* Translations for hashing. */
 
-static inline psa_algorithm_t mbedtls_psa_translate_md( mbedtls_md_type_t md_alg )
+static inline psa_algorithm_t mbedtls_psa_translate_md(mbedtls_md_type_t md_alg)
 {
-    switch( md_alg )
-    {
-#if defined(MBEDTLS_MD5_C)
-    case MBEDTLS_MD_MD5:
-        return PSA_ALG_MD5 ;
-#endif
-#if defined(MBEDTLS_SHA1_C)
-    case MBEDTLS_MD_SHA1:
-        return PSA_ALG_SHA_1 ;
-#endif
-#if defined(MBEDTLS_SHA224_C)
-    case MBEDTLS_MD_SHA224:
-        return PSA_ALG_SHA_224 ;
-#endif
-#if defined(MBEDTLS_SHA256_C)
-    case MBEDTLS_MD_SHA256:
-        return PSA_ALG_SHA_256 ;
-#endif
-#if defined(MBEDTLS_SHA384_C)
-    case MBEDTLS_MD_SHA384:
-        return PSA_ALG_SHA_384 ;
-#endif
-#if defined(MBEDTLS_SHA512_C)
-    case MBEDTLS_MD_SHA512:
-        return PSA_ALG_SHA_512 ;
-#endif
-#if defined(MBEDTLS_RIPEMD160_C)
-    case MBEDTLS_MD_RIPEMD160:
-        return PSA_ALG_RIPEMD160 ;
-#endif
-    case MBEDTLS_MD_NONE:
-        return 0 ;
-    default:
-        return 0 ;
+    switch (md_alg) {
+#    if defined(MBEDTLS_MD5_C)
+        case MBEDTLS_MD_MD5:
+            return PSA_ALG_MD5;
+#    endif
+#    if defined(MBEDTLS_SHA1_C)
+        case MBEDTLS_MD_SHA1:
+            return PSA_ALG_SHA_1;
+#    endif
+#    if defined(MBEDTLS_SHA224_C)
+        case MBEDTLS_MD_SHA224:
+            return PSA_ALG_SHA_224;
+#    endif
+#    if defined(MBEDTLS_SHA256_C)
+        case MBEDTLS_MD_SHA256:
+            return PSA_ALG_SHA_256;
+#    endif
+#    if defined(MBEDTLS_SHA384_C)
+        case MBEDTLS_MD_SHA384:
+            return PSA_ALG_SHA_384;
+#    endif
+#    if defined(MBEDTLS_SHA512_C)
+        case MBEDTLS_MD_SHA512:
+            return PSA_ALG_SHA_512;
+#    endif
+#    if defined(MBEDTLS_RIPEMD160_C)
+        case MBEDTLS_MD_RIPEMD160:
+            return PSA_ALG_RIPEMD160;
+#    endif
+        case MBEDTLS_MD_NONE:
+            return 0;
+        default:
+            return 0;
     }
 }
 
 /* Translations for ECC. */
 
-static inline int mbedtls_psa_get_ecc_oid_from_id(
-    psa_ecc_family_t curve, size_t bits,
-    char const **oid, size_t *oid_len )
+static inline int mbedtls_psa_get_ecc_oid_from_id(psa_ecc_family_t curve,
+                                                  size_t bits,
+                                                  char const **oid,
+                                                  size_t *oid_len)
 {
-    switch( curve )
-    {
+    switch (curve) {
         case PSA_ECC_FAMILY_SECP_R1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+            switch (bits) {
+#    if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
                 case 192:
                     *oid = MBEDTLS_OID_EC_GRP_SECP192R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
                 case 224:
                     *oid = MBEDTLS_OID_EC_GRP_SECP224R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_SECP256R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
                 case 384:
                     *oid = MBEDTLS_OID_EC_GRP_SECP384R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP384R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP384R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
                 case 521:
                     *oid = MBEDTLS_OID_EC_GRP_SECP521R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP521R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP521R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
             }
             break;
         case PSA_ECC_FAMILY_SECP_K1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+            switch (bits) {
+#    if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
                 case 192:
                     *oid = MBEDTLS_OID_EC_GRP_SECP192K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP192K1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP192K1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
                 case 224:
                     *oid = MBEDTLS_OID_EC_GRP_SECP224K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP224K1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP224K1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_SECP256K1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_SECP256K1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_SECP256K1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
             }
             break;
         case PSA_ECC_FAMILY_BRAINPOOL_P_R1:
-            switch( bits )
-            {
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+            switch (bits) {
+#    if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
                 case 256:
                     *oid = MBEDTLS_OID_EC_GRP_BP256R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP256R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP256R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
                 case 384:
                     *oid = MBEDTLS_OID_EC_GRP_BP384R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP384R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP384R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
                 case 512:
                     *oid = MBEDTLS_OID_EC_GRP_BP512R1;
-                    *oid_len = MBEDTLS_OID_SIZE( MBEDTLS_OID_EC_GRP_BP512R1 );
-                    return 0 ;
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
+                    *oid_len = MBEDTLS_OID_SIZE(MBEDTLS_OID_EC_GRP_BP512R1);
+                    return 0;
+#    endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
             }
             break;
     }
-    (void) oid;
-    (void) oid_len;
-    return -1 ;
+    (void)oid;
+    (void)oid_len;
+    return -1;
 }
 
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
+#    define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH 1
 
-#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 521 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((521 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((521 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 192 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((192 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((192 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 224 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((224 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((224 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 256 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((256 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((256 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 384 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
+#    if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((384 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((384 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
 
-#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
-#if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
-#define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH ( 2 * ( ( 512 + 7 ) / 8 ) + 1 )
-#endif
-#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
-
+#    if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
+#        if MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH < (2 * ((512 + 7) / 8) + 1)
+#            undef MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH
+#            define MBEDTLS_PSA_MAX_EC_PUBKEY_LENGTH (2 * ((512 + 7) / 8) + 1)
+#        endif
+#    endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
 
 /* Translations for PK layer */
 
-static inline int mbedtls_psa_err_translate_pk( psa_status_t status )
+static inline int mbedtls_psa_err_translate_pk(psa_status_t status)
 {
-    switch( status )
-    {
+    switch (status) {
         case PSA_SUCCESS:
-            return 0 ;
+            return 0;
         case PSA_ERROR_NOT_SUPPORTED:
-            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE ;
+            return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
         case PSA_ERROR_INSUFFICIENT_MEMORY:
-            return MBEDTLS_ERR_PK_ALLOC_FAILED ;
+            return MBEDTLS_ERR_PK_ALLOC_FAILED;
         case PSA_ERROR_INSUFFICIENT_ENTROPY:
-            return MBEDTLS_ERR_ECP_RANDOM_FAILED ;
+            return MBEDTLS_ERR_ECP_RANDOM_FAILED;
         case PSA_ERROR_BAD_STATE:
-            return MBEDTLS_ERR_PK_BAD_INPUT_DATA ;
+            return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
         /* All other failures */
         case PSA_ERROR_COMMUNICATION_FAILURE:
         case PSA_ERROR_HARDWARE_FAILURE:
         case PSA_ERROR_CORRUPTION_DETECTED:
-            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
         default: /* We return the same as for the 'other failures',
                   * but list them separately nonetheless to indicate
                   * which failure conditions we have considered. */
-            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED ;
+            return MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED;
     }
 }
 
@@ -360,18 +351,18 @@
 /* This function transforms an ECC group identifier from
  * https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8
  * into a PSA ECC group identifier. */
-#if defined(MBEDTLS_ECP_C)
-static inline psa_key_type_t mbedtls_psa_parse_tls_ecc_group(
-    uint16_t tls_ecc_grp_reg_id, size_t *bits )
+#    if defined(MBEDTLS_ECP_C)
+static inline psa_key_type_t
+mbedtls_psa_parse_tls_ecc_group(uint16_t tls_ecc_grp_reg_id, size_t *bits)
 {
     const mbedtls_ecp_curve_info *curve_info =
-        mbedtls_ecp_curve_info_from_tls_id( tls_ecc_grp_reg_id );
-    if( curve_info == NULL )
-        return 0 ;
-    return( PSA_KEY_TYPE_ECC_KEY_PAIR(
-                mbedtls_ecc_group_to_psa( curve_info->MBEDTLS_PRIVATE(grp_id), bits ) ) );
+        mbedtls_ecp_curve_info_from_tls_id(tls_ecc_grp_reg_id);
+    if (curve_info == NULL)
+        return 0;
+    return (PSA_KEY_TYPE_ECC_KEY_PAIR(
+        mbedtls_ecc_group_to_psa(curve_info->MBEDTLS_PRIVATE(grp_id), bits)));
 }
-#endif /* MBEDTLS_ECP_C */
+#    endif /* MBEDTLS_ECP_C */
 
 /* This function takes a buffer holding an EC public key
  * exported through psa_export_public_key(), and converts
@@ -383,14 +374,14 @@
  * as a subbuffer, and the function merely selects this subbuffer instead
  * of making a copy.
  */
-static inline int mbedtls_psa_tls_psa_ec_to_ecpoint( unsigned char *src,
-                                                     size_t srclen,
-                                                     unsigned char **dst,
-                                                     size_t *dstlen )
+static inline int mbedtls_psa_tls_psa_ec_to_ecpoint(unsigned char *src,
+                                                    size_t srclen,
+                                                    unsigned char **dst,
+                                                    size_t *dstlen)
 {
     *dst = src;
     *dstlen = srclen;
-    return 0 ;
+    return 0;
 }
 
 /* This function takes a buffer holding an ECPoint structure
@@ -398,18 +389,18 @@
  * exchanges) and converts it into a format that the PSA key
  * agreement API understands.
  */
-static inline int mbedtls_psa_tls_ecpoint_to_psa_ec( unsigned char const *src,
-                                                     size_t srclen,
-                                                     unsigned char *dst,
-                                                     size_t dstlen,
-                                                     size_t *olen )
+static inline int mbedtls_psa_tls_ecpoint_to_psa_ec(unsigned char const *src,
+                                                    size_t srclen,
+                                                    unsigned char *dst,
+                                                    size_t dstlen,
+                                                    size_t *olen)
 {
-    if( srclen > dstlen )
-        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL ;
+    if (srclen > dstlen)
+        return MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL;
 
-    memcpy( dst, src, srclen );
+    memcpy(dst, src, srclen);
     *olen = srclen;
-    return 0 ;
+    return 0;
 }
 
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
@@ -426,9 +417,10 @@
  * This type name is not part of the Mbed TLS stable API. It may be renamed
  * or moved without warning.
  */
-typedef int mbedtls_f_rng_t( void *p_rng, unsigned char *output, size_t output_size );
+typedef int
+mbedtls_f_rng_t(void *p_rng, unsigned char *output, size_t output_size);
 
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
+#    if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
 
 /** The random generator function for the PSA subsystem.
  *
@@ -465,9 +457,9 @@
  *                      `MBEDTLS_ERR_CTR_DRBG_xxx` or
  *                      `MBEDTLS_ERR_HMAC_DRBG_xxx` on error.
  */
-int mbedtls_psa_get_random( void *p_rng,
-                            unsigned char *output,
-                            size_t output_size );
+int mbedtls_psa_get_random(void *p_rng,
+                           unsigned char *output,
+                           size_t output_size);
 
 /** The random generator state for the PSA subsystem.
  *
@@ -479,24 +471,24 @@
  * The implementation of this macro depends on the configuration of the
  * library. Do not make any assumption on its nature.
  */
-#define MBEDTLS_PSA_RANDOM_STATE NULL
+#        define MBEDTLS_PSA_RANDOM_STATE NULL
 
-#else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+#    else /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include "mbedtls/ctr_drbg.h"
+#        if defined(MBEDTLS_CTR_DRBG_C)
+#            include "mbedtls/ctr_drbg.h"
 typedef mbedtls_ctr_drbg_context mbedtls_psa_drbg_context_t;
 static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_ctr_drbg_random;
-#elif defined(MBEDTLS_HMAC_DRBG_C)
-#include "mbedtls/hmac_drbg.h"
+#        elif defined(MBEDTLS_HMAC_DRBG_C)
+#            include "mbedtls/hmac_drbg.h"
 typedef mbedtls_hmac_drbg_context mbedtls_psa_drbg_context_t;
 static mbedtls_f_rng_t *const mbedtls_psa_get_random = mbedtls_hmac_drbg_random;
-#endif
+#        endif
 extern mbedtls_psa_drbg_context_t *const mbedtls_psa_random_state;
 
-#define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
+#        define MBEDTLS_PSA_RANDOM_STATE mbedtls_psa_random_state
 
-#endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
+#    endif /* !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) */
 
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
diff --git a/include/mbedtls/ripemd160.h b/include/mbedtls/ripemd160.h
index 9132a83..b55abfc 100644
--- a/include/mbedtls/ripemd160.h
+++ b/include/mbedtls/ripemd160.h
@@ -39,16 +39,15 @@
 /**
  * \brief          RIPEMD-160 context structure
  */
-typedef struct mbedtls_ripemd160_context
-{
-    uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< number of bytes processed  */
-    uint32_t MBEDTLS_PRIVATE(state)[5];          /*!< intermediate digest state  */
-    unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< data block being processed */
-}
-mbedtls_ripemd160_context;
+typedef struct mbedtls_ripemd160_context {
+    uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< number of bytes processed  */
+    uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< intermediate digest state  */
+    unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< data block being processed
+                                                */
+} mbedtls_ripemd160_context;
 
-#else  /* MBEDTLS_RIPEMD160_ALT */
-#include "ripemd160_alt.h"
+#else /* MBEDTLS_RIPEMD160_ALT */
+#    include "ripemd160_alt.h"
 #endif /* MBEDTLS_RIPEMD160_ALT */
 
 /**
@@ -56,14 +55,14 @@
  *
  * \param ctx      RIPEMD-160 context to be initialized
  */
-void mbedtls_ripemd160_init( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_init(mbedtls_ripemd160_context *ctx);
 
 /**
  * \brief          Clear RIPEMD-160 context
  *
  * \param ctx      RIPEMD-160 context to be cleared
  */
-void mbedtls_ripemd160_free( mbedtls_ripemd160_context *ctx );
+void mbedtls_ripemd160_free(mbedtls_ripemd160_context *ctx);
 
 /**
  * \brief          Clone (the state of) an RIPEMD-160 context
@@ -71,8 +70,8 @@
  * \param dst      The destination context
  * \param src      The context to be cloned
  */
-void mbedtls_ripemd160_clone( mbedtls_ripemd160_context *dst,
-                        const mbedtls_ripemd160_context *src );
+void mbedtls_ripemd160_clone(mbedtls_ripemd160_context *dst,
+                             const mbedtls_ripemd160_context *src);
 
 /**
  * \brief          RIPEMD-160 context setup
@@ -81,7 +80,7 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ripemd160_starts( mbedtls_ripemd160_context *ctx );
+int mbedtls_ripemd160_starts(mbedtls_ripemd160_context *ctx);
 
 /**
  * \brief          RIPEMD-160 process buffer
@@ -92,9 +91,9 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ripemd160_update( mbedtls_ripemd160_context *ctx,
-                              const unsigned char *input,
-                              size_t ilen );
+int mbedtls_ripemd160_update(mbedtls_ripemd160_context *ctx,
+                             const unsigned char *input,
+                             size_t ilen);
 
 /**
  * \brief          RIPEMD-160 final digest
@@ -104,8 +103,8 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ripemd160_finish( mbedtls_ripemd160_context *ctx,
-                              unsigned char output[20] );
+int mbedtls_ripemd160_finish(mbedtls_ripemd160_context *ctx,
+                             unsigned char output[20]);
 
 /**
  * \brief          RIPEMD-160 process data block (internal use only)
@@ -115,8 +114,8 @@
  *
  * \return         0 if successful
  */
-int mbedtls_internal_ripemd160_process( mbedtls_ripemd160_context *ctx,
-                                        const unsigned char data[64] );
+int mbedtls_internal_ripemd160_process(mbedtls_ripemd160_context *ctx,
+                                       const unsigned char data[64]);
 
 /**
  * \brief          Output = RIPEMD-160( input buffer )
@@ -127,9 +126,9 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ripemd160( const unsigned char *input,
-                       size_t ilen,
-                       unsigned char output[20] );
+int mbedtls_ripemd160(const unsigned char *input,
+                      size_t ilen,
+                      unsigned char output[20]);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -138,7 +137,7 @@
  *
  * \return         0 if successful, or 1 if the test failed
  */
-int mbedtls_ripemd160_self_test( int verbose );
+int mbedtls_ripemd160_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index fe29548..9fb2810 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -35,46 +35,46 @@
 #include "mbedtls/md.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 /*
  * RSA Error codes
  */
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA                    -0x4080
+#define MBEDTLS_ERR_RSA_BAD_INPUT_DATA -0x4080
 /** Input data contains invalid padding and is rejected. */
-#define MBEDTLS_ERR_RSA_INVALID_PADDING                   -0x4100
+#define MBEDTLS_ERR_RSA_INVALID_PADDING -0x4100
 /** Something failed during generation of a key. */
-#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED                    -0x4180
+#define MBEDTLS_ERR_RSA_KEY_GEN_FAILED -0x4180
 /** Key failed to pass the validity check of the library. */
-#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED                  -0x4200
+#define MBEDTLS_ERR_RSA_KEY_CHECK_FAILED -0x4200
 /** The public key operation failed. */
-#define MBEDTLS_ERR_RSA_PUBLIC_FAILED                     -0x4280
+#define MBEDTLS_ERR_RSA_PUBLIC_FAILED -0x4280
 /** The private key operation failed. */
-#define MBEDTLS_ERR_RSA_PRIVATE_FAILED                    -0x4300
+#define MBEDTLS_ERR_RSA_PRIVATE_FAILED -0x4300
 /** The PKCS#1 verification failed. */
-#define MBEDTLS_ERR_RSA_VERIFY_FAILED                     -0x4380
+#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380
 /** The output buffer for decryption is not large enough. */
-#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE                  -0x4400
+#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400
 /** The random generator failed to generate non-zeros. */
-#define MBEDTLS_ERR_RSA_RNG_FAILED                        -0x4480
+#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480
 
 /*
  * RSA constants
  */
 
 /** Use PKCS#1 v1.5 encoding. */
-#define MBEDTLS_RSA_PKCS_V15    0
+#define MBEDTLS_RSA_PKCS_V15 0
 /** Use PKCS#1 v2.1 encoding. */
-#define MBEDTLS_RSA_PKCS_V21    1
+#define MBEDTLS_RSA_PKCS_V21 1
 
 /** Identifier for RSA signature operations. */
-#define MBEDTLS_RSA_SIGN        1
+#define MBEDTLS_RSA_SIGN 1
 /** Identifier for RSA encryption and decryption operations. */
-#define MBEDTLS_RSA_CRYPT       2
+#define MBEDTLS_RSA_CRYPT 2
 
-#define MBEDTLS_RSA_SALT_LEN_ANY    -1
+#define MBEDTLS_RSA_SALT_LEN_ANY -1
 
 /*
  * The above constants may be used even if the RSA module is compile out,
@@ -92,49 +92,48 @@
 /**
  * \brief   The RSA context structure.
  */
-typedef struct mbedtls_rsa_context
-{
-    int MBEDTLS_PRIVATE(ver);                    /*!<  Reserved for internal purposes.
-                                 *    Do not set this field in application
-                                 *    code. Its meaning might change without
-                                 *    notice. */
-    size_t MBEDTLS_PRIVATE(len);                 /*!<  The size of \p N in Bytes. */
+typedef struct mbedtls_rsa_context {
+    int MBEDTLS_PRIVATE(ver); /*!<  Reserved for internal purposes.
+                               *    Do not set this field in application
+                               *    code. Its meaning might change without
+                               *    notice. */
+    size_t MBEDTLS_PRIVATE(len); /*!<  The size of \p N in Bytes. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(N);              /*!<  The public modulus. */
-    mbedtls_mpi MBEDTLS_PRIVATE(E);              /*!<  The public exponent. */
+    mbedtls_mpi MBEDTLS_PRIVATE(N); /*!<  The public modulus. */
+    mbedtls_mpi MBEDTLS_PRIVATE(E); /*!<  The public exponent. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(D);              /*!<  The private exponent. */
-    mbedtls_mpi MBEDTLS_PRIVATE(P);              /*!<  The first prime factor. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Q);              /*!<  The second prime factor. */
+    mbedtls_mpi MBEDTLS_PRIVATE(D); /*!<  The private exponent. */
+    mbedtls_mpi MBEDTLS_PRIVATE(P); /*!<  The first prime factor. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Q); /*!<  The second prime factor. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(DP);             /*!<  <code>D % (P - 1)</code>. */
-    mbedtls_mpi MBEDTLS_PRIVATE(DQ);             /*!<  <code>D % (Q - 1)</code>. */
-    mbedtls_mpi MBEDTLS_PRIVATE(QP);             /*!<  <code>1 / (Q % P)</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(DP); /*!<  <code>D % (P - 1)</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(DQ); /*!<  <code>D % (Q - 1)</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(QP); /*!<  <code>1 / (Q % P)</code>. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(RN);             /*!<  cached <code>R^2 mod N</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(RN); /*!<  cached <code>R^2 mod N</code>. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(RP);             /*!<  cached <code>R^2 mod P</code>. */
-    mbedtls_mpi MBEDTLS_PRIVATE(RQ);             /*!<  cached <code>R^2 mod Q</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(RP); /*!<  cached <code>R^2 mod P</code>. */
+    mbedtls_mpi MBEDTLS_PRIVATE(RQ); /*!<  cached <code>R^2 mod Q</code>. */
 
-    mbedtls_mpi MBEDTLS_PRIVATE(Vi);             /*!<  The cached blinding value. */
-    mbedtls_mpi MBEDTLS_PRIVATE(Vf);             /*!<  The cached un-blinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Vi); /*!<  The cached blinding value. */
+    mbedtls_mpi MBEDTLS_PRIVATE(Vf); /*!<  The cached un-blinding value. */
 
-    int MBEDTLS_PRIVATE(padding);                /*!< Selects padding mode:
-                                     #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
-                                     #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
-    int MBEDTLS_PRIVATE(hash_id);                /*!< Hash identifier of mbedtls_md_type_t type,
-                                     as specified in md.h for use in the MGF
-                                     mask generating function used in the
-                                     EME-OAEP and EMSA-PSS encodings. */
-#if defined(MBEDTLS_THREADING_C)
+    int MBEDTLS_PRIVATE(padding); /*!< Selects padding mode:
+                      #MBEDTLS_RSA_PKCS_V15 for 1.5 padding and
+                      #MBEDTLS_RSA_PKCS_V21 for OAEP or PSS. */
+    int MBEDTLS_PRIVATE(hash_id); /*!< Hash identifier of mbedtls_md_type_t
+                      type, as specified in md.h for use in the MGF mask
+                      generating function used in the EME-OAEP and EMSA-PSS
+                      encodings. */
+#    if defined(MBEDTLS_THREADING_C)
     /* Invariant: the mutex is initialized iff ver != 0. */
-    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);    /*!<  Thread-safety mutex. */
-#endif
-}
-mbedtls_rsa_context;
+    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!<  Thread-safety mutex.
+                                                       */
+#    endif
+} mbedtls_rsa_context;
 
-#else  /* MBEDTLS_RSA_ALT */
-#include "rsa_alt.h"
+#else /* MBEDTLS_RSA_ALT */
+#    include "rsa_alt.h"
 #endif /* MBEDTLS_RSA_ALT */
 
 /**
@@ -147,7 +146,7 @@
  *
  * \param ctx      The RSA context to initialize. This must not be \c NULL.
  */
-void mbedtls_rsa_init( mbedtls_rsa_context *ctx );
+void mbedtls_rsa_init(mbedtls_rsa_context *ctx);
 
 /**
  * \brief          This function sets padding for an already initialized RSA
@@ -183,8 +182,9 @@
  * \return         #MBEDTLS_ERR_RSA_INVALID_PADDING failure:
  *                 \p padding or \p hash_id is invalid.
  */
-int mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding,
-                             mbedtls_md_type_t hash_id );
+int mbedtls_rsa_set_padding(mbedtls_rsa_context *ctx,
+                            int padding,
+                            mbedtls_md_type_t hash_id);
 
 /**
  * \brief          This function imports a set of core parameters into an
@@ -215,10 +215,12 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
-                        const mbedtls_mpi *N,
-                        const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                        const mbedtls_mpi *D, const mbedtls_mpi *E );
+int mbedtls_rsa_import(mbedtls_rsa_context *ctx,
+                       const mbedtls_mpi *N,
+                       const mbedtls_mpi *P,
+                       const mbedtls_mpi *Q,
+                       const mbedtls_mpi *D,
+                       const mbedtls_mpi *E);
 
 /**
  * \brief          This function imports core RSA parameters, in raw big-endian
@@ -254,12 +256,17 @@
  * \return         \c 0 on success.
  * \return         A non-zero error code on failure.
  */
-int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
-                            unsigned char const *N, size_t N_len,
-                            unsigned char const *P, size_t P_len,
-                            unsigned char const *Q, size_t Q_len,
-                            unsigned char const *D, size_t D_len,
-                            unsigned char const *E, size_t E_len );
+int mbedtls_rsa_import_raw(mbedtls_rsa_context *ctx,
+                           unsigned char const *N,
+                           size_t N_len,
+                           unsigned char const *P,
+                           size_t P_len,
+                           unsigned char const *Q,
+                           size_t Q_len,
+                           unsigned char const *D,
+                           size_t D_len,
+                           unsigned char const *E,
+                           size_t E_len);
 
 /**
  * \brief          This function completes an RSA context from
@@ -293,7 +300,7 @@
  *                 failed.
  *
  */
-int mbedtls_rsa_complete( mbedtls_rsa_context *ctx );
+int mbedtls_rsa_complete(mbedtls_rsa_context *ctx);
 
 /**
  * \brief          This function exports the core parameters of an RSA key.
@@ -335,9 +342,12 @@
  * \return         A non-zero return code on any other failure.
  *
  */
-int mbedtls_rsa_export( const mbedtls_rsa_context *ctx,
-                        mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q,
-                        mbedtls_mpi *D, mbedtls_mpi *E );
+int mbedtls_rsa_export(const mbedtls_rsa_context *ctx,
+                       mbedtls_mpi *N,
+                       mbedtls_mpi *P,
+                       mbedtls_mpi *Q,
+                       mbedtls_mpi *D,
+                       mbedtls_mpi *E);
 
 /**
  * \brief          This function exports core parameters of an RSA key
@@ -386,12 +396,17 @@
  *                 functionality or because of security policies.
  * \return         A non-zero return code on any other failure.
  */
-int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx,
-                            unsigned char *N, size_t N_len,
-                            unsigned char *P, size_t P_len,
-                            unsigned char *Q, size_t Q_len,
-                            unsigned char *D, size_t D_len,
-                            unsigned char *E, size_t E_len );
+int mbedtls_rsa_export_raw(const mbedtls_rsa_context *ctx,
+                           unsigned char *N,
+                           size_t N_len,
+                           unsigned char *P,
+                           size_t P_len,
+                           unsigned char *Q,
+                           size_t Q_len,
+                           unsigned char *D,
+                           size_t D_len,
+                           unsigned char *E,
+                           size_t E_len);
 
 /**
  * \brief          This function exports CRT parameters of a private RSA key.
@@ -412,8 +427,10 @@
  * \return         A non-zero error code on failure.
  *
  */
-int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
-                            mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP );
+int mbedtls_rsa_export_crt(const mbedtls_rsa_context *ctx,
+                           mbedtls_mpi *DP,
+                           mbedtls_mpi *DQ,
+                           mbedtls_mpi *QP);
 
 /**
  * \brief          This function retrieves the length of RSA modulus in Bytes.
@@ -423,7 +440,7 @@
  * \return         The length of the RSA modulus in Bytes.
  *
  */
-size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx );
+size_t mbedtls_rsa_get_len(const mbedtls_rsa_context *ctx);
 
 /**
  * \brief          This function generates an RSA keypair.
@@ -443,10 +460,11 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         unsigned int nbits, int exponent );
+int mbedtls_rsa_gen_key(mbedtls_rsa_context *ctx,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng,
+                        unsigned int nbits,
+                        int exponent);
 
 /**
  * \brief          This function checks if a context contains at least an RSA
@@ -462,7 +480,7 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
-int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_pubkey(const mbedtls_rsa_context *ctx);
 
 /**
  * \brief      This function checks if a context contains an RSA private key
@@ -500,7 +518,7 @@
  * \return     \c 0 on success.
  * \return     An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx );
+int mbedtls_rsa_check_privkey(const mbedtls_rsa_context *ctx);
 
 /**
  * \brief          This function checks a public-private RSA key pair.
@@ -513,8 +531,8 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub,
-                                const mbedtls_rsa_context *prv );
+int mbedtls_rsa_check_pub_priv(const mbedtls_rsa_context *pub,
+                               const mbedtls_rsa_context *prv);
 
 /**
  * \brief          This function performs an RSA public key operation.
@@ -535,9 +553,9 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_public( mbedtls_rsa_context *ctx,
-                const unsigned char *input,
-                unsigned char *output );
+int mbedtls_rsa_public(mbedtls_rsa_context *ctx,
+                       const unsigned char *input,
+                       unsigned char *output);
 
 /**
  * \brief          This function performs an RSA private key operation.
@@ -568,11 +586,11 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
-int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
-                 int (*f_rng)(void *, unsigned char *, size_t),
-                 void *p_rng,
-                 const unsigned char *input,
-                 unsigned char *output );
+int mbedtls_rsa_private(mbedtls_rsa_context *ctx,
+                        int (*f_rng)(void *, unsigned char *, size_t),
+                        void *p_rng,
+                        const unsigned char *input,
+                        unsigned char *output);
 
 /**
  * \brief          This function adds the message padding, then performs an RSA
@@ -597,12 +615,12 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       size_t ilen,
-                       const unsigned char *input,
-                       unsigned char *output );
+int mbedtls_rsa_pkcs1_encrypt(mbedtls_rsa_context *ctx,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng,
+                              size_t ilen,
+                              const unsigned char *input,
+                              unsigned char *output);
 
 /**
  * \brief          This function performs a PKCS#1 v1.5 encryption operation
@@ -624,12 +642,14 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 size_t ilen,
-                                 const unsigned char *input,
-                                 unsigned char *output );
+int mbedtls_rsa_rsaes_pkcs1_v15_encrypt(mbedtls_rsa_context *ctx,
+                                        int (*f_rng)(void *,
+                                                     unsigned char *,
+                                                     size_t),
+                                        void *p_rng,
+                                        size_t ilen,
+                                        const unsigned char *input,
+                                        unsigned char *output);
 
 /**
  * \brief            This function performs a PKCS#1 v2.1 OAEP encryption
@@ -658,13 +678,14 @@
  * \return           \c 0 on success.
  * \return           An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            const unsigned char *label, size_t label_len,
-                            size_t ilen,
-                            const unsigned char *input,
-                            unsigned char *output );
+int mbedtls_rsa_rsaes_oaep_encrypt(mbedtls_rsa_context *ctx,
+                                   int (*f_rng)(void *, unsigned char *, size_t),
+                                   void *p_rng,
+                                   const unsigned char *label,
+                                   size_t label_len,
+                                   size_t ilen,
+                                   const unsigned char *input,
+                                   unsigned char *output);
 
 /**
  * \brief          This function performs an RSA operation, then removes the
@@ -697,13 +718,13 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng,
-                       size_t *olen,
-                       const unsigned char *input,
-                       unsigned char *output,
-                       size_t output_max_len );
+int mbedtls_rsa_pkcs1_decrypt(mbedtls_rsa_context *ctx,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng,
+                              size_t *olen,
+                              const unsigned char *input,
+                              unsigned char *output,
+                              size_t output_max_len);
 
 /**
  * \brief          This function performs a PKCS#1 v1.5 decryption
@@ -734,13 +755,15 @@
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  *
  */
-int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
-                                 int (*f_rng)(void *, unsigned char *, size_t),
-                                 void *p_rng,
-                                 size_t *olen,
-                                 const unsigned char *input,
-                                 unsigned char *output,
-                                 size_t output_max_len );
+int mbedtls_rsa_rsaes_pkcs1_v15_decrypt(mbedtls_rsa_context *ctx,
+                                        int (*f_rng)(void *,
+                                                     unsigned char *,
+                                                     size_t),
+                                        void *p_rng,
+                                        size_t *olen,
+                                        const unsigned char *input,
+                                        unsigned char *output,
+                                        size_t output_max_len);
 
 /**
  * \brief            This function performs a PKCS#1 v2.1 OAEP decryption
@@ -775,14 +798,15 @@
  * \return         \c 0 on success.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
-                            int (*f_rng)(void *, unsigned char *, size_t),
-                            void *p_rng,
-                            const unsigned char *label, size_t label_len,
-                            size_t *olen,
-                            const unsigned char *input,
-                            unsigned char *output,
-                            size_t output_max_len );
+int mbedtls_rsa_rsaes_oaep_decrypt(mbedtls_rsa_context *ctx,
+                                   int (*f_rng)(void *, unsigned char *, size_t),
+                                   void *p_rng,
+                                   const unsigned char *label,
+                                   size_t label_len,
+                                   size_t *olen,
+                                   const unsigned char *input,
+                                   unsigned char *output,
+                                   size_t output_max_len);
 
 /**
  * \brief          This function performs a private RSA operation to sign
@@ -818,13 +842,13 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
-                    int (*f_rng)(void *, unsigned char *, size_t),
-                    void *p_rng,
-                    mbedtls_md_type_t md_alg,
-                    unsigned int hashlen,
-                    const unsigned char *hash,
-                    unsigned char *sig );
+int mbedtls_rsa_pkcs1_sign(mbedtls_rsa_context *ctx,
+                           int (*f_rng)(void *, unsigned char *, size_t),
+                           void *p_rng,
+                           mbedtls_md_type_t md_alg,
+                           unsigned int hashlen,
+                           const unsigned char *hash,
+                           unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v1.5 signature
@@ -850,13 +874,15 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
-                               int (*f_rng)(void *, unsigned char *, size_t),
-                               void *p_rng,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_sign(mbedtls_rsa_context *ctx,
+                                      int (*f_rng)(void *,
+                                                   unsigned char *,
+                                                   size_t),
+                                      void *p_rng,
+                                      mbedtls_md_type_t md_alg,
+                                      unsigned int hashlen,
+                                      const unsigned char *hash,
+                                      unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v2.1 PSS signature
@@ -901,14 +927,16 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pss_sign_ext( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         int saltlen,
-                         unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign_ext(mbedtls_rsa_context *ctx,
+                                    int (*f_rng)(void *,
+                                                 unsigned char *,
+                                                 size_t),
+                                    void *p_rng,
+                                    mbedtls_md_type_t md_alg,
+                                    unsigned int hashlen,
+                                    const unsigned char *hash,
+                                    int saltlen,
+                                    unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v2.1 PSS signature
@@ -951,13 +979,13 @@
  * \return         \c 0 if the signing operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
-                         int (*f_rng)(void *, unsigned char *, size_t),
-                         void *p_rng,
-                         mbedtls_md_type_t md_alg,
-                         unsigned int hashlen,
-                         const unsigned char *hash,
-                         unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_sign(mbedtls_rsa_context *ctx,
+                                int (*f_rng)(void *, unsigned char *, size_t),
+                                void *p_rng,
+                                mbedtls_md_type_t md_alg,
+                                unsigned int hashlen,
+                                const unsigned char *hash,
+                                unsigned char *sig);
 
 /**
  * \brief          This function performs a public RSA operation and checks
@@ -985,11 +1013,11 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
-                      mbedtls_md_type_t md_alg,
-                      unsigned int hashlen,
-                      const unsigned char *hash,
-                      const unsigned char *sig );
+int mbedtls_rsa_pkcs1_verify(mbedtls_rsa_context *ctx,
+                             mbedtls_md_type_t md_alg,
+                             unsigned int hashlen,
+                             const unsigned char *hash,
+                             const unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v1.5 verification
@@ -1010,11 +1038,11 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
-                                 mbedtls_md_type_t md_alg,
-                                 unsigned int hashlen,
-                                 const unsigned char *hash,
-                                 const unsigned char *sig );
+int mbedtls_rsa_rsassa_pkcs1_v15_verify(mbedtls_rsa_context *ctx,
+                                        mbedtls_md_type_t md_alg,
+                                        unsigned int hashlen,
+                                        const unsigned char *hash,
+                                        const unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v2.1 PSS verification
@@ -1045,11 +1073,11 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx,
-                           mbedtls_md_type_t md_alg,
-                           unsigned int hashlen,
-                           const unsigned char *hash,
-                           const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify(mbedtls_rsa_context *ctx,
+                                  mbedtls_md_type_t md_alg,
+                                  unsigned int hashlen,
+                                  const unsigned char *hash,
+                                  const unsigned char *sig);
 
 /**
  * \brief          This function performs a PKCS#1 v2.1 PSS verification
@@ -1085,13 +1113,13 @@
  * \return         \c 0 if the verify operation was successful.
  * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
  */
-int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx,
-                               mbedtls_md_type_t md_alg,
-                               unsigned int hashlen,
-                               const unsigned char *hash,
-                               mbedtls_md_type_t mgf1_hash_id,
-                               int expected_salt_len,
-                               const unsigned char *sig );
+int mbedtls_rsa_rsassa_pss_verify_ext(mbedtls_rsa_context *ctx,
+                                      mbedtls_md_type_t md_alg,
+                                      unsigned int hashlen,
+                                      const unsigned char *hash,
+                                      mbedtls_md_type_t mgf1_hash_id,
+                                      int expected_salt_len,
+                                      const unsigned char *sig);
 
 /**
  * \brief          This function copies the components of an RSA context.
@@ -1102,7 +1130,7 @@
  * \return         \c 0 on success.
  * \return         #MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure.
  */
-int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src );
+int mbedtls_rsa_copy(mbedtls_rsa_context *dst, const mbedtls_rsa_context *src);
 
 /**
  * \brief          This function frees the components of an RSA key.
@@ -1111,7 +1139,7 @@
  *                 this function is a no-op. If it is not \c NULL, it must
  *                 point to an initialized RSA context.
  */
-void mbedtls_rsa_free( mbedtls_rsa_context *ctx );
+void mbedtls_rsa_free(mbedtls_rsa_context *ctx);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -1121,7 +1149,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_rsa_self_test( int verbose );
+int mbedtls_rsa_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/sha1.h b/include/mbedtls/sha1.h
index 6b55174..ec9ace5 100644
--- a/include/mbedtls/sha1.h
+++ b/include/mbedtls/sha1.h
@@ -36,7 +36,7 @@
 #include <stdint.h>
 
 /** SHA-1 input data was malformed. */
-#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA                   -0x0073
+#define MBEDTLS_ERR_SHA1_BAD_INPUT_DATA -0x0073
 
 #ifdef __cplusplus
 extern "C" {
@@ -54,16 +54,15 @@
  *                 stronger message digests instead.
  *
  */
-typedef struct mbedtls_sha1_context
-{
-    uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed.  */
-    uint32_t MBEDTLS_PRIVATE(state)[5];          /*!< The intermediate digest state.  */
-    unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< The data block being processed. */
-}
-mbedtls_sha1_context;
+typedef struct mbedtls_sha1_context {
+    uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed.  */
+    uint32_t MBEDTLS_PRIVATE(state)[5]; /*!< The intermediate digest state.  */
+    unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
+                                                  processed. */
+} mbedtls_sha1_context;
 
-#else  /* MBEDTLS_SHA1_ALT */
-#include "sha1_alt.h"
+#else /* MBEDTLS_SHA1_ALT */
+#    include "sha1_alt.h"
 #endif /* MBEDTLS_SHA1_ALT */
 
 /**
@@ -77,7 +76,7 @@
  *                 This must not be \c NULL.
  *
  */
-void mbedtls_sha1_init( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_init(mbedtls_sha1_context *ctx);
 
 /**
  * \brief          This function clears a SHA-1 context.
@@ -92,7 +91,7 @@
  *                 SHA-1 context.
  *
  */
-void mbedtls_sha1_free( mbedtls_sha1_context *ctx );
+void mbedtls_sha1_free(mbedtls_sha1_context *ctx);
 
 /**
  * \brief          This function clones the state of a SHA-1 context.
@@ -105,8 +104,8 @@
  * \param src      The SHA-1 context to clone from. This must be initialized.
  *
  */
-void mbedtls_sha1_clone( mbedtls_sha1_context *dst,
-                         const mbedtls_sha1_context *src );
+void mbedtls_sha1_clone(mbedtls_sha1_context *dst,
+                        const mbedtls_sha1_context *src);
 
 /**
  * \brief          This function starts a SHA-1 checksum calculation.
@@ -121,7 +120,7 @@
  * \return         A negative error code on failure.
  *
  */
-int mbedtls_sha1_starts( mbedtls_sha1_context *ctx );
+int mbedtls_sha1_starts(mbedtls_sha1_context *ctx);
 
 /**
  * \brief          This function feeds an input buffer into an ongoing SHA-1
@@ -140,9 +139,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha1_update( mbedtls_sha1_context *ctx,
-                         const unsigned char *input,
-                         size_t ilen );
+int mbedtls_sha1_update(mbedtls_sha1_context *ctx,
+                        const unsigned char *input,
+                        size_t ilen);
 
 /**
  * \brief          This function finishes the SHA-1 operation, and writes
@@ -160,8 +159,7 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha1_finish( mbedtls_sha1_context *ctx,
-                         unsigned char output[20] );
+int mbedtls_sha1_finish(mbedtls_sha1_context *ctx, unsigned char output[20]);
 
 /**
  * \brief          SHA-1 process data block (internal use only).
@@ -178,8 +176,8 @@
  * \return         A negative error code on failure.
  *
  */
-int mbedtls_internal_sha1_process( mbedtls_sha1_context *ctx,
-                                   const unsigned char data[64] );
+int mbedtls_internal_sha1_process(mbedtls_sha1_context *ctx,
+                                  const unsigned char data[64]);
 
 /**
  * \brief          This function calculates the SHA-1 checksum of a buffer.
@@ -204,9 +202,9 @@
  * \return         A negative error code on failure.
  *
  */
-int mbedtls_sha1( const unsigned char *input,
-                  size_t ilen,
-                  unsigned char output[20] );
+int mbedtls_sha1(const unsigned char *input,
+                 size_t ilen,
+                 unsigned char output[20]);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -221,7 +219,7 @@
  * \return         \c 1 on failure.
  *
  */
-int mbedtls_sha1_self_test( int verbose );
+int mbedtls_sha1_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/sha256.h b/include/mbedtls/sha256.h
index 9e6f59d..5a80cd6 100644
--- a/include/mbedtls/sha256.h
+++ b/include/mbedtls/sha256.h
@@ -4,7 +4,8 @@
  * \brief This file contains SHA-224 and SHA-256 definitions and functions.
  *
  * The Secure Hash Algorithms 224 and 256 (SHA-224 and SHA-256) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
+ * (SHS)</em>.
  */
 /*
  *  Copyright The Mbed TLS Contributors
@@ -32,7 +33,7 @@
 #include <stdint.h>
 
 /** SHA-256 input data was malformed. */
-#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA                 -0x0074
+#define MBEDTLS_ERR_SHA256_BAD_INPUT_DATA -0x0074
 
 #ifdef __cplusplus
 extern "C" {
@@ -49,18 +50,17 @@
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha256_starts().
  */
-typedef struct mbedtls_sha256_context
-{
-    uint32_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed.  */
-    uint32_t MBEDTLS_PRIVATE(state)[8];          /*!< The intermediate digest state.  */
-    unsigned char MBEDTLS_PRIVATE(buffer)[64];   /*!< The data block being processed. */
-    int MBEDTLS_PRIVATE(is224);                  /*!< Determines which function to use:
-                                     0: Use SHA-256, or 1: Use SHA-224. */
-}
-mbedtls_sha256_context;
+typedef struct mbedtls_sha256_context {
+    uint32_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed.  */
+    uint32_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state.  */
+    unsigned char MBEDTLS_PRIVATE(buffer)[64]; /*!< The data block being
+                                                  processed. */
+    int MBEDTLS_PRIVATE(is224); /*!< Determines which function to use:
+                    0: Use SHA-256, or 1: Use SHA-224. */
+} mbedtls_sha256_context;
 
-#else  /* MBEDTLS_SHA256_ALT */
-#include "sha256_alt.h"
+#else /* MBEDTLS_SHA256_ALT */
+#    include "sha256_alt.h"
 #endif /* MBEDTLS_SHA256_ALT */
 
 /**
@@ -68,7 +68,7 @@
  *
  * \param ctx      The SHA-256 context to initialize. This must not be \c NULL.
  */
-void mbedtls_sha256_init( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_init(mbedtls_sha256_context *ctx);
 
 /**
  * \brief          This function clears a SHA-256 context.
@@ -77,7 +77,7 @@
  *                 case this function returns immediately. If it is not \c NULL,
  *                 it must point to an initialized SHA-256 context.
  */
-void mbedtls_sha256_free( mbedtls_sha256_context *ctx );
+void mbedtls_sha256_free(mbedtls_sha256_context *ctx);
 
 /**
  * \brief          This function clones the state of a SHA-256 context.
@@ -85,8 +85,8 @@
  * \param dst      The destination context. This must be initialized.
  * \param src      The context to clone. This must be initialized.
  */
-void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
-                           const mbedtls_sha256_context *src );
+void mbedtls_sha256_clone(mbedtls_sha256_context *dst,
+                          const mbedtls_sha256_context *src);
 
 /**
  * \brief          This function starts a SHA-224 or SHA-256 checksum
@@ -99,7 +99,7 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 );
+int mbedtls_sha256_starts(mbedtls_sha256_context *ctx, int is224);
 
 /**
  * \brief          This function feeds an input buffer into an ongoing
@@ -114,9 +114,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha256_update( mbedtls_sha256_context *ctx,
-                           const unsigned char *input,
-                           size_t ilen );
+int mbedtls_sha256_update(mbedtls_sha256_context *ctx,
+                          const unsigned char *input,
+                          size_t ilen);
 
 /**
  * \brief          This function finishes the SHA-256 operation, and writes
@@ -131,8 +131,7 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha256_finish( mbedtls_sha256_context *ctx,
-                           unsigned char *output );
+int mbedtls_sha256_finish(mbedtls_sha256_context *ctx, unsigned char *output);
 
 /**
  * \brief          This function processes a single data block within
@@ -146,8 +145,8 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_internal_sha256_process( mbedtls_sha256_context *ctx,
-                                     const unsigned char data[64] );
+int mbedtls_internal_sha256_process(mbedtls_sha256_context *ctx,
+                                    const unsigned char data[64]);
 
 /**
  * \brief          This function calculates the SHA-224 or SHA-256
@@ -168,10 +167,10 @@
  * \param is224    Determines which function to use. This must be
  *                 either \c 0 for SHA-256, or \c 1 for SHA-224.
  */
-int mbedtls_sha256( const unsigned char *input,
-                    size_t ilen,
-                    unsigned char *output,
-                    int is224 );
+int mbedtls_sha256(const unsigned char *input,
+                   size_t ilen,
+                   unsigned char *output,
+                   int is224);
 
 #if defined(MBEDTLS_SELF_TEST)
 
@@ -181,7 +180,7 @@
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_sha256_self_test( int verbose );
+int mbedtls_sha256_self_test(int verbose);
 
 #endif /* MBEDTLS_SELF_TEST */
 
diff --git a/include/mbedtls/sha512.h b/include/mbedtls/sha512.h
index 48901cc..9df1476 100644
--- a/include/mbedtls/sha512.h
+++ b/include/mbedtls/sha512.h
@@ -3,7 +3,8 @@
  * \brief This file contains SHA-384 and SHA-512 definitions and functions.
  *
  * The Secure Hash Algorithms 384 and 512 (SHA-384 and SHA-512) cryptographic
- * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard (SHS)</em>.
+ * hash functions are defined in <em>FIPS 180-4: Secure Hash Standard
+ * (SHS)</em>.
  */
 /*
  *  Copyright The Mbed TLS Contributors
@@ -31,7 +32,7 @@
 #include <stdint.h>
 
 /** SHA-512 input data was malformed. */
-#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA                 -0x0075
+#define MBEDTLS_ERR_SHA512_BAD_INPUT_DATA -0x0075
 
 #ifdef __cplusplus
 extern "C" {
@@ -48,20 +49,19 @@
  *                 checksum calculations. The choice between these two is
  *                 made in the call to mbedtls_sha512_starts().
  */
-typedef struct mbedtls_sha512_context
-{
-    uint64_t MBEDTLS_PRIVATE(total)[2];          /*!< The number of Bytes processed. */
-    uint64_t MBEDTLS_PRIVATE(state)[8];          /*!< The intermediate digest state. */
-    unsigned char MBEDTLS_PRIVATE(buffer)[128];  /*!< The data block being processed. */
-#if defined(MBEDTLS_SHA384_C)
-    int MBEDTLS_PRIVATE(is384);                  /*!< Determines which function to use:
-                                                      0: Use SHA-512, or 1: Use SHA-384. */
-#endif
-}
-mbedtls_sha512_context;
+typedef struct mbedtls_sha512_context {
+    uint64_t MBEDTLS_PRIVATE(total)[2]; /*!< The number of Bytes processed. */
+    uint64_t MBEDTLS_PRIVATE(state)[8]; /*!< The intermediate digest state. */
+    unsigned char MBEDTLS_PRIVATE(buffer)[128]; /*!< The data block being
+                                                   processed. */
+#    if defined(MBEDTLS_SHA384_C)
+    int MBEDTLS_PRIVATE(is384); /*!< Determines which function to use:
+                                     0: Use SHA-512, or 1: Use SHA-384. */
+#    endif
+} mbedtls_sha512_context;
 
-#else  /* MBEDTLS_SHA512_ALT */
-#include "sha512_alt.h"
+#else /* MBEDTLS_SHA512_ALT */
+#    include "sha512_alt.h"
 #endif /* MBEDTLS_SHA512_ALT */
 
 /**
@@ -70,7 +70,7 @@
  * \param ctx      The SHA-512 context to initialize. This must
  *                 not be \c NULL.
  */
-void mbedtls_sha512_init( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_init(mbedtls_sha512_context *ctx);
 
 /**
  * \brief          This function clears a SHA-512 context.
@@ -80,7 +80,7 @@
  *                 is not \c NULL, it must point to an initialized
  *                 SHA-512 context.
  */
-void mbedtls_sha512_free( mbedtls_sha512_context *ctx );
+void mbedtls_sha512_free(mbedtls_sha512_context *ctx);
 
 /**
  * \brief          This function clones the state of a SHA-512 context.
@@ -88,8 +88,8 @@
  * \param dst      The destination context. This must be initialized.
  * \param src      The context to clone. This must be initialized.
  */
-void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
-                           const mbedtls_sha512_context *src );
+void mbedtls_sha512_clone(mbedtls_sha512_context *dst,
+                          const mbedtls_sha512_context *src);
 
 /**
  * \brief          This function starts a SHA-384 or SHA-512 checksum
@@ -106,7 +106,7 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 );
+int mbedtls_sha512_starts(mbedtls_sha512_context *ctx, int is384);
 
 /**
  * \brief          This function feeds an input buffer into an ongoing
@@ -121,9 +121,9 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha512_update( mbedtls_sha512_context *ctx,
-                           const unsigned char *input,
-                           size_t ilen );
+int mbedtls_sha512_update(mbedtls_sha512_context *ctx,
+                          const unsigned char *input,
+                          size_t ilen);
 
 /**
  * \brief          This function finishes the SHA-512 operation, and writes
@@ -138,8 +138,7 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha512_finish( mbedtls_sha512_context *ctx,
-                           unsigned char *output );
+int mbedtls_sha512_finish(mbedtls_sha512_context *ctx, unsigned char *output);
 
 /**
  * \brief          This function processes a single data block within
@@ -153,8 +152,8 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
-                                     const unsigned char data[128] );
+int mbedtls_internal_sha512_process(mbedtls_sha512_context *ctx,
+                                    const unsigned char data[128]);
 
 /**
  * \brief          This function calculates the SHA-512 or SHA-384
@@ -182,20 +181,20 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-int mbedtls_sha512( const unsigned char *input,
-                    size_t ilen,
-                    unsigned char *output,
-                    int is384 );
+int mbedtls_sha512(const unsigned char *input,
+                   size_t ilen,
+                   unsigned char *output,
+                   int is384);
 
 #if defined(MBEDTLS_SELF_TEST)
 
- /**
+/**
  * \brief          The SHA-384 or SHA-512 checkup routine.
  *
  * \return         \c 0 on success.
  * \return         \c 1 on failure.
  */
-int mbedtls_sha512_self_test( int verbose );
+int mbedtls_sha512_self_test(int verbose);
 #endif /* MBEDTLS_SELF_TEST */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index fa0e1f2..41a29ce 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -31,12 +31,12 @@
 #include "mbedtls/ssl_ciphersuites.h"
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#include "mbedtls/x509_crt.h"
-#include "mbedtls/x509_crl.h"
+#    include "mbedtls/x509_crt.h"
+#    include "mbedtls/x509_crl.h"
 #endif
 
 #if defined(MBEDTLS_DHM_C)
-#include "mbedtls/dhm.h"
+#    include "mbedtls/dhm.h"
 #endif
 
 /* Adding guard for MBEDTLS_ECDSA_C to ensure no compile errors due
@@ -45,59 +45,61 @@
  * MBEDTLS_ECDSA_C which does not seem correct.
  */
 #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-#include "mbedtls/ecdh.h"
+#    include "mbedtls/ecdh.h"
 #endif
 
 #if defined(MBEDTLS_HAVE_TIME)
-#include "mbedtls/platform_time.h"
+#    include "mbedtls/platform_time.h"
 #endif
 
 #if defined(MBEDTLS_USE_PSA_CRYPTO)
-#include "psa/crypto.h"
+#    include "psa/crypto.h"
 #endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /*
  * SSL Error codes
  */
 /** A cryptographic operation is in progress. Try again later. */
-#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS                -0x7000
+#define MBEDTLS_ERR_SSL_CRYPTO_IN_PROGRESS -0x7000
 /** The requested feature is not available. */
-#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE               -0x7080
+#define MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE -0x7080
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA                    -0x7100
+#define MBEDTLS_ERR_SSL_BAD_INPUT_DATA -0x7100
 /** Verification of the message MAC failed. */
-#define MBEDTLS_ERR_SSL_INVALID_MAC                       -0x7180
+#define MBEDTLS_ERR_SSL_INVALID_MAC -0x7180
 /** An invalid SSL record was received. */
-#define MBEDTLS_ERR_SSL_INVALID_RECORD                    -0x7200
+#define MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200
 /** The connection indicated an EOF. */
-#define MBEDTLS_ERR_SSL_CONN_EOF                          -0x7280
+#define MBEDTLS_ERR_SSL_CONN_EOF -0x7280
 /** A message could not be parsed due to a syntactic error. */
-#define MBEDTLS_ERR_SSL_DECODE_ERROR                      -0x7300
+#define MBEDTLS_ERR_SSL_DECODE_ERROR -0x7300
 /* Error space gap */
 /** No RNG was provided to the SSL module. */
-#define MBEDTLS_ERR_SSL_NO_RNG                            -0x7400
-/** No client certification received from the client, but required by the authentication mode. */
-#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE             -0x7480
-/** Client received an extended server hello containing an unsupported extension */
-#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION             -0x7500
+#define MBEDTLS_ERR_SSL_NO_RNG -0x7400
+/** No client certification received from the client, but required by the
+ * authentication mode. */
+#define MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE -0x7480
+/** Client received an extended server hello containing an unsupported extension
+ */
+#define MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION -0x7500
 /** No ALPN protocols supported that the client advertises */
-#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL           -0x7580
+#define MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL -0x7580
 /** The own private key or pre-shared key is not set, but needed. */
-#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED              -0x7600
+#define MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED -0x7600
 /** No CA Chain is set, but required to operate. */
-#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED                 -0x7680
+#define MBEDTLS_ERR_SSL_CA_CHAIN_REQUIRED -0x7680
 /** An unexpected message was received from our peer. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE                -0x7700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE -0x7700
 /** A fatal alert message was received from our peer. */
-#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE               -0x7780
+#define MBEDTLS_ERR_SSL_FATAL_ALERT_MESSAGE -0x7780
 /** No server could be identified matching the client's SNI. */
-#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME                 -0x7800
+#define MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME -0x7800
 /** The peer notified us that the connection is going to be closed. */
-#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY                 -0x7880
+#define MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY -0x7880
 /* Error space gap */
 /* Error space gap */
 /** Processing of the Certificate handshake message failed. */
-#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE                   -0x7A00
+#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
@@ -108,52 +110,54 @@
 /* Error space gap */
 /* Error space gap */
 /** Memory allocation failed */
-#define MBEDTLS_ERR_SSL_ALLOC_FAILED                      -0x7F00
+#define MBEDTLS_ERR_SSL_ALLOC_FAILED -0x7F00
 /** Hardware acceleration function returned with error */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED                   -0x7F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FAILED -0x7F80
 /** Hardware acceleration function skipped / left alone data */
-#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH              -0x6F80
+#define MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH -0x6F80
 /** Handshake protocol not within min/max boundaries */
-#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION              -0x6E80
+#define MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION -0x6E80
 /** The handshake negotiation failed. */
-#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE                 -0x6E00
+#define MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE -0x6E00
 /** Session ticket has expired. */
-#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED            -0x6D80
-/** Public key type mismatch (eg, asked for RSA key exchange and presented EC key) */
-#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH                  -0x6D00
+#define MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED -0x6D80
+/** Public key type mismatch (eg, asked for RSA key exchange and presented EC
+ * key) */
+#define MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH -0x6D00
 /** Unknown identity received (eg, PSK identity) */
-#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY                  -0x6C80
+#define MBEDTLS_ERR_SSL_UNKNOWN_IDENTITY -0x6C80
 /** Internal error (eg, unexpected failure in lower-level module) */
-#define MBEDTLS_ERR_SSL_INTERNAL_ERROR                    -0x6C00
+#define MBEDTLS_ERR_SSL_INTERNAL_ERROR -0x6C00
 /** A counter would wrap (eg, too many messages exchanged). */
-#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING                  -0x6B80
+#define MBEDTLS_ERR_SSL_COUNTER_WRAPPING -0x6B80
 /** Unexpected message at ServerHello in renegotiation. */
-#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO       -0x6B00
+#define MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO -0x6B00
 /** DTLS client must retry for hello verification */
-#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED             -0x6A80
+#define MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED -0x6A80
 /** A buffer is too small to receive or write a message */
-#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL                  -0x6A00
+#define MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL -0x6A00
 /* Error space gap */
 /** No data of requested type currently available on underlying transport. */
-#define MBEDTLS_ERR_SSL_WANT_READ                         -0x6900
+#define MBEDTLS_ERR_SSL_WANT_READ -0x6900
 /** Connection requires a write call. */
-#define MBEDTLS_ERR_SSL_WANT_WRITE                        -0x6880
+#define MBEDTLS_ERR_SSL_WANT_WRITE -0x6880
 /** The operation timed out. */
-#define MBEDTLS_ERR_SSL_TIMEOUT                           -0x6800
+#define MBEDTLS_ERR_SSL_TIMEOUT -0x6800
 /** The client initiated a reconnect from the same port. */
-#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT                  -0x6780
+#define MBEDTLS_ERR_SSL_CLIENT_RECONNECT -0x6780
 /** Record header looks valid but is not expected. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD                 -0x6700
+#define MBEDTLS_ERR_SSL_UNEXPECTED_RECORD -0x6700
 /** The alert message received indicates a non-fatal error. */
-#define MBEDTLS_ERR_SSL_NON_FATAL                         -0x6680
+#define MBEDTLS_ERR_SSL_NON_FATAL -0x6680
 /** A field in a message was incorrect or inconsistent with other fields. */
-#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER                 -0x6600
-/** Internal-only message signaling that further message-processing should be done */
-#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING               -0x6580
+#define MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER -0x6600
+/** Internal-only message signaling that further message-processing should be
+ * done */
+#define MBEDTLS_ERR_SSL_CONTINUE_PROCESSING -0x6580
 /** The asynchronous operation is not completed yet. */
-#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS                 -0x6500
+#define MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS -0x6500
 /** Internal-only message signaling that a message arrived early. */
-#define MBEDTLS_ERR_SSL_EARLY_MESSAGE                     -0x6480
+#define MBEDTLS_ERR_SSL_EARLY_MESSAGE -0x6480
 /* Error space gap */
 /* Error space gap */
 /* Error space gap */
@@ -163,11 +167,11 @@
 /* Error space gap */
 /* Error space gap */
 /** An encrypted DTLS-frame with an unexpected CID was received. */
-#define MBEDTLS_ERR_SSL_UNEXPECTED_CID                    -0x6000
+#define MBEDTLS_ERR_SSL_UNEXPECTED_CID -0x6000
 /** An operation failed due to an unexpected version or configuration. */
-#define MBEDTLS_ERR_SSL_VERSION_MISMATCH                  -0x5F00
+#define MBEDTLS_ERR_SSL_VERSION_MISMATCH -0x5F00
 /** Invalid value in SSL config */
-#define MBEDTLS_ERR_SSL_BAD_CONFIG                        -0x5E80
+#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
 
 /*
  * Various constants
@@ -177,93 +181,98 @@
  * - RFC 5246: ProtocolVersion version = { 3, 3 };     // TLS v1.2
  * - RFC 8446: see section 4.2.1
  */
-#define MBEDTLS_SSL_MAJOR_VERSION_3             3
-#define MBEDTLS_SSL_MINOR_VERSION_3             3   /*!< TLS v1.2 */
-#define MBEDTLS_SSL_MINOR_VERSION_4             4   /*!< TLS v1.3 (experimental) */
+#define MBEDTLS_SSL_MAJOR_VERSION_3 3
+#define MBEDTLS_SSL_MINOR_VERSION_3 3 /*!< TLS v1.2 */
+#define MBEDTLS_SSL_MINOR_VERSION_4 4 /*!< TLS v1.3 (experimental) */
 
-#define MBEDTLS_SSL_TRANSPORT_STREAM            0   /*!< TLS      */
-#define MBEDTLS_SSL_TRANSPORT_DATAGRAM          1   /*!< DTLS     */
+#define MBEDTLS_SSL_TRANSPORT_STREAM   0 /*!< TLS      */
+#define MBEDTLS_SSL_TRANSPORT_DATAGRAM 1 /*!< DTLS     */
 
-#define MBEDTLS_SSL_MAX_HOST_NAME_LEN           255 /*!< Maximum host name defined in RFC 1035 */
-#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN           255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 */
+#define MBEDTLS_SSL_MAX_HOST_NAME_LEN \
+    255 /*!< Maximum host name defined in RFC 1035 */
+#define MBEDTLS_SSL_MAX_ALPN_NAME_LEN                                        \
+    255 /*!< Maximum size in bytes of a protocol name in alpn ext., RFC 7301 \
+         */
 
-#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN           65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301          */
+#define MBEDTLS_SSL_MAX_ALPN_LIST_LEN \
+    65535 /*!< Maximum size in bytes of list in alpn ext., RFC 7301 */
 
 /* RFC 6066 section 4, see also mfl_code_to_length in ssl_tls.c
  * NONE must be zero so that memset()ing structure to zero works */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE           0   /*!< don't use this extension   */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_512            1   /*!< MaxFragmentLength 2^9      */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_1024           2   /*!< MaxFragmentLength 2^10     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_2048           3   /*!< MaxFragmentLength 2^11     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_4096           4   /*!< MaxFragmentLength 2^12     */
-#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID        5   /*!< first invalid value        */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_NONE    0 /*!< don't use this extension   */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_512     1 /*!< MaxFragmentLength 2^9      */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_1024    2 /*!< MaxFragmentLength 2^10     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_2048    3 /*!< MaxFragmentLength 2^11     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_4096    4 /*!< MaxFragmentLength 2^12     */
+#define MBEDTLS_SSL_MAX_FRAG_LEN_INVALID 5 /*!< first invalid value        */
 
-#define MBEDTLS_SSL_IS_CLIENT                   0
-#define MBEDTLS_SSL_IS_SERVER                   1
+#define MBEDTLS_SSL_IS_CLIENT 0
+#define MBEDTLS_SSL_IS_SERVER 1
 
-#define MBEDTLS_SSL_EXTENDED_MS_DISABLED        0
-#define MBEDTLS_SSL_EXTENDED_MS_ENABLED         1
+#define MBEDTLS_SSL_EXTENDED_MS_DISABLED 0
+#define MBEDTLS_SSL_EXTENDED_MS_ENABLED  1
 
-#define MBEDTLS_SSL_CID_DISABLED                0
-#define MBEDTLS_SSL_CID_ENABLED                 1
+#define MBEDTLS_SSL_CID_DISABLED 0
+#define MBEDTLS_SSL_CID_ENABLED  1
 
-#define MBEDTLS_SSL_ETM_DISABLED                0
-#define MBEDTLS_SSL_ETM_ENABLED                 1
+#define MBEDTLS_SSL_ETM_DISABLED 0
+#define MBEDTLS_SSL_ETM_ENABLED  1
 
-#define MBEDTLS_SSL_COMPRESS_NULL               0
+#define MBEDTLS_SSL_COMPRESS_NULL 0
 
-#define MBEDTLS_SSL_VERIFY_NONE                 0
-#define MBEDTLS_SSL_VERIFY_OPTIONAL             1
-#define MBEDTLS_SSL_VERIFY_REQUIRED             2
-#define MBEDTLS_SSL_VERIFY_UNSET                3 /* Used only for sni_authmode */
+#define MBEDTLS_SSL_VERIFY_NONE     0
+#define MBEDTLS_SSL_VERIFY_OPTIONAL 1
+#define MBEDTLS_SSL_VERIFY_REQUIRED 2
+#define MBEDTLS_SSL_VERIFY_UNSET    3 /* Used only for sni_authmode */
 
-#define MBEDTLS_SSL_LEGACY_RENEGOTIATION        0
-#define MBEDTLS_SSL_SECURE_RENEGOTIATION        1
+#define MBEDTLS_SSL_LEGACY_RENEGOTIATION 0
+#define MBEDTLS_SSL_SECURE_RENEGOTIATION 1
 
-#define MBEDTLS_SSL_RENEGOTIATION_DISABLED      0
-#define MBEDTLS_SSL_RENEGOTIATION_ENABLED       1
+#define MBEDTLS_SSL_RENEGOTIATION_DISABLED 0
+#define MBEDTLS_SSL_RENEGOTIATION_ENABLED  1
 
-#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED        0
-#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED         1
+#define MBEDTLS_SSL_ANTI_REPLAY_DISABLED 0
+#define MBEDTLS_SSL_ANTI_REPLAY_ENABLED  1
 
-#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED  -1
-#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT  16
+#define MBEDTLS_SSL_RENEGOTIATION_NOT_ENFORCED -1
+#define MBEDTLS_SSL_RENEGO_MAX_RECORDS_DEFAULT 16
 
-#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION     0
-#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION  1
-#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE      2
+#define MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION    0
+#define MBEDTLS_SSL_LEGACY_ALLOW_RENEGOTIATION 1
+#define MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE     2
 
-#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED         0
-#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED          1
-#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN          10  /* 80 bits, rfc 6066 section 7 */
+#define MBEDTLS_SSL_TRUNC_HMAC_DISABLED 0
+#define MBEDTLS_SSL_TRUNC_HMAC_ENABLED  1
+#define MBEDTLS_SSL_TRUNCATED_HMAC_LEN  10 /* 80 bits, rfc 6066 section 7 */
 
-#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED     0
-#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED      1
+#define MBEDTLS_SSL_SESSION_TICKETS_DISABLED 0
+#define MBEDTLS_SSL_SESSION_TICKETS_ENABLED  1
 
-#define MBEDTLS_SSL_PRESET_DEFAULT              0
-#define MBEDTLS_SSL_PRESET_SUITEB               2
+#define MBEDTLS_SSL_PRESET_DEFAULT 0
+#define MBEDTLS_SSL_PRESET_SUITEB  2
 
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED       1
-#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED      0
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED  1
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
 
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED    0
-#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED      1
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED 0
+#define MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED   1
 
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT  1
-#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER  0
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
+#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
 
 /*
  * Default range for DTLS retransmission timer value, in milliseconds.
  * RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
  */
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN    1000
-#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX   60000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN 1000
+#define MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX 60000
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
@@ -279,11 +288,11 @@
  * peers are using it too!
  */
 #if !defined(MBEDTLS_SSL_IN_CONTENT_LEN)
-#define MBEDTLS_SSL_IN_CONTENT_LEN 16384
+#    define MBEDTLS_SSL_IN_CONTENT_LEN 16384
 #endif
 
 #if !defined(MBEDTLS_SSL_OUT_CONTENT_LEN)
-#define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
+#    define MBEDTLS_SSL_OUT_CONTENT_LEN 16384
 #endif
 
 /*
@@ -291,22 +300,22 @@
  * DTLS handshake message reassembly and future message buffering.
  */
 #if !defined(MBEDTLS_SSL_DTLS_MAX_BUFFERING)
-#define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
+#    define MBEDTLS_SSL_DTLS_MAX_BUFFERING 32768
 #endif
 
 /*
  * Maximum length of CIDs for incoming and outgoing messages.
  */
 #if !defined(MBEDTLS_SSL_CID_IN_LEN_MAX)
-#define MBEDTLS_SSL_CID_IN_LEN_MAX          32
+#    define MBEDTLS_SSL_CID_IN_LEN_MAX 32
 #endif
 
 #if !defined(MBEDTLS_SSL_CID_OUT_LEN_MAX)
-#define MBEDTLS_SSL_CID_OUT_LEN_MAX         32
+#    define MBEDTLS_SSL_CID_OUT_LEN_MAX 32
 #endif
 
 #if !defined(MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY)
-#define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
+#    define MBEDTLS_SSL_CID_TLS1_3_PADDING_GRANULARITY 16
 #endif
 
 /* \} name SECTION: Module settings */
@@ -320,161 +329,160 @@
  * Signaling ciphersuite values (SCSV)
  */
 /** renegotiation info ext */
-#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO    0xFF
+#define MBEDTLS_SSL_EMPTY_RENEGOTIATION_INFO 0xFF
 
 /*
  * Supported Signature and Hash algorithms (For TLS 1.2)
  * RFC 5246 section 7.4.1.4.1
  */
-#define MBEDTLS_SSL_HASH_NONE                0
-#define MBEDTLS_SSL_HASH_MD5                 1
-#define MBEDTLS_SSL_HASH_SHA1                2
-#define MBEDTLS_SSL_HASH_SHA224              3
-#define MBEDTLS_SSL_HASH_SHA256              4
-#define MBEDTLS_SSL_HASH_SHA384              5
-#define MBEDTLS_SSL_HASH_SHA512              6
+#define MBEDTLS_SSL_HASH_NONE   0
+#define MBEDTLS_SSL_HASH_MD5    1
+#define MBEDTLS_SSL_HASH_SHA1   2
+#define MBEDTLS_SSL_HASH_SHA224 3
+#define MBEDTLS_SSL_HASH_SHA256 4
+#define MBEDTLS_SSL_HASH_SHA384 5
+#define MBEDTLS_SSL_HASH_SHA512 6
 
-#define MBEDTLS_SSL_SIG_ANON                 0
-#define MBEDTLS_SSL_SIG_RSA                  1
-#define MBEDTLS_SSL_SIG_ECDSA                3
+#define MBEDTLS_SSL_SIG_ANON  0
+#define MBEDTLS_SSL_SIG_RSA   1
+#define MBEDTLS_SSL_SIG_ECDSA 3
 
 /*
  * Client Certificate Types
  * RFC 5246 section 7.4.4 plus RFC 4492 section 5.5
  */
-#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN       1
-#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN    64
+#define MBEDTLS_SSL_CERT_TYPE_RSA_SIGN   1
+#define MBEDTLS_SSL_CERT_TYPE_ECDSA_SIGN 64
 
 /*
  * Message, alert and handshake types
  */
-#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC     20
-#define MBEDTLS_SSL_MSG_ALERT                  21
-#define MBEDTLS_SSL_MSG_HANDSHAKE              22
-#define MBEDTLS_SSL_MSG_APPLICATION_DATA       23
-#define MBEDTLS_SSL_MSG_CID                    25
+#define MBEDTLS_SSL_MSG_CHANGE_CIPHER_SPEC 20
+#define MBEDTLS_SSL_MSG_ALERT              21
+#define MBEDTLS_SSL_MSG_HANDSHAKE          22
+#define MBEDTLS_SSL_MSG_APPLICATION_DATA   23
+#define MBEDTLS_SSL_MSG_CID                25
 
-#define MBEDTLS_SSL_ALERT_LEVEL_WARNING         1
-#define MBEDTLS_SSL_ALERT_LEVEL_FATAL           2
+#define MBEDTLS_SSL_ALERT_LEVEL_WARNING 1
+#define MBEDTLS_SSL_ALERT_LEVEL_FATAL   2
 
-#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY           0  /* 0x00 */
-#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE    10  /* 0x0A */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC        20  /* 0x14 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED     21  /* 0x15 */
-#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW       22  /* 0x16 */
-#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE 30  /* 0x1E */
-#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE     40  /* 0x28 */
-#define MBEDTLS_SSL_ALERT_MSG_NO_CERT               41  /* 0x29 */
-#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT              42  /* 0x2A */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT      43  /* 0x2B */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED          44  /* 0x2C */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED          45  /* 0x2D */
-#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN          46  /* 0x2E */
-#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER     47  /* 0x2F */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA            48  /* 0x30 */
-#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED         49  /* 0x31 */
-#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR          50  /* 0x32 */
-#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR         51  /* 0x33 */
-#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION    60  /* 0x3C */
-#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION      70  /* 0x46 */
-#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY 71  /* 0x47 */
-#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR        80  /* 0x50 */
-#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK 86  /* 0x56 */
-#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED         90  /* 0x5A */
-#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION     100  /* 0x64 */
-#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT      110  /* 0x6E */
-#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME    112  /* 0x70 */
-#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY 115  /* 0x73 */
+#define MBEDTLS_SSL_ALERT_MSG_CLOSE_NOTIFY            0 /* 0x00 */
+#define MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE      10 /* 0x0A */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_RECORD_MAC          20 /* 0x14 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPTION_FAILED       21 /* 0x15 */
+#define MBEDTLS_SSL_ALERT_MSG_RECORD_OVERFLOW         22 /* 0x16 */
+#define MBEDTLS_SSL_ALERT_MSG_DECOMPRESSION_FAILURE   30 /* 0x1E */
+#define MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE       40 /* 0x28 */
+#define MBEDTLS_SSL_ALERT_MSG_NO_CERT                 41 /* 0x29 */
+#define MBEDTLS_SSL_ALERT_MSG_BAD_CERT                42 /* 0x2A */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT        43 /* 0x2B */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED            44 /* 0x2C */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_EXPIRED            45 /* 0x2D */
+#define MBEDTLS_SSL_ALERT_MSG_CERT_UNKNOWN            46 /* 0x2E */
+#define MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER       47 /* 0x2F */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA              48 /* 0x30 */
+#define MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED           49 /* 0x31 */
+#define MBEDTLS_SSL_ALERT_MSG_DECODE_ERROR            50 /* 0x32 */
+#define MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR           51 /* 0x33 */
+#define MBEDTLS_SSL_ALERT_MSG_EXPORT_RESTRICTION      60 /* 0x3C */
+#define MBEDTLS_SSL_ALERT_MSG_PROTOCOL_VERSION        70 /* 0x46 */
+#define MBEDTLS_SSL_ALERT_MSG_INSUFFICIENT_SECURITY   71 /* 0x47 */
+#define MBEDTLS_SSL_ALERT_MSG_INTERNAL_ERROR          80 /* 0x50 */
+#define MBEDTLS_SSL_ALERT_MSG_INAPROPRIATE_FALLBACK   86 /* 0x56 */
+#define MBEDTLS_SSL_ALERT_MSG_USER_CANCELED           90 /* 0x5A */
+#define MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION        100 /* 0x64 */
+#define MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_EXT         110 /* 0x6E */
+#define MBEDTLS_SSL_ALERT_MSG_UNRECOGNIZED_NAME       112 /* 0x70 */
+#define MBEDTLS_SSL_ALERT_MSG_UNKNOWN_PSK_IDENTITY    115 /* 0x73 */
 #define MBEDTLS_SSL_ALERT_MSG_NO_APPLICATION_PROTOCOL 120 /* 0x78 */
 
-#define MBEDTLS_SSL_HS_HELLO_REQUEST            0
-#define MBEDTLS_SSL_HS_CLIENT_HELLO             1
-#define MBEDTLS_SSL_HS_SERVER_HELLO             2
-#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST     3
-#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET       4
-#define MBEDTLS_SSL_HS_CERTIFICATE             11
-#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE     12
-#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST     13
-#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE       14
-#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY      15
-#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE     16
-#define MBEDTLS_SSL_HS_FINISHED                20
+#define MBEDTLS_SSL_HS_HELLO_REQUEST        0
+#define MBEDTLS_SSL_HS_CLIENT_HELLO         1
+#define MBEDTLS_SSL_HS_SERVER_HELLO         2
+#define MBEDTLS_SSL_HS_HELLO_VERIFY_REQUEST 3
+#define MBEDTLS_SSL_HS_NEW_SESSION_TICKET   4
+#define MBEDTLS_SSL_HS_CERTIFICATE          11
+#define MBEDTLS_SSL_HS_SERVER_KEY_EXCHANGE  12
+#define MBEDTLS_SSL_HS_CERTIFICATE_REQUEST  13
+#define MBEDTLS_SSL_HS_SERVER_HELLO_DONE    14
+#define MBEDTLS_SSL_HS_CERTIFICATE_VERIFY   15
+#define MBEDTLS_SSL_HS_CLIENT_KEY_EXCHANGE  16
+#define MBEDTLS_SSL_HS_FINISHED             20
 
 /*
  * TLS extensions
  */
-#define MBEDTLS_TLS_EXT_SERVERNAME                   0
-#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME          0
+#define MBEDTLS_TLS_EXT_SERVERNAME          0
+#define MBEDTLS_TLS_EXT_SERVERNAME_HOSTNAME 0
 
-#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH          1
+#define MBEDTLS_TLS_EXT_MAX_FRAGMENT_LENGTH 1
 
-#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC               4
+#define MBEDTLS_TLS_EXT_TRUNCATED_HMAC 4
 
-#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES   10
-#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS     11
+#define MBEDTLS_TLS_EXT_SUPPORTED_ELLIPTIC_CURVES 10
+#define MBEDTLS_TLS_EXT_SUPPORTED_POINT_FORMATS   11
 
-#define MBEDTLS_TLS_EXT_SIG_ALG                     13
+#define MBEDTLS_TLS_EXT_SIG_ALG 13
 
-#define MBEDTLS_TLS_EXT_USE_SRTP                    14
+#define MBEDTLS_TLS_EXT_USE_SRTP 14
 
-#define MBEDTLS_TLS_EXT_ALPN                        16
+#define MBEDTLS_TLS_EXT_ALPN 16
 
-#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC            22 /* 0x16 */
-#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET  0x0017 /* 23 */
+#define MBEDTLS_TLS_EXT_ENCRYPT_THEN_MAC       22 /* 0x16 */
+#define MBEDTLS_TLS_EXT_EXTENDED_MASTER_SECRET 0x0017 /* 23 */
 
-#define MBEDTLS_TLS_EXT_SESSION_TICKET              35
+#define MBEDTLS_TLS_EXT_SESSION_TICKET 35
 
 /* The value of the CID extension is still TBD as of
  * draft-ietf-tls-dtls-connection-id-05
  * (https://tools.ietf.org/html/draft-ietf-tls-dtls-connection-id-05) */
-#define MBEDTLS_TLS_EXT_CID                        254 /* TBD */
+#define MBEDTLS_TLS_EXT_CID 254 /* TBD */
 
-#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP               256 /* experimental */
+#define MBEDTLS_TLS_EXT_ECJPAKE_KKPP 256 /* experimental */
 
-#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO      0xFF01
+#define MBEDTLS_TLS_EXT_RENEGOTIATION_INFO 0xFF01
 
 /*
  * Size defines
  */
 #if !defined(MBEDTLS_PSK_MAX_LEN)
-#define MBEDTLS_PSK_MAX_LEN            32 /* 256 bits */
+#    define MBEDTLS_PSK_MAX_LEN 32 /* 256 bits */
 #endif
 
 /* Dummy type used only for its size */
-union mbedtls_ssl_premaster_secret
-{
+union mbedtls_ssl_premaster_secret {
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
+    unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)
-    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
+    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE]; /* RFC 5246 8.1.2 */
 #endif
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)    || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)  || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)     || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||    \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
+    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES]; /* RFC 4492 5.10 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)
-    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
+    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 2 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
-                                 + MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 3 */
+    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE +
+                               MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 3 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
-    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
+    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN]; /* RFC 4279 4 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
-                                   + MBEDTLS_PSK_MAX_LEN];     /* RFC 5489 2 */
+    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES +
+                                 MBEDTLS_PSK_MAX_LEN]; /* RFC 5489 2 */
 #endif
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-    unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
+    unsigned char _pms_ecjpake[32]; /* Thread spec: SHA-256 output */
 #endif
 };
 
-#define MBEDTLS_PREMASTER_SIZE     sizeof( union mbedtls_ssl_premaster_secret )
+#define MBEDTLS_PREMASTER_SIZE sizeof(union mbedtls_ssl_premaster_secret)
 
 #ifdef __cplusplus
 extern "C" {
@@ -504,8 +512,7 @@
     MBEDTLS_SSL_HANDSHAKE_OVER,
     MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
     MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
-}
-mbedtls_ssl_states;
+} mbedtls_ssl_states;
 
 /**
  * \brief          Callback type: send data on the network.
@@ -524,9 +531,7 @@
  * \note           The callback is allowed to send fewer bytes than requested.
  *                 It must always return the number of bytes actually sent.
  */
-typedef int mbedtls_ssl_send_t( void *ctx,
-                                const unsigned char *buf,
-                                size_t len );
+typedef int mbedtls_ssl_send_t(void *ctx, const unsigned char *buf, size_t len);
 
 /**
  * \brief          Callback type: receive data from the network.
@@ -547,9 +552,7 @@
  *                 buffer. It must always return the number of bytes actually
  *                 received and written to the buffer.
  */
-typedef int mbedtls_ssl_recv_t( void *ctx,
-                                unsigned char *buf,
-                                size_t len );
+typedef int mbedtls_ssl_recv_t(void *ctx, unsigned char *buf, size_t len);
 
 /**
  * \brief          Callback type: receive data from the network, with timeout
@@ -573,10 +576,10 @@
  *                 buffer. It must always return the number of bytes actually
  *                 received and written to the buffer.
  */
-typedef int mbedtls_ssl_recv_timeout_t( void *ctx,
-                                        unsigned char *buf,
-                                        size_t len,
-                                        uint32_t timeout );
+typedef int mbedtls_ssl_recv_timeout_t(void *ctx,
+                                       unsigned char *buf,
+                                       size_t len,
+                                       uint32_t timeout);
 /**
  * \brief          Callback type: set a pair of timers/delays to watch
  *
@@ -599,9 +602,8 @@
  *                 function while a timer is running must cancel it. Cancelled
  *                 timers must not generate any event.
  */
-typedef void mbedtls_ssl_set_timer_t( void * ctx,
-                                      uint32_t int_ms,
-                                      uint32_t fin_ms );
+typedef void
+mbedtls_ssl_set_timer_t(void *ctx, uint32_t int_ms, uint32_t fin_ms);
 
 /**
  * \brief          Callback type: get status of timers/delays
@@ -614,12 +616,12 @@
  *                  1 if only the intermediate delay has passed,
  *                  2 if the final delay has passed.
  */
-typedef int mbedtls_ssl_get_timer_t( void * ctx );
+typedef int mbedtls_ssl_get_timer_t(void *ctx);
 
 /* Defined below */
 typedef struct mbedtls_ssl_session mbedtls_ssl_session;
 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
-typedef struct mbedtls_ssl_config  mbedtls_ssl_config;
+typedef struct mbedtls_ssl_config mbedtls_ssl_config;
 
 /* Defined in library/ssl_misc.h */
 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
@@ -655,10 +657,10 @@
  * \return                A non-zero return value on failure.
  *
  */
-typedef int mbedtls_ssl_cache_get_t( void *data,
-                                     unsigned char const *session_id,
-                                     size_t session_id_len,
-                                     mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_get_t(void *data,
+                                    unsigned char const *session_id,
+                                    size_t session_id_len,
+                                    mbedtls_ssl_session *session);
 /**
  * \brief          Callback type: server-side session cache setter
  *
@@ -677,13 +679,13 @@
  * \return                \c 0 on success
  * \return                A non-zero return value on failure.
  */
-typedef int mbedtls_ssl_cache_set_t( void *data,
-                                     unsigned char const *session_id,
-                                     size_t session_id_len,
-                                     const mbedtls_ssl_session *session );
+typedef int mbedtls_ssl_cache_set_t(void *data,
+                                    unsigned char const *session_id,
+                                    size_t session_id_len,
+                                    const mbedtls_ssl_session *session);
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
+#    if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
  * \brief           Callback type: start external signature operation.
  *
@@ -755,11 +757,11 @@
  *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
  *                  directed in the documentation of this callback.
  */
-typedef int mbedtls_ssl_async_sign_t( mbedtls_ssl_context *ssl,
-                                      mbedtls_x509_crt *cert,
-                                      mbedtls_md_type_t md_alg,
-                                      const unsigned char *hash,
-                                      size_t hash_len );
+typedef int mbedtls_ssl_async_sign_t(mbedtls_ssl_context *ssl,
+                                     mbedtls_x509_crt *cert,
+                                     mbedtls_md_type_t md_alg,
+                                     const unsigned char *hash,
+                                     size_t hash_len);
 
 /**
  * \brief           Callback type: start external decryption operation.
@@ -821,11 +823,11 @@
  *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
  *                  directed in the documentation of this callback.
  */
-typedef int mbedtls_ssl_async_decrypt_t( mbedtls_ssl_context *ssl,
-                                         mbedtls_x509_crt *cert,
-                                         const unsigned char *input,
-                                         size_t input_len );
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
+typedef int mbedtls_ssl_async_decrypt_t(mbedtls_ssl_context *ssl,
+                                        mbedtls_x509_crt *cert,
+                                        const unsigned char *input,
+                                        size_t input_len);
+#    endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /**
  * \brief           Callback type: resume external operation.
@@ -869,10 +871,10 @@
  *                  use \c MBEDTLS_ERR_SSL_xxx error codes except as
  *                  directed in the documentation of this callback.
  */
-typedef int mbedtls_ssl_async_resume_t( mbedtls_ssl_context *ssl,
-                                        unsigned char *output,
-                                        size_t *output_len,
-                                        size_t output_size );
+typedef int mbedtls_ssl_async_resume_t(mbedtls_ssl_context *ssl,
+                                       unsigned char *output,
+                                       size_t *output_len,
+                                       size_t output_size);
 
 /**
  * \brief           Callback type: cancel external operation.
@@ -891,32 +893,33 @@
  * \param ssl             The SSL connection instance. It should not be
  *                        modified.
  */
-typedef void mbedtls_ssl_async_cancel_t( mbedtls_ssl_context *ssl );
+typedef void mbedtls_ssl_async_cancel_t(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) &&        \
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
     !defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN  48
-#if defined(MBEDTLS_SHA256_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  32
-#elif defined(MBEDTLS_SHA384_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  48
-#elif defined(MBEDTLS_SHA1_C)
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
-#define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  20
-#else
+#    define MBEDTLS_SSL_PEER_CERT_DIGEST_MAX_LEN 48
+#    if defined(MBEDTLS_SHA256_C)
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA256
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  32
+#    elif defined(MBEDTLS_SHA384_C)
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA384
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  48
+#    elif defined(MBEDTLS_SHA1_C)
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE MBEDTLS_MD_SHA1
+#        define MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN  20
+#    else
 /* This is already checked in check_config.h, but be sure. */
-#error "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
-#endif
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED &&
+#        error \
+            "Bad configuration - need SHA-1, SHA-256 or SHA-512 enabled to compute digest of peer CRT."
+#    endif
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && \
           !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
 
-#define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH             255
-#define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH    4
+#    define MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH          255
+#    define MBEDTLS_TLS_SRTP_MAX_PROFILE_LIST_LENGTH 4
 /*
  * For code readability use a typedef for DTLS-SRTP profiles
  *
@@ -926,25 +929,23 @@
  * Reminder: if this list is expanded mbedtls_ssl_check_srtp_profile_value
  * must be updated too.
  */
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80     ( (uint16_t) 0x0001)
-#define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32     ( (uint16_t) 0x0002)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80          ( (uint16_t) 0x0005)
-#define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32          ( (uint16_t) 0x0006)
+#    define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80 ((uint16_t)0x0001)
+#    define MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32 ((uint16_t)0x0002)
+#    define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80      ((uint16_t)0x0005)
+#    define MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32      ((uint16_t)0x0006)
 /* This one is not iana defined, but for code readability. */
-#define MBEDTLS_TLS_SRTP_UNSET                      ( (uint16_t) 0x0000)
+#    define MBEDTLS_TLS_SRTP_UNSET ((uint16_t)0x0000)
 
 typedef uint16_t mbedtls_ssl_srtp_profile;
 
-typedef struct mbedtls_dtls_srtp_info_t
-{
+typedef struct mbedtls_dtls_srtp_info_t {
     /*! The SRTP profile that was negotiated. */
     mbedtls_ssl_srtp_profile MBEDTLS_PRIVATE(chosen_dtls_srtp_profile);
     /*! The length of mki_value. */
     uint16_t MBEDTLS_PRIVATE(mki_len);
     /*! The mki_value used, with max size of 256 bytes. */
     unsigned char MBEDTLS_PRIVATE(mki_value)[MBEDTLS_TLS_SRTP_MAX_MKI_LENGTH];
-}
-mbedtls_dtls_srtp_info;
+} mbedtls_dtls_srtp_info;
 
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
@@ -959,49 +960,50 @@
  *      mbedtls_ssl_session_save() and ssl_session_load()
  *      ssl_session_copy()
  */
-struct mbedtls_ssl_session
-{
+struct mbedtls_ssl_session {
 #if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t MBEDTLS_PRIVATE(start);       /*!< starting time      */
+    mbedtls_time_t MBEDTLS_PRIVATE(start); /*!< starting time      */
 #endif
-    int MBEDTLS_PRIVATE(ciphersuite);            /*!< chosen ciphersuite */
-    int MBEDTLS_PRIVATE(compression);            /*!< chosen compression */
-    size_t MBEDTLS_PRIVATE(id_len);              /*!< session id length  */
-    unsigned char MBEDTLS_PRIVATE(id)[32];       /*!< session identifier */
-    unsigned char MBEDTLS_PRIVATE(master)[48];   /*!< the master secret  */
+    int MBEDTLS_PRIVATE(ciphersuite); /*!< chosen ciphersuite */
+    int MBEDTLS_PRIVATE(compression); /*!< chosen compression */
+    size_t MBEDTLS_PRIVATE(id_len); /*!< session id length  */
+    unsigned char MBEDTLS_PRIVATE(id)[32]; /*!< session identifier */
+    unsigned char MBEDTLS_PRIVATE(master)[48]; /*!< the master secret  */
 
     unsigned char MBEDTLS_PRIVATE(exported);
 
     /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
      * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
      * to be studied whether one of them can be removed. */
-    unsigned char MBEDTLS_PRIVATE(minor_ver);    /*!< The TLS version used in the session. */
+    unsigned char MBEDTLS_PRIVATE(minor_ver); /*!< The TLS version used in the
+                                                 session. */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
-    mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert);       /*!< peer X.509 cert chain */
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#    if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+    mbedtls_x509_crt *MBEDTLS_PRIVATE(peer_cert); /*!< peer X.509 cert chain */
+#    else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
     /*! The digest of the peer's end-CRT. This must be kept to detect CRT
      *  changes during renegotiation, mitigating the triple handshake attack. */
     unsigned char *MBEDTLS_PRIVATE(peer_cert_digest);
     size_t MBEDTLS_PRIVATE(peer_cert_digest_len);
     mbedtls_md_type_t MBEDTLS_PRIVATE(peer_cert_digest_type);
-#endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+#    endif /* !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
-    uint32_t MBEDTLS_PRIVATE(verify_result);          /*!<  verification result     */
+    uint32_t MBEDTLS_PRIVATE(verify_result); /*!<  verification result     */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned char *MBEDTLS_PRIVATE(ticket);      /*!< RFC 5077 session ticket */
-    size_t MBEDTLS_PRIVATE(ticket_len);          /*!< session ticket length   */
-    uint32_t MBEDTLS_PRIVATE(ticket_lifetime);   /*!< ticket lifetime hint    */
+    unsigned char *MBEDTLS_PRIVATE(ticket); /*!< RFC 5077 session ticket */
+    size_t MBEDTLS_PRIVATE(ticket_len); /*!< session ticket length   */
+    uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint    */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    unsigned char MBEDTLS_PRIVATE(mfl_code);     /*!< MaxFragmentLength negotiated by peer */
+    unsigned char MBEDTLS_PRIVATE(mfl_code); /*!< MaxFragmentLength negotiated
+                                                by peer */
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    int MBEDTLS_PRIVATE(encrypt_then_mac);       /*!< flag for EtM activation                */
+    int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
 #endif
 };
 
@@ -1010,26 +1012,25 @@
  */
 typedef enum
 {
-   MBEDTLS_SSL_TLS_PRF_NONE,
-   MBEDTLS_SSL_TLS_PRF_SHA384,
-   MBEDTLS_SSL_TLS_PRF_SHA256,
-   MBEDTLS_SSL_HKDF_EXPAND_SHA384,
-   MBEDTLS_SSL_HKDF_EXPAND_SHA256
-}
-mbedtls_tls_prf_types;
+    MBEDTLS_SSL_TLS_PRF_NONE,
+    MBEDTLS_SSL_TLS_PRF_SHA384,
+    MBEDTLS_SSL_TLS_PRF_SHA256,
+    MBEDTLS_SSL_HKDF_EXPAND_SHA384,
+    MBEDTLS_SSL_HKDF_EXPAND_SHA256
+} mbedtls_tls_prf_types;
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
 typedef enum
 {
     MBEDTLS_SSL_KEY_EXPORT_TLS12_MASTER_SECRET = 0,
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+#    if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
     MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_EARLY_SECRET,
     MBEDTLS_SSL_KEY_EXPORT_TLS13_EARLY_EXPORTER_SECRET,
     MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_HANDSHAKE_TRAFFIC_SECRET,
     MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_HANDSHAKE_TRAFFIC_SECRET,
     MBEDTLS_SSL_KEY_EXPORT_TLS13_CLIENT_APPLICATION_TRAFFIC_SECRET,
     MBEDTLS_SSL_KEY_EXPORT_TLS13_SERVER_APPLICATION_TRAFFIC_SECRET,
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+#    endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
 } mbedtls_ssl_key_export_type;
 
 /**
@@ -1047,20 +1048,19 @@
  * \param tls_prf_type The identifier for the PRF used in the handshake
  *                     to which the key belongs.
  */
-typedef void mbedtls_ssl_export_keys_t( void *p_expkey,
-                                        mbedtls_ssl_key_export_type type,
-                                        const unsigned char *secret,
-                                        size_t secret_len,
-                                        const unsigned char client_random[32],
-                                        const unsigned char server_random[32],
-                                        mbedtls_tls_prf_types tls_prf_type );
+typedef void mbedtls_ssl_export_keys_t(void *p_expkey,
+                                       mbedtls_ssl_key_export_type type,
+                                       const unsigned char *secret,
+                                       size_t secret_len,
+                                       const unsigned char client_random[32],
+                                       const unsigned char server_random[32],
+                                       mbedtls_tls_prf_types tls_prf_type);
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 /**
  * SSL/TLS configuration to be shared between mbedtls_ssl_context structures.
  */
-struct mbedtls_ssl_config
-{
+struct mbedtls_ssl_config {
     /* Group items by size (largest first) to minimize padding overhead */
 
     /*
@@ -1072,129 +1072,174 @@
 
     /** Callback for printing debug output                                  */
     void (*MBEDTLS_PRIVATE(f_dbg))(void *, int, const char *, int, const char *);
-    void *MBEDTLS_PRIVATE(p_dbg);                    /*!< context for the debug function     */
+    void *MBEDTLS_PRIVATE(p_dbg); /*!< context for the debug function     */
 
     /** Callback for getting (pseudo-)random numbers                        */
-    int  (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_rng);                    /*!< context for the RNG function       */
+    int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+    void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function       */
 
     /** Callback to retrieve a session from the cache                       */
     mbedtls_ssl_cache_get_t *MBEDTLS_PRIVATE(f_get_cache);
     /** Callback to store a session into the cache                          */
     mbedtls_ssl_cache_set_t *MBEDTLS_PRIVATE(f_set_cache);
-    void *MBEDTLS_PRIVATE(p_cache);                  /*!< context for cache callbacks        */
+    void *MBEDTLS_PRIVATE(p_cache); /*!< context for cache callbacks        */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
     /** Callback for setting cert according to SNI extension                */
-    int (*MBEDTLS_PRIVATE(f_sni))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_sni);                    /*!< context for SNI callback           */
+    int (*MBEDTLS_PRIVATE(f_sni))(void *,
+                                  mbedtls_ssl_context *,
+                                  const unsigned char *,
+                                  size_t);
+    void *MBEDTLS_PRIVATE(p_sni); /*!< context for SNI callback           */
 #endif
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     /** Callback to customize X.509 certificate chain verification          */
     int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *MBEDTLS_PRIVATE(p_vrfy);                   /*!< context for X.509 verify calllback */
+    void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify calllback */
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
     /** Callback to retrieve PSK key from identity                          */
-    int (*MBEDTLS_PRIVATE(f_psk))(void *, mbedtls_ssl_context *, const unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_psk);                    /*!< context for PSK callback           */
+    int (*MBEDTLS_PRIVATE(f_psk))(void *,
+                                  mbedtls_ssl_context *,
+                                  const unsigned char *,
+                                  size_t);
+    void *MBEDTLS_PRIVATE(p_psk); /*!< context for PSK callback           */
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a cookie for ClientHello veirifcation    */
-    int (*MBEDTLS_PRIVATE(f_cookie_write))( void *, unsigned char **, unsigned char *,
-                           const unsigned char *, size_t );
+    int (*MBEDTLS_PRIVATE(f_cookie_write))(void *,
+                                           unsigned char **,
+                                           unsigned char *,
+                                           const unsigned char *,
+                                           size_t);
     /** Callback to verify validity of a ClientHello cookie                 */
-    int (*MBEDTLS_PRIVATE(f_cookie_check))( void *, const unsigned char *, size_t,
-                           const unsigned char *, size_t );
-    void *MBEDTLS_PRIVATE(p_cookie);                 /*!< context for the cookie callbacks   */
+    int (*MBEDTLS_PRIVATE(f_cookie_check))(void *,
+                                           const unsigned char *,
+                                           size_t,
+                                           const unsigned char *,
+                                           size_t);
+    void *MBEDTLS_PRIVATE(p_cookie); /*!< context for the cookie callbacks   */
 #endif
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
     /** Callback to create & write a session ticket                         */
-    int (*MBEDTLS_PRIVATE(f_ticket_write))( void *, const mbedtls_ssl_session *,
-            unsigned char *, const unsigned char *, size_t *, uint32_t * );
+    int (*MBEDTLS_PRIVATE(f_ticket_write))(void *,
+                                           const mbedtls_ssl_session *,
+                                           unsigned char *,
+                                           const unsigned char *,
+                                           size_t *,
+                                           uint32_t *);
     /** Callback to parse a session ticket into a session structure         */
-    int (*MBEDTLS_PRIVATE(f_ticket_parse))( void *, mbedtls_ssl_session *, unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_ticket);                 /*!< context for the ticket callbacks   */
+    int (*MBEDTLS_PRIVATE(f_ticket_parse))(void *,
+                                           mbedtls_ssl_session *,
+                                           unsigned char *,
+                                           size_t);
+    void *MBEDTLS_PRIVATE(p_ticket); /*!< context for the ticket callbacks   */
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS records.      */
+    size_t MBEDTLS_PRIVATE(cid_len); /*!< The length of CIDs for incoming DTLS
+                                        records.      */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!< verification profile */
-    mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key pair(s)        */
-    mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain);     /*!< trusted CAs                        */
-    mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl);       /*!< trusted CAs CRLs                   */
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+    const mbedtls_x509_crt_profile *MBEDTLS_PRIVATE(cert_profile); /*!<
+                                                                      verification
+                                                                      profile */
+    mbedtls_ssl_key_cert *MBEDTLS_PRIVATE(key_cert); /*!< own certificate/key
+                                                        pair(s)        */
+    mbedtls_x509_crt *MBEDTLS_PRIVATE(ca_chain); /*!< trusted CAs */
+    mbedtls_x509_crl *MBEDTLS_PRIVATE(ca_crl); /*!< trusted CAs CRLs */
+#    if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
     mbedtls_x509_crt_ca_cb_t MBEDTLS_PRIVATE(f_ca_cb);
     void *MBEDTLS_PRIVATE(p_ca_cb);
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+#    endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
-#if defined(MBEDTLS_X509_CRT_PARSE_C)
-    mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start asynchronous signature operation */
-    mbedtls_ssl_async_decrypt_t *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!< start asynchronous decryption operation */
-#endif /* MBEDTLS_X509_CRT_PARSE_C */
-    mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume asynchronous operation */
-    mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel asynchronous operation */
-    void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by mbedtls_ssl_conf_async_private_cb(). */
+#    if defined(MBEDTLS_X509_CRT_PARSE_C)
+    mbedtls_ssl_async_sign_t *MBEDTLS_PRIVATE(f_async_sign_start); /*!< start
+                                                                      asynchronous
+                                                                      signature
+                                                                      operation
+                                                                    */
+    mbedtls_ssl_async_decrypt_t
+        *MBEDTLS_PRIVATE(f_async_decrypt_start); /*!<
+                                                    start
+                                                    asynchronous
+                                                    decryption
+                                                    operation
+                                                  */
+#    endif /* MBEDTLS_X509_CRT_PARSE_C */
+    mbedtls_ssl_async_resume_t *MBEDTLS_PRIVATE(f_async_resume); /*!< resume
+                                                                    asynchronous
+                                                                    operation */
+    mbedtls_ssl_async_cancel_t *MBEDTLS_PRIVATE(f_async_cancel); /*!< cancel
+                                                                    asynchronous
+                                                                    operation */
+    void *MBEDTLS_PRIVATE(p_async_config_data); /*!< Configuration data set by
+                                                   mbedtls_ssl_conf_async_private_cb().
+                                                 */
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
-    const int *MBEDTLS_PRIVATE(sig_hashes);          /*!< allowed signature hashes           */
+    const int *MBEDTLS_PRIVATE(sig_hashes); /*!< allowed signature hashes */
 #endif
 
 #if defined(MBEDTLS_ECP_C)
-    const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves             */
+    const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves
+                                                              */
 #endif
 
 #if defined(MBEDTLS_DHM_C)
-    mbedtls_mpi MBEDTLS_PRIVATE(dhm_P);              /*!< prime modulus for DHM              */
-    mbedtls_mpi MBEDTLS_PRIVATE(dhm_G);              /*!< generator for DHM                  */
+    mbedtls_mpi MBEDTLS_PRIVATE(dhm_P); /*!< prime modulus for DHM */
+    mbedtls_mpi MBEDTLS_PRIVATE(dhm_G); /*!< generator for DHM */
 #endif
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-    psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque PSK. This field
-                              *   should only be set via
-                              *   mbedtls_ssl_conf_psk_opaque().
-                              *   If either no PSK or a raw PSK have been
-                              *   configured, this has value \c 0.
-                              */
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+#    if defined(MBEDTLS_USE_PSA_CRYPTO)
+    psa_key_id_t MBEDTLS_PRIVATE(psk_opaque); /*!< PSA key slot holding opaque
+                                               * PSK. This field should only be
+                                               * set via
+                                               *   mbedtls_ssl_conf_psk_opaque().
+                                               *   If either no PSK or a raw PSK
+                                               * have been configured, this has
+                                               * value \c 0.
+                                               */
+#    endif /* MBEDTLS_USE_PSA_CRYPTO */
 
-    unsigned char *MBEDTLS_PRIVATE(psk);      /*!< The raw pre-shared key. This field should
-                              *   only be set via mbedtls_ssl_conf_psk().
-                              *   If either no PSK or an opaque PSK
-                              *   have been configured, this has value NULL. */
-    size_t         MBEDTLS_PRIVATE(psk_len);  /*!< The length of the raw pre-shared key.
-                              *   This field should only be set via
-                              *   mbedtls_ssl_conf_psk().
-                              *   Its value is non-zero if and only if
-                              *   \c psk is not \c NULL. */
+    unsigned char *MBEDTLS_PRIVATE(psk); /*!< The raw pre-shared key. This field
+                                          * should only be set via
+                                          * mbedtls_ssl_conf_psk(). If either no
+                                          * PSK or an opaque PSK have been
+                                          * configured, this has value NULL. */
+    size_t MBEDTLS_PRIVATE(psk_len); /*!< The length of the raw pre-shared key.
+                                      *   This field should only be set via
+                                      *   mbedtls_ssl_conf_psk().
+                                      *   Its value is non-zero if and only if
+                                      *   \c psk is not \c NULL. */
 
-    unsigned char *MBEDTLS_PRIVATE(psk_identity);    /*!< The PSK identity for PSK negotiation.
-                                     *   This field should only be set via
-                                     *   mbedtls_ssl_conf_psk().
-                                     *   This is set if and only if either
-                                     *   \c psk or \c psk_opaque are set. */
-    size_t         MBEDTLS_PRIVATE(psk_identity_len);/*!< The length of PSK identity.
-                                     *   This field should only be set via
-                                     *   mbedtls_ssl_conf_psk().
-                                     *   Its value is non-zero if and only if
-                                     *   \c psk is not \c NULL or \c psk_opaque
-                                     *   is not \c 0. */
+    unsigned char *MBEDTLS_PRIVATE(psk_identity); /*!< The PSK identity for PSK
+                                                   * negotiation. This field
+                                                   * should only be set via
+                                                   *   mbedtls_ssl_conf_psk().
+                                                   *   This is set if and only
+                                                   * if either \c psk or \c
+                                                   * psk_opaque are set. */
+    size_t MBEDTLS_PRIVATE(psk_identity_len); /*!< The length of PSK identity.
+                                               *   This field should only be set
+                                               * via mbedtls_ssl_conf_psk(). Its
+                                               * value is non-zero if and only
+                                               * if \c psk is not \c NULL or \c
+                                               * psk_opaque is not \c 0. */
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_SSL_ALPN)
-    const char **MBEDTLS_PRIVATE(alpn_list);         /*!< ordered list of protocols          */
+    const char **MBEDTLS_PRIVATE(alpn_list); /*!< ordered list of protocols */
 #endif
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1208,227 +1253,283 @@
      * Numerical settings (int then char)
      */
 
-    uint32_t MBEDTLS_PRIVATE(read_timeout);          /*!< timeout for mbedtls_ssl_read (ms)  */
+    uint32_t MBEDTLS_PRIVATE(read_timeout); /*!< timeout for mbedtls_ssl_read
+                                               (ms)  */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint32_t MBEDTLS_PRIVATE(hs_timeout_min);        /*!< initial value of the handshake
-                                         retransmission timeout (ms)        */
-    uint32_t MBEDTLS_PRIVATE(hs_timeout_max);        /*!< maximum value of the handshake
-                                         retransmission timeout (ms)        */
+    uint32_t MBEDTLS_PRIVATE(hs_timeout_min); /*!< initial value of the
+                                  handshake retransmission timeout (ms) */
+    uint32_t MBEDTLS_PRIVATE(hs_timeout_max); /*!< maximum value of the
+                                  handshake retransmission timeout (ms) */
 #endif
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int MBEDTLS_PRIVATE(renego_max_records);         /*!< grace period for renegotiation     */
-    unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record counters
-                                         that triggers renegotiation        */
+    int MBEDTLS_PRIVATE(renego_max_records); /*!< grace period for renegotiation
+                                              */
+    unsigned char MBEDTLS_PRIVATE(renego_period)[8]; /*!< value of the record
+                                         counters that triggers renegotiation */
 #endif
 
-    unsigned int MBEDTLS_PRIVATE(badmac_limit);      /*!< limit of records with a bad MAC    */
+    unsigned int MBEDTLS_PRIVATE(badmac_limit); /*!< limit of records with a bad
+                                                   MAC    */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
-    unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen);    /*!< min. bit length of the DHM prime   */
+    unsigned int MBEDTLS_PRIVATE(dhm_min_bitlen); /*!< min. bit length of the
+                                                     DHM prime   */
 #endif
 
-    unsigned char MBEDTLS_PRIVATE(max_major_ver);    /*!< max. major version used            */
-    unsigned char MBEDTLS_PRIVATE(max_minor_ver);    /*!< max. minor version used            */
-    unsigned char MBEDTLS_PRIVATE(min_major_ver);    /*!< min. major version used            */
-    unsigned char MBEDTLS_PRIVATE(min_minor_ver);    /*!< min. minor version used            */
+    unsigned char MBEDTLS_PRIVATE(max_major_ver); /*!< max. major version used
+                                                   */
+    unsigned char MBEDTLS_PRIVATE(max_minor_ver); /*!< max. minor version used
+                                                   */
+    unsigned char MBEDTLS_PRIVATE(min_major_ver); /*!< min. major version used
+                                                   */
+    unsigned char MBEDTLS_PRIVATE(min_minor_ver); /*!< min. minor version used
+                                                   */
 
     /*
      * Flags (bitfields)
      */
 
-    unsigned int MBEDTLS_PRIVATE(endpoint) : 1;      /*!< 0: client, 1: server               */
-    unsigned int MBEDTLS_PRIVATE(transport) : 1;     /*!< stream (TLS) or datagram (DTLS)    */
-    unsigned int MBEDTLS_PRIVATE(authmode) : 2;      /*!< MBEDTLS_SSL_VERIFY_XXX             */
+    unsigned int MBEDTLS_PRIVATE(endpoint)  : 1; /*!< 0: client, 1: server */
+    unsigned int MBEDTLS_PRIVATE(transport) : 1; /*!< stream (TLS) or datagram
+                                                    (DTLS)    */
+    unsigned int MBEDTLS_PRIVATE(authmode) : 2; /*!< MBEDTLS_SSL_VERIFY_XXX */
     /* needed even with renego disabled for LEGACY_BREAK_HANDSHAKE          */
-    unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2 ; /*!< MBEDTLS_LEGACY_XXX   */
+    unsigned int MBEDTLS_PRIVATE(allow_legacy_renegotiation) : 2; /*!<
+                                                                     MBEDTLS_LEGACY_XXX
+                                                                   */
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
-    unsigned int MBEDTLS_PRIVATE(mfl_code) : 3;      /*!< desired fragment length            */
+    unsigned int MBEDTLS_PRIVATE(mfl_code) : 3; /*!< desired fragment length */
 #endif
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
-    unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1 ; /*!< negotiate encrypt-then-mac?    */
+    unsigned int MBEDTLS_PRIVATE(encrypt_then_mac) : 1; /*!< negotiate
+                                                           encrypt-then-mac? */
 #endif
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
-    unsigned int MBEDTLS_PRIVATE(extended_ms) : 1;   /*!< negotiate extended master secret?  */
+    unsigned int MBEDTLS_PRIVATE(extended_ms) : 1; /*!< negotiate extended
+                                                      master secret?  */
 #endif
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    unsigned int MBEDTLS_PRIVATE(anti_replay) : 1;   /*!< detect and prevent replay?         */
+    unsigned int MBEDTLS_PRIVATE(anti_replay) : 1; /*!< detect and prevent
+                                                      replay?         */
 #endif
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable renegotiation?     */
+    unsigned int MBEDTLS_PRIVATE(disable_renegotiation) : 1; /*!< disable
+                                                                renegotiation?
+                                                              */
 #endif
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
-    unsigned int MBEDTLS_PRIVATE(session_tickets) : 1;   /*!< use session tickets?           */
+    unsigned int MBEDTLS_PRIVATE(session_tickets) : 1; /*!< use session tickets?
+                                                        */
 #endif
 #if defined(MBEDTLS_SSL_SRV_C)
-    unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1;  /*!< enable sending CA list in
-                                          Certificate Request messages?     */
-    unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1;  /*!< pick the ciphersuite according to
-                                          the client's preferences rather
-                                          than ours                         */
+    unsigned int MBEDTLS_PRIVATE(cert_req_ca_list) : 1; /*!< enable sending CA
+                                         list in Certificate Request messages?
+                                       */
+    unsigned int MBEDTLS_PRIVATE(respect_cli_pref) : 1; /*!< pick the
+                                         ciphersuite according to the client's
+                                         preferences rather than ours */
 #endif
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines whether DTLS
-                                             *   record with unexpected CID
-                                             *   should lead to failure.    */
+    unsigned int MBEDTLS_PRIVATE(ignore_unexpected_cid) : 1; /*!< Determines
+                                                              * whether DTLS
+                                                              *   record with
+                                                              * unexpected CID
+                                                              *   should lead to
+                                                              * failure.    */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-    unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having mki_value
-                                               in the use_srtp extension     */
+    unsigned int MBEDTLS_PRIVATE(dtls_srtp_mki_support) : 1; /* support having
+                                               mki_value in the use_srtp
+                                               extension     */
 #endif
 };
 
-struct mbedtls_ssl_context
-{
-    const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration information          */
+struct mbedtls_ssl_context {
+    const mbedtls_ssl_config *MBEDTLS_PRIVATE(conf); /*!< configuration
+                                                        information          */
 
     /*
      * Miscellaneous
      */
-    int MBEDTLS_PRIVATE(state);                  /*!< SSL handshake: current state     */
+    int MBEDTLS_PRIVATE(state); /*!< SSL handshake: current state     */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    int MBEDTLS_PRIVATE(renego_status);          /*!< Initial, in progress, pending?   */
-    int MBEDTLS_PRIVATE(renego_records_seen);    /*!< Records since renego request, or with DTLS,
-                                  number of retransmissions of request if
-                                  renego_max_records is < 0           */
+    int MBEDTLS_PRIVATE(renego_status); /*!< Initial, in progress, pending?   */
+    int MBEDTLS_PRIVATE(renego_records_seen); /*!< Records since renego request,
+                               or with DTLS, number of retransmissions of
+                               request if renego_max_records is < 0           */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
-    int MBEDTLS_PRIVATE(major_ver);              /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3    */
+    int MBEDTLS_PRIVATE(major_ver); /*!< equal to  MBEDTLS_SSL_MAJOR_VERSION_3
+                                     */
 
     /* This field is temporarily duplicated with mbedtls_ssl_context.minor_ver.
      * Once runtime negotiation of TLS 1.2 and TLS 1.3 is implemented, it needs
      * to be studied whether one of them can be removed. */
-    int MBEDTLS_PRIVATE(minor_ver);              /*!< one of MBEDTLS_SSL_MINOR_VERSION_x macros */
-    unsigned MBEDTLS_PRIVATE(badmac_seen);       /*!< records with a bad MAC received    */
+    int MBEDTLS_PRIVATE(minor_ver); /*!< one of MBEDTLS_SSL_MINOR_VERSION_x
+                                       macros */
+    unsigned MBEDTLS_PRIVATE(badmac_seen); /*!< records with a bad MAC received
+                                            */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
     /** Callback to customize X.509 certificate chain verification          */
     int (*MBEDTLS_PRIVATE(f_vrfy))(void *, mbedtls_x509_crt *, int, uint32_t *);
-    void *MBEDTLS_PRIVATE(p_vrfy);                   /*!< context for X.509 verify callback */
+    void *MBEDTLS_PRIVATE(p_vrfy); /*!< context for X.509 verify callback */
 #endif
 
-    mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send */
-    mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network receive */
+    mbedtls_ssl_send_t *MBEDTLS_PRIVATE(f_send); /*!< Callback for network send
+                                                  */
+    mbedtls_ssl_recv_t *MBEDTLS_PRIVATE(f_recv); /*!< Callback for network
+                                                    receive */
     mbedtls_ssl_recv_timeout_t *MBEDTLS_PRIVATE(f_recv_timeout);
-                                /*!< Callback for network receive with timeout */
+    /*!< Callback for network receive with timeout */
 
-    void *MBEDTLS_PRIVATE(p_bio);                /*!< context for I/O operations   */
+    void *MBEDTLS_PRIVATE(p_bio); /*!< context for I/O operations   */
 
     /*
      * Session layer
      */
-    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in);            /*!<  current session data (in)   */
-    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out);           /*!<  current session data (out)  */
-    mbedtls_ssl_session *MBEDTLS_PRIVATE(session);               /*!<  negotiated session data     */
-    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate);     /*!<  session data in negotiation */
+    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_in); /*!<  current session data
+                                                         (in)   */
+    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_out); /*!<  current session
+                                                          data (out)  */
+    mbedtls_ssl_session *MBEDTLS_PRIVATE(session); /*!<  negotiated session data
+                                                    */
+    mbedtls_ssl_session *MBEDTLS_PRIVATE(session_negotiate); /*!<  session data
+                                                                in negotiation
+                                                              */
 
-    mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake);    /*!<  params required only during
-                                              the handshake process        */
+    mbedtls_ssl_handshake_params *MBEDTLS_PRIVATE(handshake); /*!<  params
+                                           required only during the handshake
+                                           process        */
 
     /*
      * Record layer transformations
      */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in);        /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out);       /*!<  current transform params (in)   */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform);           /*!<  negotiated transform params     */
-    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!<  transform params in negotiation */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_in); /*!<  current
+                                                             transform params
+                                                             (in)   */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_out); /*!<  current
+                                                              transform params
+                                                              (in)   */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform); /*!<  negotiated
+                                                          transform params */
+    mbedtls_ssl_transform *MBEDTLS_PRIVATE(transform_negotiate); /*!<  transform
+                                                                    params in
+                                                                    negotiation
+                                                                  */
 
     /*
      * Timers
      */
-    void *MBEDTLS_PRIVATE(p_timer);              /*!< context for the timer callbacks */
+    void *MBEDTLS_PRIVATE(p_timer); /*!< context for the timer callbacks */
 
-    mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer);       /*!< set timer callback */
-    mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer);       /*!< get timer callback */
+    mbedtls_ssl_set_timer_t *MBEDTLS_PRIVATE(f_set_timer); /*!< set timer
+                                                              callback */
+    mbedtls_ssl_get_timer_t *MBEDTLS_PRIVATE(f_get_timer); /*!< get timer
+                                                              callback */
 
     /*
      * Record layer (incoming data)
      */
-    unsigned char *MBEDTLS_PRIVATE(in_buf);      /*!< input buffer                     */
-    unsigned char *MBEDTLS_PRIVATE(in_ctr);      /*!< 64-bit incoming message counter
-                                     TLS: maintained by us
-                                     DTLS: read from peer             */
-    unsigned char *MBEDTLS_PRIVATE(in_hdr);      /*!< start of record header           */
+    unsigned char *MBEDTLS_PRIVATE(in_buf); /*!< input buffer */
+    unsigned char *MBEDTLS_PRIVATE(in_ctr); /*!< 64-bit incoming message counter
+                                TLS: maintained by us
+                                DTLS: read from peer             */
+    unsigned char *MBEDTLS_PRIVATE(in_hdr); /*!< start of record header */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    unsigned char *MBEDTLS_PRIVATE(in_cid);      /*!< The start of the CID;
-                                 *   (the end is marked by in_len).   */
+    unsigned char *MBEDTLS_PRIVATE(in_cid); /*!< The start of the CID;
+                                             *   (the end is marked by in_len).
+                                             */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    unsigned char *MBEDTLS_PRIVATE(in_len);      /*!< two-bytes message length field   */
-    unsigned char *MBEDTLS_PRIVATE(in_iv);       /*!< ivlen-byte IV                    */
-    unsigned char *MBEDTLS_PRIVATE(in_msg);      /*!< message contents (in_iv+ivlen)   */
-    unsigned char *MBEDTLS_PRIVATE(in_offt);     /*!< read offset in application data  */
+    unsigned char *MBEDTLS_PRIVATE(in_len); /*!< two-bytes message length field
+                                             */
+    unsigned char *MBEDTLS_PRIVATE(in_iv); /*!< ivlen-byte IV */
+    unsigned char *MBEDTLS_PRIVATE(in_msg); /*!< message contents (in_iv+ivlen)
+                                             */
+    unsigned char *MBEDTLS_PRIVATE(in_offt); /*!< read offset in application
+                                                data  */
 
-    int MBEDTLS_PRIVATE(in_msgtype);             /*!< record header: message type      */
-    size_t MBEDTLS_PRIVATE(in_msglen);           /*!< record header: message length    */
-    size_t MBEDTLS_PRIVATE(in_left);             /*!< amount of data read so far       */
+    int MBEDTLS_PRIVATE(in_msgtype); /*!< record header: message type      */
+    size_t MBEDTLS_PRIVATE(in_msglen); /*!< record header: message length    */
+    size_t MBEDTLS_PRIVATE(in_left); /*!< amount of data read so far       */
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t MBEDTLS_PRIVATE(in_buf_len);          /*!< length of input buffer           */
+    size_t MBEDTLS_PRIVATE(in_buf_len); /*!< length of input buffer           */
 #endif
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t MBEDTLS_PRIVATE(in_epoch);          /*!< DTLS epoch for incoming records  */
-    size_t MBEDTLS_PRIVATE(next_record_offset);  /*!< offset of the next record in datagram
-                                     (equal to in_left if none)       */
+    uint16_t MBEDTLS_PRIVATE(in_epoch); /*!< DTLS epoch for incoming records  */
+    size_t MBEDTLS_PRIVATE(next_record_offset); /*!< offset of the next record
+                                    in datagram (equal to in_left if none) */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 #if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
-    uint64_t MBEDTLS_PRIVATE(in_window_top);     /*!< last validated record seq_num    */
-    uint64_t MBEDTLS_PRIVATE(in_window);         /*!< bitmask for replay detection     */
+    uint64_t MBEDTLS_PRIVATE(in_window_top); /*!< last validated record seq_num
+                                              */
+    uint64_t MBEDTLS_PRIVATE(in_window); /*!< bitmask for replay detection */
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
-    size_t MBEDTLS_PRIVATE(in_hslen);            /*!< current handshake message length,
-                                     including the handshake header   */
-    int MBEDTLS_PRIVATE(nb_zero);                /*!< # of 0-length encrypted messages */
+    size_t MBEDTLS_PRIVATE(in_hslen); /*!< current handshake message length,
+                          including the handshake header   */
+    int MBEDTLS_PRIVATE(nb_zero); /*!< # of 0-length encrypted messages */
 
-    int MBEDTLS_PRIVATE(keep_current_message);   /*!< drop or reuse current message
-                                     on next call to record layer? */
+    int MBEDTLS_PRIVATE(keep_current_message); /*!< drop or reuse current
+                                   message on next call to record layer? */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint8_t MBEDTLS_PRIVATE(disable_datagram_packing);  /*!< Disable packing multiple records
-                                        *   within a single datagram.  */
+    uint8_t MBEDTLS_PRIVATE(disable_datagram_packing); /*!< Disable packing
+                                                        * multiple records
+                                                        *   within a single
+                                                        * datagram.  */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
      * Record layer (outgoing data)
      */
-    unsigned char *MBEDTLS_PRIVATE(out_buf);     /*!< output buffer                    */
-    unsigned char *MBEDTLS_PRIVATE(out_ctr);     /*!< 64-bit outgoing message counter  */
-    unsigned char *MBEDTLS_PRIVATE(out_hdr);     /*!< start of record header           */
+    unsigned char *MBEDTLS_PRIVATE(out_buf); /*!< output buffer */
+    unsigned char *MBEDTLS_PRIVATE(out_ctr); /*!< 64-bit outgoing message
+                                                counter  */
+    unsigned char *MBEDTLS_PRIVATE(out_hdr); /*!< start of record header */
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-    unsigned char *MBEDTLS_PRIVATE(out_cid);     /*!< The start of the CID;
-                                 *   (the end is marked by in_len).   */
+    unsigned char *MBEDTLS_PRIVATE(out_cid); /*!< The start of the CID;
+                                              *   (the end is marked by in_len).
+                                              */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-    unsigned char *MBEDTLS_PRIVATE(out_len);     /*!< two-bytes message length field   */
-    unsigned char *MBEDTLS_PRIVATE(out_iv);      /*!< ivlen-byte IV                    */
-    unsigned char *MBEDTLS_PRIVATE(out_msg);     /*!< message contents (out_iv+ivlen)  */
+    unsigned char *MBEDTLS_PRIVATE(out_len); /*!< two-bytes message length field
+                                              */
+    unsigned char *MBEDTLS_PRIVATE(out_iv); /*!< ivlen-byte IV */
+    unsigned char *MBEDTLS_PRIVATE(out_msg); /*!< message contents
+                                                (out_iv+ivlen)  */
 
-    int MBEDTLS_PRIVATE(out_msgtype);            /*!< record header: message type      */
-    size_t MBEDTLS_PRIVATE(out_msglen);          /*!< record header: message length    */
-    size_t MBEDTLS_PRIVATE(out_left);            /*!< amount of data not yet written   */
+    int MBEDTLS_PRIVATE(out_msgtype); /*!< record header: message type      */
+    size_t MBEDTLS_PRIVATE(out_msglen); /*!< record header: message length    */
+    size_t MBEDTLS_PRIVATE(out_left); /*!< amount of data not yet written   */
 #if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
-    size_t MBEDTLS_PRIVATE(out_buf_len);         /*!< length of output buffer          */
+    size_t MBEDTLS_PRIVATE(out_buf_len); /*!< length of output buffer */
 #endif
 
-    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!<  Outgoing record sequence  number. */
+    unsigned char MBEDTLS_PRIVATE(cur_out_ctr)[8]; /*!<  Outgoing record
+                                                      sequence  number. */
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
-    uint16_t MBEDTLS_PRIVATE(mtu);               /*!< path mtu, used to fragment outgoing messages */
+    uint16_t MBEDTLS_PRIVATE(mtu); /*!< path mtu, used to fragment outgoing
+                                      messages */
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
     /*
      * PKI layer
      */
-    int MBEDTLS_PRIVATE(client_auth);                    /*!<  flag for client auth.   */
+    int MBEDTLS_PRIVATE(client_auth); /*!<  flag for client auth.   */
 
     /*
      * User settings
      */
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
-    char *MBEDTLS_PRIVATE(hostname);             /*!< expected peer CN for verification
-                                     (and SNI if available)                 */
+    char *MBEDTLS_PRIVATE(hostname); /*!< expected peer CN for verification
+                         (and SNI if available)                 */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_ALPN)
-    const char *MBEDTLS_PRIVATE(alpn_chosen);    /*!<  negotiated protocol                   */
+    const char *MBEDTLS_PRIVATE(alpn_chosen); /*!<  negotiated protocol */
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
@@ -1442,20 +1543,26 @@
      * Information for DTLS hello verify
      */
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
-    unsigned char  *MBEDTLS_PRIVATE(cli_id);         /*!<  transport-level ID of the client  */
-    size_t          MBEDTLS_PRIVATE(cli_id_len);     /*!<  length of cli_id                  */
+    unsigned char *MBEDTLS_PRIVATE(cli_id); /*!<  transport-level ID of the
+                                               client  */
+    size_t MBEDTLS_PRIVATE(cli_id_len); /*!<  length of cli_id */
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
     /*
      * Secure renegotiation
      */
     /* needed to know when to send extension on server */
-    int MBEDTLS_PRIVATE(secure_renegotiation);           /*!<  does peer support legacy or
-                                              secure renegotiation           */
+    int MBEDTLS_PRIVATE(secure_renegotiation); /*!<  does peer support legacy or
+                                    secure renegotiation           */
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
-    size_t MBEDTLS_PRIVATE(verify_data_len);             /*!<  length of verify data stored   */
-    char MBEDTLS_PRIVATE(own_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
-    char MBEDTLS_PRIVATE(peer_verify_data)[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
+    size_t MBEDTLS_PRIVATE(verify_data_len); /*!<  length of verify data stored
+                                              */
+    char MBEDTLS_PRIVATE(own_verify_data)
+        [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data
+                                            */
+    char MBEDTLS_PRIVATE(peer_verify_data)
+        [MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data
+                                            */
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
@@ -1465,18 +1572,21 @@
      *  all subsequent handshakes. This may be different from the
      *  CID currently used in case the user has re-configured the CID
      *  after an initial handshake. */
-    unsigned char MBEDTLS_PRIVATE(own_cid)[ MBEDTLS_SSL_CID_IN_LEN_MAX ];
-    uint8_t MBEDTLS_PRIVATE(own_cid_len);   /*!< The length of \c own_cid. */
-    uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID extension should
-                            *   be negotiated in the next handshake or not.
-                            *   Possible values are #MBEDTLS_SSL_CID_ENABLED
-                            *   and #MBEDTLS_SSL_CID_DISABLED. */
+    unsigned char MBEDTLS_PRIVATE(own_cid)[MBEDTLS_SSL_CID_IN_LEN_MAX];
+    uint8_t MBEDTLS_PRIVATE(own_cid_len); /*!< The length of \c own_cid. */
+    uint8_t MBEDTLS_PRIVATE(negotiate_cid); /*!< This indicates whether the CID
+                                             * extension should be negotiated in
+                                             * the next handshake or not.
+                                             *   Possible values are
+                                             * #MBEDTLS_SSL_CID_ENABLED and
+                                             * #MBEDTLS_SSL_CID_DISABLED. */
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
     /** Callback to export key block and master secret                      */
     mbedtls_ssl_export_keys_t *MBEDTLS_PRIVATE(f_export_keys);
-    void *MBEDTLS_PRIVATE(p_export_keys);            /*!< context for key export callback    */
+    void *MBEDTLS_PRIVATE(p_export_keys); /*!< context for key export callback
+                                           */
 #endif
 };
 
@@ -1488,7 +1598,7 @@
  *
  * \return              a string containing the ciphersuite name
  */
-const char *mbedtls_ssl_get_ciphersuite_name( const int ciphersuite_id );
+const char *mbedtls_ssl_get_ciphersuite_name(const int ciphersuite_id);
 
 /**
  * \brief               Return the ID of the ciphersuite associated with the
@@ -1498,7 +1608,7 @@
  *
  * \return              the ID with the ciphersuite or 0 if not found
  */
-int mbedtls_ssl_get_ciphersuite_id( const char *ciphersuite_name );
+int mbedtls_ssl_get_ciphersuite_id(const char *ciphersuite_name);
 
 /**
  * \brief          Initialize an SSL context
@@ -1507,7 +1617,7 @@
  *
  * \param ssl      SSL context
  */
-void mbedtls_ssl_init( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_init(mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Set up an SSL context for use
@@ -1529,8 +1639,7 @@
  * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED if
  *                 memory allocation failed
  */
-int mbedtls_ssl_setup( mbedtls_ssl_context *ssl,
-                       const mbedtls_ssl_config *conf );
+int mbedtls_ssl_setup(mbedtls_ssl_context *ssl, const mbedtls_ssl_config *conf);
 
 /**
  * \brief          Reset an already initialized SSL context for re-use
@@ -1541,7 +1650,7 @@
  * \return         0 if successful, or MBEDTLS_ERR_SSL_ALLOC_FAILED or
                    MBEDTLS_ERR_SSL_HW_ACCEL_FAILED
  */
-int mbedtls_ssl_session_reset( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_session_reset(mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Set the current endpoint type
@@ -1549,7 +1658,7 @@
  * \param conf     SSL configuration
  * \param endpoint must be MBEDTLS_SSL_IS_CLIENT or MBEDTLS_SSL_IS_SERVER
  */
-void mbedtls_ssl_conf_endpoint( mbedtls_ssl_config *conf, int endpoint );
+void mbedtls_ssl_conf_endpoint(mbedtls_ssl_config *conf, int endpoint);
 
 /**
  * \brief           Set the transport type (TLS or DTLS).
@@ -1565,7 +1674,7 @@
  *                  MBEDTLS_SSL_TRANSPORT_STREAM for TLS,
  *                  MBEDTLS_SSL_TRANSPORT_DATAGRAM for DTLS.
  */
-void mbedtls_ssl_conf_transport( mbedtls_ssl_config *conf, int transport );
+void mbedtls_ssl_conf_transport(mbedtls_ssl_config *conf, int transport);
 
 /**
  * \brief          Set the certificate verification mode
@@ -1588,12 +1697,13 @@
  *                        (default on client)
  *
  * \note On client, MBEDTLS_SSL_VERIFY_REQUIRED is the recommended mode.
- * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call mbedtls_ssl_get_verify_result() at
- * the right time(s), which may not be obvious, while REQUIRED always perform
- * the verification as soon as possible. For example, REQUIRED was protecting
- * against the "triple handshake" attack even before it was found.
+ * With MBEDTLS_SSL_VERIFY_OPTIONAL, the user needs to call
+ * mbedtls_ssl_get_verify_result() at the right time(s), which may not be
+ * obvious, while REQUIRED always perform the verification as soon as possible.
+ * For example, REQUIRED was protecting against the "triple handshake" attack
+ * even before it was found.
  */
-void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
+void mbedtls_ssl_conf_authmode(mbedtls_ssl_config *conf, int authmode);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
@@ -1611,9 +1721,10 @@
  * \param f_vrfy   The verification callback to use during CRT verification.
  * \param p_vrfy   The opaque context to be passed to the callback.
  */
-void mbedtls_ssl_conf_verify( mbedtls_ssl_config *conf,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
+void mbedtls_ssl_conf_verify(
+    mbedtls_ssl_config *conf,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /**
@@ -1623,9 +1734,9 @@
  * \param f_rng    RNG function (mandatory)
  * \param p_rng    RNG parameter
  */
-void mbedtls_ssl_conf_rng( mbedtls_ssl_config *conf,
-                  int (*f_rng)(void *, unsigned char *, size_t),
-                  void *p_rng );
+void mbedtls_ssl_conf_rng(mbedtls_ssl_config *conf,
+                          int (*f_rng)(void *, unsigned char *, size_t),
+                          void *p_rng);
 
 /**
  * \brief          Set the debug callback
@@ -1641,9 +1752,10 @@
  * \param f_dbg    debug function
  * \param p_dbg    debug parameter
  */
-void mbedtls_ssl_conf_dbg( mbedtls_ssl_config *conf,
-                  void (*f_dbg)(void *, int, const char *, int, const char *),
-                  void  *p_dbg );
+void mbedtls_ssl_conf_dbg(
+    mbedtls_ssl_config *conf,
+    void (*f_dbg)(void *, int, const char *, int, const char *),
+    void *p_dbg);
 
 /**
  * \brief          Set the underlying BIO callbacks for write, read and
@@ -1675,16 +1787,15 @@
  *                 \c mbedtls_net_recv_timeout() that are suitable to be used
  *                 here.
  */
-void mbedtls_ssl_set_bio( mbedtls_ssl_context *ssl,
-                          void *p_bio,
-                          mbedtls_ssl_send_t *f_send,
-                          mbedtls_ssl_recv_t *f_recv,
-                          mbedtls_ssl_recv_timeout_t *f_recv_timeout );
+void mbedtls_ssl_set_bio(mbedtls_ssl_context *ssl,
+                         void *p_bio,
+                         mbedtls_ssl_send_t *f_send,
+                         mbedtls_ssl_recv_t *f_recv,
+                         mbedtls_ssl_recv_timeout_t *f_recv_timeout);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-
+#    if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
 
 /**
  * \brief             Configure the use of the Connection ID (CID)
@@ -1769,10 +1880,10 @@
  *                    applies to the next handshake.
  * \return            A negative error code on failure.
  */
-int mbedtls_ssl_set_cid( mbedtls_ssl_context *ssl,
-                         int enable,
-                         unsigned char const *own_cid,
-                         size_t own_cid_len );
+int mbedtls_ssl_set_cid(mbedtls_ssl_context *ssl,
+                        int enable,
+                        unsigned char const *own_cid,
+                        size_t own_cid_len);
 
 /**
  * \brief              Get information about the use of the CID extension
@@ -1811,12 +1922,12 @@
  * \return            \c 0 on success.
  * \return            A negative error code on failure.
  */
-int mbedtls_ssl_get_peer_cid( mbedtls_ssl_context *ssl,
-                     int *enabled,
-                     unsigned char peer_cid[ MBEDTLS_SSL_CID_OUT_LEN_MAX ],
-                     size_t *peer_cid_len );
+int mbedtls_ssl_get_peer_cid(mbedtls_ssl_context *ssl,
+                             int *enabled,
+                             unsigned char peer_cid[MBEDTLS_SSL_CID_OUT_LEN_MAX],
+                             size_t *peer_cid_len);
 
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+#    endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 /**
  * \brief          Set the Maximum Tranport Unit (MTU).
@@ -1857,7 +1968,7 @@
  * \param ssl      SSL context
  * \param mtu      Value of the path MTU in bytes
  */
-void mbedtls_ssl_set_mtu( mbedtls_ssl_context *ssl, uint16_t mtu );
+void mbedtls_ssl_set_mtu(mbedtls_ssl_context *ssl, uint16_t mtu);
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -1879,9 +1990,10 @@
  * \param f_vrfy   The verification callback to use during CRT verification.
  * \param p_vrfy   The opaque context to be passed to the callback.
  */
-void mbedtls_ssl_set_verify( mbedtls_ssl_context *ssl,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
+void mbedtls_ssl_set_verify(
+    mbedtls_ssl_context *ssl,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /**
@@ -1900,7 +2012,7 @@
  * \note           With non-blocking I/O, you may also skip this function
  *                 altogether and handle timeouts at the application layer.
  */
-void mbedtls_ssl_conf_read_timeout( mbedtls_ssl_config *conf, uint32_t timeout );
+void mbedtls_ssl_conf_read_timeout(mbedtls_ssl_config *conf, uint32_t timeout);
 
 /**
  * \brief          Check whether a buffer contains a valid and authentic record
@@ -1946,9 +2058,9 @@
  *                 In this case, the SSL context becomes unusable and needs
  *                 to be freed or reset before reuse.
  */
-int mbedtls_ssl_check_record( mbedtls_ssl_context const *ssl,
-                              unsigned char *buf,
-                              size_t buflen );
+int mbedtls_ssl_check_record(mbedtls_ssl_context const *ssl,
+                             unsigned char *buf,
+                             size_t buflen);
 
 /**
  * \brief          Set the timer callbacks (Mandatory for DTLS.)
@@ -1970,10 +2082,10 @@
  * \note           See also the "DTLS tutorial" article in our knowledge base.
  *                 https://tls.mbed.org/kb/how-to/dtls-tutorial
  */
-void mbedtls_ssl_set_timer_cb( mbedtls_ssl_context *ssl,
-                               void *p_timer,
-                               mbedtls_ssl_set_timer_t *f_set_timer,
-                               mbedtls_ssl_get_timer_t *f_get_timer );
+void mbedtls_ssl_set_timer_cb(mbedtls_ssl_context *ssl,
+                              void *p_timer,
+                              mbedtls_ssl_set_timer_t *f_set_timer,
+                              mbedtls_ssl_get_timer_t *f_get_timer);
 
 /**
  * \brief           Callback type: generate and write session ticket
@@ -1994,12 +2106,12 @@
  * \return          0 if successful, or
  *                  a specific MBEDTLS_ERR_XXX code.
  */
-typedef int mbedtls_ssl_ticket_write_t( void *p_ticket,
-                                        const mbedtls_ssl_session *session,
-                                        unsigned char *start,
-                                        const unsigned char *end,
-                                        size_t *tlen,
-                                        uint32_t *lifetime );
+typedef int mbedtls_ssl_ticket_write_t(void *p_ticket,
+                                       const mbedtls_ssl_session *session,
+                                       unsigned char *start,
+                                       const unsigned char *end,
+                                       size_t *tlen,
+                                       uint32_t *lifetime);
 
 /**
  * \brief           Callback type: parse and load session ticket
@@ -2024,10 +2136,10 @@
  *                  MBEDTLS_ERR_SSL_SESSION_TICKET_EXPIRED if expired, or
  *                  any other non-zero code for other failures.
  */
-typedef int mbedtls_ssl_ticket_parse_t( void *p_ticket,
-                                        mbedtls_ssl_session *session,
-                                        unsigned char *buf,
-                                        size_t len );
+typedef int mbedtls_ssl_ticket_parse_t(void *p_ticket,
+                                       mbedtls_ssl_session *session,
+                                       unsigned char *buf,
+                                       size_t len);
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_SRV_C)
 /**
@@ -2044,10 +2156,11 @@
  * \param f_ticket_parse    Callback for parsing a ticket
  * \param p_ticket          Context shared by the two callbacks
  */
-void mbedtls_ssl_conf_session_tickets_cb( mbedtls_ssl_config *conf,
-        mbedtls_ssl_ticket_write_t *f_ticket_write,
-        mbedtls_ssl_ticket_parse_t *f_ticket_parse,
-        void *p_ticket );
+void mbedtls_ssl_conf_session_tickets_cb(
+    mbedtls_ssl_config *conf,
+    mbedtls_ssl_ticket_write_t *f_ticket_write,
+    mbedtls_ssl_ticket_parse_t *f_ticket_parse,
+    void *p_ticket);
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_EXPORT_KEYS)
@@ -2069,9 +2182,9 @@
  * \param p_export_keys  The opaque context pointer to be passed to the
  *                       callback \p f_export_keys.
  */
-void mbedtls_ssl_set_export_keys_cb( mbedtls_ssl_context *ssl,
-                                     mbedtls_ssl_export_keys_t *f_export_keys,
-                                     void *p_export_keys );
+void mbedtls_ssl_set_export_keys_cb(mbedtls_ssl_context *ssl,
+                                    mbedtls_ssl_export_keys_t *f_export_keys,
+                                    void *p_export_keys);
 #endif /* MBEDTLS_SSL_EXPORT_KEYS */
 
 #if defined(MBEDTLS_SSL_ASYNC_PRIVATE)
@@ -2105,12 +2218,13 @@
  *                          mbedtls_ssl_conf_get_async_config_data(). The
  *                          library stores this value without dereferencing it.
  */
-void mbedtls_ssl_conf_async_private_cb( mbedtls_ssl_config *conf,
-                                        mbedtls_ssl_async_sign_t *f_async_sign,
-                                        mbedtls_ssl_async_decrypt_t *f_async_decrypt,
-                                        mbedtls_ssl_async_resume_t *f_async_resume,
-                                        mbedtls_ssl_async_cancel_t *f_async_cancel,
-                                        void *config_data );
+void mbedtls_ssl_conf_async_private_cb(
+    mbedtls_ssl_config *conf,
+    mbedtls_ssl_async_sign_t *f_async_sign,
+    mbedtls_ssl_async_decrypt_t *f_async_decrypt,
+    mbedtls_ssl_async_resume_t *f_async_resume,
+    mbedtls_ssl_async_cancel_t *f_async_cancel,
+    void *config_data);
 
 /**
  * \brief           Retrieve the configuration data set by
@@ -2120,7 +2234,7 @@
  * \return          The configuration data set by
  *                  mbedtls_ssl_conf_async_private_cb().
  */
-void *mbedtls_ssl_conf_get_async_config_data( const mbedtls_ssl_config *conf );
+void *mbedtls_ssl_conf_get_async_config_data(const mbedtls_ssl_config *conf);
 
 /**
  * \brief           Retrieve the asynchronous operation user context.
@@ -2136,7 +2250,7 @@
  *                  called during the current handshake, this function returns
  *                  \c NULL.
  */
-void *mbedtls_ssl_get_async_operation_data( const mbedtls_ssl_context *ssl );
+void *mbedtls_ssl_get_async_operation_data(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief           Retrieve the asynchronous operation user context.
@@ -2149,8 +2263,7 @@
  *                  Call mbedtls_ssl_get_async_operation_data() later during the
  *                  same handshake to retrieve this value.
  */
-void mbedtls_ssl_set_async_operation_data( mbedtls_ssl_context *ssl,
-                                 void *ctx );
+void mbedtls_ssl_set_async_operation_data(mbedtls_ssl_context *ssl, void *ctx);
 #endif /* MBEDTLS_SSL_ASYNC_PRIVATE */
 
 /**
@@ -2167,9 +2280,11 @@
  * \return         The callback must return 0 on success,
  *                 or a negative error code.
  */
-typedef int mbedtls_ssl_cookie_write_t( void *ctx,
-                                unsigned char **p, unsigned char *end,
-                                const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_write_t(void *ctx,
+                                       unsigned char **p,
+                                       unsigned char *end,
+                                       const unsigned char *info,
+                                       size_t ilen);
 
 /**
  * \brief          Callback type: verify a cookie
@@ -2184,9 +2299,11 @@
  * \return         The callback must return 0 if cookie is valid,
  *                 or a negative error code.
  */
-typedef int mbedtls_ssl_cookie_check_t( void *ctx,
-                                const unsigned char *cookie, size_t clen,
-                                const unsigned char *info, size_t ilen );
+typedef int mbedtls_ssl_cookie_check_t(void *ctx,
+                                       const unsigned char *cookie,
+                                       size_t clen,
+                                       const unsigned char *info,
+                                       size_t ilen);
 
 #if defined(MBEDTLS_SSL_DTLS_HELLO_VERIFY) && defined(MBEDTLS_SSL_SRV_C)
 /**
@@ -2217,10 +2334,10 @@
  * \param f_cookie_check    Cookie check callback
  * \param p_cookie          Context for both callbacks
  */
-void mbedtls_ssl_conf_dtls_cookies( mbedtls_ssl_config *conf,
-                           mbedtls_ssl_cookie_write_t *f_cookie_write,
-                           mbedtls_ssl_cookie_check_t *f_cookie_check,
-                           void *p_cookie );
+void mbedtls_ssl_conf_dtls_cookies(mbedtls_ssl_config *conf,
+                                   mbedtls_ssl_cookie_write_t *f_cookie_write,
+                                   mbedtls_ssl_cookie_check_t *f_cookie_check,
+                                   void *p_cookie);
 
 /**
  * \brief          Set client's transport-level identification info.
@@ -2241,9 +2358,9 @@
  *                 MBEDTLS_ERR_SSL_BAD_INPUT_DATA if used on client,
  *                 MBEDTLS_ERR_SSL_ALLOC_FAILED if out of memory.
  */
-int mbedtls_ssl_set_client_transport_id( mbedtls_ssl_context *ssl,
-                                 const unsigned char *info,
-                                 size_t ilen );
+int mbedtls_ssl_set_client_transport_id(mbedtls_ssl_context *ssl,
+                                        const unsigned char *info,
+                                        size_t ilen);
 
 #endif /* MBEDTLS_SSL_DTLS_HELLO_VERIFY && MBEDTLS_SSL_SRV_C */
 
@@ -2263,7 +2380,7 @@
  *                 packets and needs information about them to adjust its
  *                 transmission strategy, then you'll want to disable this.
  */
-void mbedtls_ssl_conf_dtls_anti_replay( mbedtls_ssl_config *conf, char mode );
+void mbedtls_ssl_conf_dtls_anti_replay(mbedtls_ssl_config *conf, char mode);
 #endif /* MBEDTLS_SSL_DTLS_ANTI_REPLAY */
 
 /**
@@ -2289,7 +2406,8 @@
  *                 might make us waste resources checking authentication on
  *                 many bogus packets.
  */
-void mbedtls_ssl_conf_dtls_badmac_limit( mbedtls_ssl_config *conf, unsigned limit );
+void mbedtls_ssl_conf_dtls_badmac_limit(mbedtls_ssl_config *conf,
+                                        unsigned limit);
 
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 
@@ -2321,8 +2439,8 @@
  *                 are currently always sent in separate datagrams.
  *
  */
-void mbedtls_ssl_set_datagram_packing( mbedtls_ssl_context *ssl,
-                                       unsigned allow_packing );
+void mbedtls_ssl_set_datagram_packing(mbedtls_ssl_context *ssl,
+                                      unsigned allow_packing);
 
 /**
  * \brief          Set retransmit timeout values for the DTLS handshake.
@@ -2355,7 +2473,9 @@
  *                 goes: send ... 1s -> resend ... 2s -> resend ... 4s ->
  *                 resend ... 5s -> give up and return a timeout error.
  */
-void mbedtls_ssl_conf_handshake_timeout( mbedtls_ssl_config *conf, uint32_t min, uint32_t max );
+void mbedtls_ssl_conf_handshake_timeout(mbedtls_ssl_config *conf,
+                                        uint32_t min,
+                                        uint32_t max);
 #endif /* MBEDTLS_SSL_PROTO_DTLS */
 
 #if defined(MBEDTLS_SSL_SRV_C)
@@ -2396,10 +2516,10 @@
  * \param f_get_cache    session get callback
  * \param f_set_cache    session set callback
  */
-void mbedtls_ssl_conf_session_cache( mbedtls_ssl_config *conf,
-                                     void *p_cache,
-                                     mbedtls_ssl_cache_get_t *f_get_cache,
-                                     mbedtls_ssl_cache_set_t *f_set_cache );
+void mbedtls_ssl_conf_session_cache(mbedtls_ssl_config *conf,
+                                    void *p_cache,
+                                    mbedtls_ssl_cache_get_t *f_get_cache,
+                                    mbedtls_ssl_cache_set_t *f_set_cache);
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -2448,7 +2568,8 @@
  * \sa             mbedtls_ssl_get_session()
  * \sa             mbedtls_ssl_session_load()
  */
-int mbedtls_ssl_set_session( mbedtls_ssl_context *ssl, const mbedtls_ssl_session *session );
+int mbedtls_ssl_set_session(mbedtls_ssl_context *ssl,
+                            const mbedtls_ssl_session *session);
 #endif /* MBEDTLS_SSL_CLI_C */
 
 /**
@@ -2483,9 +2604,9 @@
  * \return         Another negative value for other kinds of errors (for
  *                 example, unsupported features in the embedded certificate).
  */
-int mbedtls_ssl_session_load( mbedtls_ssl_session *session,
-                              const unsigned char *buf,
-                              size_t len );
+int mbedtls_ssl_session_load(mbedtls_ssl_session *session,
+                             const unsigned char *buf,
+                             size_t len);
 
 /**
  * \brief          Save session structure as serialized data in a buffer.
@@ -2512,10 +2633,10 @@
  * \return         \c 0 if successful.
  * \return         #MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL if \p buf is too small.
  */
-int mbedtls_ssl_session_save( const mbedtls_ssl_session *session,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen );
+int mbedtls_ssl_session_save(const mbedtls_ssl_session *session,
+                             unsigned char *buf,
+                             size_t buf_len,
+                             size_t *olen);
 
 /**
  * \brief               Set the list of allowed ciphersuites and the preference
@@ -2535,12 +2656,12 @@
  * \param conf          SSL configuration
  * \param ciphersuites  0-terminated list of allowed ciphersuites
  */
-void mbedtls_ssl_conf_ciphersuites( mbedtls_ssl_config *conf,
-                                   const int *ciphersuites );
+void mbedtls_ssl_conf_ciphersuites(mbedtls_ssl_config *conf,
+                                   const int *ciphersuites);
 
 #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
-#define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
-#define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
+#    define MBEDTLS_SSL_UNEXPECTED_CID_IGNORE 0
+#    define MBEDTLS_SSL_UNEXPECTED_CID_FAIL   1
 /**
  * \brief               Specify the length of Connection IDs for incoming
  *                      encrypted DTLS records, as well as the behaviour
@@ -2573,8 +2694,9 @@
  * \return              #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
  *                      is too large.
  */
-int mbedtls_ssl_conf_cid( mbedtls_ssl_config *conf, size_t len,
-                          int ignore_other_cids );
+int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf,
+                         size_t len,
+                         int ignore_other_cids);
 #endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -2588,8 +2710,8 @@
  * \param conf     SSL configuration
  * \param profile  Profile to use
  */
-void mbedtls_ssl_conf_cert_profile( mbedtls_ssl_config *conf,
-                                    const mbedtls_x509_crt_profile *profile );
+void mbedtls_ssl_conf_cert_profile(mbedtls_ssl_config *conf,
+                                   const mbedtls_x509_crt_profile *profile);
 
 /**
  * \brief          Set the data required to verify peer certificate
@@ -2602,11 +2724,11 @@
  * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
  * \param ca_crl   trusted CA CRLs
  */
-void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
+void mbedtls_ssl_conf_ca_chain(mbedtls_ssl_config *conf,
                                mbedtls_x509_crt *ca_chain,
-                               mbedtls_x509_crl *ca_crl );
+                               mbedtls_x509_crl *ca_crl);
 
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#    if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
 /**
  * \brief          Set the trusted certificate callback.
  *
@@ -2658,10 +2780,10 @@
  *                 to guarantee this (for example through a mutex
  *                 contained in the callback context pointed to by \p p_ca_cb).
  */
-void mbedtls_ssl_conf_ca_cb( mbedtls_ssl_config *conf,
-                             mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                             void *p_ca_cb );
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+void mbedtls_ssl_conf_ca_cb(mbedtls_ssl_config *conf,
+                            mbedtls_x509_crt_ca_cb_t f_ca_cb,
+                            void *p_ca_cb);
+#    endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 
 /**
  * \brief          Set own certificate chain and private key
@@ -2699,9 +2821,9 @@
  *
  * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
  */
-int mbedtls_ssl_conf_own_cert( mbedtls_ssl_config *conf,
+int mbedtls_ssl_conf_own_cert(mbedtls_ssl_config *conf,
                               mbedtls_x509_crt *own_cert,
-                              mbedtls_pk_context *pk_key );
+                              mbedtls_pk_context *pk_key);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
@@ -2737,11 +2859,13 @@
  *                 can be configured. In this case, the old PSK(s) remain intact.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_ssl_conf_psk( mbedtls_ssl_config *conf,
-                const unsigned char *psk, size_t psk_len,
-                const unsigned char *psk_identity, size_t psk_identity_len );
+int mbedtls_ssl_conf_psk(mbedtls_ssl_config *conf,
+                         const unsigned char *psk,
+                         size_t psk_len,
+                         const unsigned char *psk_identity,
+                         size_t psk_identity_len);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#    if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
  * \brief          Configure one or more opaque pre-shared keys (PSKs) and
  *                 their identities to be used in PSK-based ciphersuites.
@@ -2779,11 +2903,11 @@
  *                 can be configured. In this case, the old PSK(s) remain intact.
  * \return         Another negative error code on other kinds of failure.
  */
-int mbedtls_ssl_conf_psk_opaque( mbedtls_ssl_config *conf,
-                                 psa_key_id_t psk,
-                                 const unsigned char *psk_identity,
-                                 size_t psk_identity_len );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_conf_psk_opaque(mbedtls_ssl_config *conf,
+                                psa_key_id_t psk,
+                                const unsigned char *psk_identity,
+                                size_t psk_identity_len);
+#    endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /**
  * \brief          Set the pre-shared Key (PSK) for the current handshake.
@@ -2801,10 +2925,11 @@
  * \return         \c 0 if successful.
  * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
  */
-int mbedtls_ssl_set_hs_psk( mbedtls_ssl_context *ssl,
-                            const unsigned char *psk, size_t psk_len );
+int mbedtls_ssl_set_hs_psk(mbedtls_ssl_context *ssl,
+                           const unsigned char *psk,
+                           size_t psk_len);
 
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#    if defined(MBEDTLS_USE_PSA_CRYPTO)
 /**
  * \brief          Set an opaque pre-shared Key (PSK) for the current handshake.
  *
@@ -2821,13 +2946,12 @@
  *                 PSA_ALG_CATEGORY_KEY_DERIVATION whose policy allows its
  *                 use for the key derivation algorithm
  *                 applied in the handshake.
-  *
+ *
  * \return         \c 0 if successful.
  * \return         An \c MBEDTLS_ERR_SSL_XXX error code on failure.
  */
-int mbedtls_ssl_set_hs_psk_opaque( mbedtls_ssl_context *ssl,
-                                   psa_key_id_t psk );
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
+int mbedtls_ssl_set_hs_psk_opaque(mbedtls_ssl_context *ssl, psa_key_id_t psk);
+#    endif /* MBEDTLS_USE_PSA_CRYPTO */
 
 /**
  * \brief          Set the PSK callback (server-side only).
@@ -2867,10 +2991,10 @@
  * \param p_psk    A pointer to an opaque structure to be passed to
  *                 the callback, for example a PSK store.
  */
-void mbedtls_ssl_conf_psk_cb( mbedtls_ssl_config *conf,
-                     int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *,
-                                  size_t),
-                     void *p_psk );
+void mbedtls_ssl_conf_psk_cb(
+    mbedtls_ssl_config *conf,
+    int (*f_psk)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+    void *p_psk);
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_SRV_C)
@@ -2887,9 +3011,11 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ssl_conf_dh_param_bin( mbedtls_ssl_config *conf,
-                                   const unsigned char *dhm_P, size_t P_len,
-                                   const unsigned char *dhm_G,  size_t G_len );
+int mbedtls_ssl_conf_dh_param_bin(mbedtls_ssl_config *conf,
+                                  const unsigned char *dhm_P,
+                                  size_t P_len,
+                                  const unsigned char *dhm_G,
+                                  size_t G_len);
 
 /**
  * \brief          Set the Diffie-Hellman public P and G values,
@@ -2900,7 +3026,8 @@
  *
  * \return         0 if successful
  */
-int mbedtls_ssl_conf_dh_param_ctx( mbedtls_ssl_config *conf, mbedtls_dhm_context *dhm_ctx );
+int mbedtls_ssl_conf_dh_param_ctx(mbedtls_ssl_config *conf,
+                                  mbedtls_dhm_context *dhm_ctx);
 #endif /* MBEDTLS_DHM_C && defined(MBEDTLS_SSL_SRV_C) */
 
 #if defined(MBEDTLS_DHM_C) && defined(MBEDTLS_SSL_CLI_C)
@@ -2912,8 +3039,8 @@
  * \param conf     SSL configuration
  * \param bitlen   Minimum bit length of the DHM prime
  */
-void mbedtls_ssl_conf_dhm_min_bitlen( mbedtls_ssl_config *conf,
-                                      unsigned int bitlen );
+void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
+                                     unsigned int bitlen);
 #endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_ECP_C)
@@ -2956,8 +3083,8 @@
  * \param curves   Ordered list of allowed curves,
  *                 terminated by MBEDTLS_ECP_DP_NONE.
  */
-void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
-                              const mbedtls_ecp_group_id *curves );
+void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
+                             const mbedtls_ecp_group_id *curves);
 #endif /* MBEDTLS_ECP_C */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED)
@@ -2990,8 +3117,7 @@
  * \param hashes   Ordered list of allowed signature hashes,
  *                 terminated by \c MBEDTLS_MD_NONE.
  */
-void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
-                                  const int *hashes );
+void mbedtls_ssl_conf_sig_hashes(mbedtls_ssl_config *conf, const int *hashes);
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED */
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
@@ -3013,7 +3139,7 @@
  *                 when NULL). On allocation failure hostname is cleared.
  *                 On too long input failure, old hostname is unchanged.
  */
-int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
+int mbedtls_ssl_set_hostname(mbedtls_ssl_context *ssl, const char *hostname);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -3029,9 +3155,9 @@
  *
  * \return         0 on success or MBEDTLS_ERR_SSL_ALLOC_FAILED
  */
-int mbedtls_ssl_set_hs_own_cert( mbedtls_ssl_context *ssl,
-                                 mbedtls_x509_crt *own_cert,
-                                 mbedtls_pk_context *pk_key );
+int mbedtls_ssl_set_hs_own_cert(mbedtls_ssl_context *ssl,
+                                mbedtls_x509_crt *own_cert,
+                                mbedtls_pk_context *pk_key);
 
 /**
  * \brief          Set the data required to verify peer certificate for the
@@ -3044,9 +3170,9 @@
  * \param ca_chain trusted CA chain (meaning all fully trusted top-level CAs)
  * \param ca_crl   trusted CA CRLs
  */
-void mbedtls_ssl_set_hs_ca_chain( mbedtls_ssl_context *ssl,
-                                  mbedtls_x509_crt *ca_chain,
-                                  mbedtls_x509_crl *ca_crl );
+void mbedtls_ssl_set_hs_ca_chain(mbedtls_ssl_context *ssl,
+                                 mbedtls_x509_crt *ca_chain,
+                                 mbedtls_x509_crl *ca_crl);
 
 /**
  * \brief          Set authmode for the current handshake.
@@ -3058,8 +3184,7 @@
  * \param authmode MBEDTLS_SSL_VERIFY_NONE, MBEDTLS_SSL_VERIFY_OPTIONAL or
  *                 MBEDTLS_SSL_VERIFY_REQUIRED
  */
-void mbedtls_ssl_set_hs_authmode( mbedtls_ssl_context *ssl,
-                                  int authmode );
+void mbedtls_ssl_set_hs_authmode(mbedtls_ssl_context *ssl, int authmode);
 
 /**
  * \brief          Set server side ServerName TLS extension callback
@@ -3084,10 +3209,10 @@
  * \param f_sni    verification function
  * \param p_sni    verification parameter
  */
-void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
-                  int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *,
-                               size_t),
-                  void *p_sni );
+void mbedtls_ssl_conf_sni(
+    mbedtls_ssl_config *conf,
+    int (*f_sni)(void *, mbedtls_ssl_context *, const unsigned char *, size_t),
+    void *p_sni);
 #endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
@@ -3108,9 +3233,9 @@
  *
  * \return         0 on success, or a negative error code.
  */
-int mbedtls_ssl_set_hs_ecjpake_password( mbedtls_ssl_context *ssl,
-                                         const unsigned char *pw,
-                                         size_t pw_len );
+int mbedtls_ssl_set_hs_ecjpake_password(mbedtls_ssl_context *ssl,
+                                        const unsigned char *pw,
+                                        size_t pw_len);
 #endif /*MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
 
 #if defined(MBEDTLS_SSL_ALPN)
@@ -3126,7 +3251,8 @@
  *
  * \return         0 on success, or MBEDTLS_ERR_SSL_BAD_INPUT_DATA.
  */
-int mbedtls_ssl_conf_alpn_protocols( mbedtls_ssl_config *conf, const char **protos );
+int mbedtls_ssl_conf_alpn_protocols(mbedtls_ssl_config *conf,
+                                    const char **protos);
 
 /**
  * \brief          Get the name of the negotiated Application Layer Protocol.
@@ -3137,28 +3263,29 @@
  *
  * \return         Protcol name, or NULL if no protocol was negotiated.
  */
-const char *mbedtls_ssl_get_alpn_protocol( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_alpn_protocol(const mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_ALPN */
 
 #if defined(MBEDTLS_SSL_DTLS_SRTP)
-#if defined(MBEDTLS_DEBUG_C)
-static inline const char *mbedtls_ssl_get_srtp_profile_as_string( mbedtls_ssl_srtp_profile profile )
+#    if defined(MBEDTLS_DEBUG_C)
+static inline const char *
+mbedtls_ssl_get_srtp_profile_as_string(mbedtls_ssl_srtp_profile profile)
 {
-    switch( profile )
-    {
+    switch (profile) {
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80:
-            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" ;
+            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80";
         case MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32:
-            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" ;
+            return "MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32";
         case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80:
-            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" ;
+            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80";
         case MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32:
-            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" ;
-        default: break;
+            return "MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32";
+        default:
+            break;
     }
-    return "" ;
+    return "";
 }
-#endif /* MBEDTLS_DEBUG_C */
+#    endif /* MBEDTLS_DEBUG_C */
 /**
  * \brief                   Manage support for mki(master key id) value
  *                          in use_srtp extension.
@@ -3172,8 +3299,8 @@
  *                          #MBEDTLS_SSL_DTLS_SRTP_MKI_UNSUPPORTED
  *                          or #MBEDTLS_SSL_DTLS_SRTP_MKI_SUPPORTED.
  */
-void mbedtls_ssl_conf_srtp_mki_value_supported( mbedtls_ssl_config *conf,
-                                                int support_mki_value );
+void mbedtls_ssl_conf_srtp_mki_value_supported(mbedtls_ssl_config *conf,
+                                               int support_mki_value);
 
 /**
  * \brief                   Set the supported DTLS-SRTP protection profiles.
@@ -3194,9 +3321,9 @@
  * \return                  #MBEDTLS_ERR_SSL_BAD_INPUT_DATA when the list of
  *                          protection profiles is incorrect.
  */
-int mbedtls_ssl_conf_dtls_srtp_protection_profiles
-                               ( mbedtls_ssl_config *conf,
-                                 const mbedtls_ssl_srtp_profile *profiles );
+int mbedtls_ssl_conf_dtls_srtp_protection_profiles(
+    mbedtls_ssl_config *conf,
+    const mbedtls_ssl_srtp_profile *profiles);
 
 /**
  * \brief                  Set the mki_value for the current DTLS-SRTP session.
@@ -3214,29 +3341,33 @@
  * \return                 #MBEDTLS_ERR_SSL_BAD_INPUT_DATA
  * \return                 #MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE
  */
-int mbedtls_ssl_dtls_srtp_set_mki_value( mbedtls_ssl_context *ssl,
-                                         unsigned char *mki_value,
-                                         uint16_t mki_len );
+int mbedtls_ssl_dtls_srtp_set_mki_value(mbedtls_ssl_context *ssl,
+                                        unsigned char *mki_value,
+                                        uint16_t mki_len);
 /**
  * \brief                  Get the negotiated DTLS-SRTP informations:
  *                         Protection profile and MKI value.
  *
  * \warning                This function must be called after the handshake is
  *                         completed. The value returned by this function must
- *                         not be trusted or acted upon before the handshake completes.
+ *                         not be trusted or acted upon before the handshake
+ completes.
  *
  * \param ssl              The SSL context to query.
  * \param dtls_srtp_info   The negotiated DTLS-SRTP informations:
  *                         - Protection profile in use.
- *                         A direct mapping of the iana defined value for protection
+ *                         A direct mapping of the iana defined value for
+ protection
  *                         profile on an uint16_t.
                    http://www.iana.org/assignments/srtp-protection/srtp-protection.xhtml
- *                         #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not negotiated
+ *                         #MBEDTLS_TLS_SRTP_UNSET if the use of SRTP was not
+ negotiated
  *                         or peer's Hello packet was not parsed yet.
  *                         - mki size and value( if size is > 0 ).
  */
-void mbedtls_ssl_get_dtls_srtp_negotiation_result( const mbedtls_ssl_context *ssl,
-                                                   mbedtls_dtls_srtp_info *dtls_srtp_info );
+void mbedtls_ssl_get_dtls_srtp_negotiation_result(
+    const mbedtls_ssl_context *ssl,
+    mbedtls_dtls_srtp_info *dtls_srtp_info);
 #endif /* MBEDTLS_SSL_DTLS_SRTP */
 
 /**
@@ -3252,7 +3383,9 @@
  * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
  */
-void mbedtls_ssl_conf_max_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_max_version(mbedtls_ssl_config *conf,
+                                  int major,
+                                  int minor);
 
 /**
  * \brief          Set the minimum accepted SSL/TLS protocol version
@@ -3267,7 +3400,9 @@
  * \param major    Major version number (only MBEDTLS_SSL_MAJOR_VERSION_3 supported)
  * \param minor    Minor version number (only MBEDTLS_SSL_MINOR_VERSION_3 supported)
  */
-void mbedtls_ssl_conf_min_version( mbedtls_ssl_config *conf, int major, int minor );
+void mbedtls_ssl_conf_min_version(mbedtls_ssl_config *conf,
+                                  int major,
+                                  int minor);
 
 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
 /**
@@ -3281,7 +3416,7 @@
  * \param conf      SSL configuration
  * \param etm       MBEDTLS_SSL_ETM_ENABLED or MBEDTLS_SSL_ETM_DISABLED
  */
-void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm );
+void mbedtls_ssl_conf_encrypt_then_mac(mbedtls_ssl_config *conf, char etm);
 #endif /* MBEDTLS_SSL_ENCRYPT_THEN_MAC */
 
 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
@@ -3296,7 +3431,8 @@
  * \param conf      SSL configuration
  * \param ems       MBEDTLS_SSL_EXTENDED_MS_ENABLED or MBEDTLS_SSL_EXTENDED_MS_DISABLED
  */
-void mbedtls_ssl_conf_extended_master_secret( mbedtls_ssl_config *conf, char ems );
+void mbedtls_ssl_conf_extended_master_secret(mbedtls_ssl_config *conf,
+                                             char ems);
 #endif /* MBEDTLS_SSL_EXTENDED_MASTER_SECRET */
 
 #if defined(MBEDTLS_SSL_SRV_C)
@@ -3309,8 +3445,8 @@
  * \param cert_req_ca_list   MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
  *                          MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
  */
-void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
-                                          char cert_req_ca_list );
+void mbedtls_ssl_conf_cert_req_ca_list(mbedtls_ssl_config *conf,
+                                       char cert_req_ca_list);
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
@@ -3348,7 +3484,8 @@
  *
  * \return         0 if successful or MBEDTLS_ERR_SSL_BAD_INPUT_DATA
  */
-int mbedtls_ssl_conf_max_frag_len( mbedtls_ssl_config *conf, unsigned char mfl_code );
+int mbedtls_ssl_conf_max_frag_len(mbedtls_ssl_config *conf,
+                                  unsigned char mfl_code);
 #endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
 
 #if defined(MBEDTLS_SSL_SRV_C)
@@ -3361,7 +3498,7 @@
  * \param order    Server or client (MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER
  *                                or MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT)
  */
-void mbedtls_ssl_conf_preference_order( mbedtls_ssl_config *conf, int order );
+void mbedtls_ssl_conf_preference_order(mbedtls_ssl_config *conf, int order);
 #endif /* MBEDTLS_SSL_SRV_C */
 
 #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
@@ -3375,7 +3512,8 @@
  * \param use_tickets   Enable or disable (MBEDTLS_SSL_SESSION_TICKETS_ENABLED or
  *                                         MBEDTLS_SSL_SESSION_TICKETS_DISABLED)
  */
-void mbedtls_ssl_conf_session_tickets( mbedtls_ssl_config *conf, int use_tickets );
+void mbedtls_ssl_conf_session_tickets(mbedtls_ssl_config *conf,
+                                      int use_tickets);
 #endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
@@ -3396,7 +3534,8 @@
  * \param renegotiation     Enable or disable (MBEDTLS_SSL_RENEGOTIATION_ENABLED or
  *                                             MBEDTLS_SSL_RENEGOTIATION_DISABLED)
  */
-void mbedtls_ssl_conf_renegotiation( mbedtls_ssl_config *conf, int renegotiation );
+void mbedtls_ssl_conf_renegotiation(mbedtls_ssl_config *conf,
+                                    int renegotiation);
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 /**
@@ -3426,7 +3565,8 @@
  *                                        SSL_ALLOW_LEGACY_RENEGOTIATION or
  *                                        MBEDTLS_SSL_LEGACY_BREAK_HANDSHAKE)
  */
-void mbedtls_ssl_conf_legacy_renegotiation( mbedtls_ssl_config *conf, int allow_legacy );
+void mbedtls_ssl_conf_legacy_renegotiation(mbedtls_ssl_config *conf,
+                                           int allow_legacy);
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
 /**
@@ -3466,7 +3606,8 @@
  *                 enforce renegotiation, or a non-negative value to enforce
  *                 it but allow for a grace period of max_records records.
  */
-void mbedtls_ssl_conf_renegotiation_enforced( mbedtls_ssl_config *conf, int max_records );
+void mbedtls_ssl_conf_renegotiation_enforced(mbedtls_ssl_config *conf,
+                                             int max_records);
 
 /**
  * \brief          Set record counter threshold for periodic renegotiation.
@@ -3493,8 +3634,8 @@
  * \param conf     SSL configuration
  * \param period   The threshold value: a big-endian 64-bit number.
  */
-void mbedtls_ssl_conf_renegotiation_period( mbedtls_ssl_config *conf,
-                                   const unsigned char period[8] );
+void mbedtls_ssl_conf_renegotiation_period(mbedtls_ssl_config *conf,
+                                           const unsigned char period[8]);
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 /**
@@ -3535,7 +3676,7 @@
  *                 that all internal data has been processed.
  *
  */
-int mbedtls_ssl_check_pending( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_check_pending(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the number of application data bytes
@@ -3552,7 +3693,7 @@
  *                 amount of data fitting into the input buffer.
  *
  */
-size_t mbedtls_ssl_get_bytes_avail( const mbedtls_ssl_context *ssl );
+size_t mbedtls_ssl_get_bytes_avail(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the result of the certificate verification
@@ -3566,7 +3707,7 @@
  * \return         A bitwise combination of \c MBEDTLS_X509_BADCERT_XXX
  *                 and \c MBEDTLS_X509_BADCRL_XXX failure flags; see x509.h.
  */
-uint32_t mbedtls_ssl_get_verify_result( const mbedtls_ssl_context *ssl );
+uint32_t mbedtls_ssl_get_verify_result(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the name of the current ciphersuite
@@ -3575,7 +3716,7 @@
  *
  * \return         a string containing the ciphersuite name
  */
-const char *mbedtls_ssl_get_ciphersuite( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_ciphersuite(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the current TLS version
@@ -3584,7 +3725,7 @@
  *
  * \return         a string containing the TLS version
  */
-const char *mbedtls_ssl_get_version( const mbedtls_ssl_context *ssl );
+const char *mbedtls_ssl_get_version(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the (maximum) number of bytes added by the record
@@ -3594,7 +3735,7 @@
  *
  * \return         Current maximum record expansion in bytes
  */
-int mbedtls_ssl_get_record_expansion( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_record_expansion(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the current maximum outgoing record payload in bytes.
@@ -3621,7 +3762,7 @@
  * \return         Current maximum payload for an outgoing record,
  *                 or a negative error code.
  */
-int mbedtls_ssl_get_max_out_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_out_record_payload(const mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Return the current maximum incoming record payload in bytes.
@@ -3641,7 +3782,7 @@
  * \return         Current maximum payload for an outgoing record,
  *                 or a negative error code.
  */
-int mbedtls_ssl_get_max_in_record_payload( const mbedtls_ssl_context *ssl );
+int mbedtls_ssl_get_max_in_record_payload(const mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_X509_CRT_PARSE_C)
 /**
@@ -3674,7 +3815,8 @@
  *                 If you want to use the certificate across API calls,
  *                 you must make a copy.
  */
-const mbedtls_x509_crt *mbedtls_ssl_get_peer_cert( const mbedtls_ssl_context *ssl );
+const mbedtls_x509_crt *
+mbedtls_ssl_get_peer_cert(const mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 #if defined(MBEDTLS_SSL_CLI_C)
@@ -3712,8 +3854,8 @@
  * \sa             mbedtls_ssl_set_session()
  * \sa             mbedtls_ssl_session_save()
  */
-int mbedtls_ssl_get_session( const mbedtls_ssl_context *ssl,
-                             mbedtls_ssl_session *session );
+int mbedtls_ssl_get_session(const mbedtls_ssl_context *ssl,
+                            mbedtls_ssl_session *session);
 #endif /* MBEDTLS_SSL_CLI_C */
 
 /**
@@ -3766,7 +3908,7 @@
  *                 currently being processed might or might not contain further
  *                 DTLS records.
  */
-int mbedtls_ssl_handshake( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Perform a single step of the SSL handshake
@@ -3788,7 +3930,7 @@
  *                 re-using it for a new connection; the current connection
  *                 must be closed.
  */
-int mbedtls_ssl_handshake_step( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_handshake_step(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_RENEGOTIATION)
 /**
@@ -3814,7 +3956,7 @@
  *                 must be closed.
  *
  */
-int mbedtls_ssl_renegotiate( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_renegotiate(mbedtls_ssl_context *ssl);
 #endif /* MBEDTLS_SSL_RENEGOTIATION */
 
 /**
@@ -3894,7 +4036,7 @@
  *                   \c mbedtls_ssl_check_pending to check for remaining records.
  *
  */
-int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len );
+int mbedtls_ssl_read(mbedtls_ssl_context *ssl, unsigned char *buf, size_t len);
 
 /**
  * \brief          Try to write exactly 'len' application data bytes
@@ -3956,7 +4098,9 @@
  * \note           Attempting to write 0 bytes will result in an empty TLS
  *                 application record being sent.
  */
-int mbedtls_ssl_write( mbedtls_ssl_context *ssl, const unsigned char *buf, size_t len );
+int mbedtls_ssl_write(mbedtls_ssl_context *ssl,
+                      const unsigned char *buf,
+                      size_t len);
 
 /**
  * \brief           Send an alert message
@@ -3974,9 +4118,9 @@
  *                 call \c mbedtls_ssl_session_reset() on it before re-using it
  *                 for a new connection; the current connection must be closed.
  */
-int mbedtls_ssl_send_alert_message( mbedtls_ssl_context *ssl,
-                            unsigned char level,
-                            unsigned char message );
+int mbedtls_ssl_send_alert_message(mbedtls_ssl_context *ssl,
+                                   unsigned char level,
+                                   unsigned char message);
 /**
  * \brief          Notify the peer that the connection is being closed
  *
@@ -3990,14 +4134,14 @@
  *                 call \c mbedtls_ssl_session_reset() on it before re-using it
  *                 for a new connection; the current connection must be closed.
  */
-int mbedtls_ssl_close_notify( mbedtls_ssl_context *ssl );
+int mbedtls_ssl_close_notify(mbedtls_ssl_context *ssl);
 
 /**
  * \brief          Free referenced items in an SSL context and clear memory
  *
  * \param ssl      SSL context
  */
-void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
+void mbedtls_ssl_free(mbedtls_ssl_context *ssl);
 
 #if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
 /**
@@ -4048,10 +4192,10 @@
  *                 or the connection does not use DTLS 1.2 with an AEAD
  *                 ciphersuite, or renegotiation is enabled.
  */
-int mbedtls_ssl_context_save( mbedtls_ssl_context *ssl,
-                              unsigned char *buf,
-                              size_t buf_len,
-                              size_t *olen );
+int mbedtls_ssl_context_save(mbedtls_ssl_context *ssl,
+                             unsigned char *buf,
+                             size_t buf_len,
+                             size_t *olen);
 
 /**
  * \brief          Load serialized connection data to an SSL context.
@@ -4118,9 +4262,9 @@
  *                 comes from a different Mbed TLS version or build.
  * \return         #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if input data is invalid.
  */
-int mbedtls_ssl_context_load( mbedtls_ssl_context *ssl,
-                              const unsigned char *buf,
-                              size_t len );
+int mbedtls_ssl_context_load(mbedtls_ssl_context *ssl,
+                             const unsigned char *buf,
+                             size_t len);
 #endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
 
 /**
@@ -4133,7 +4277,7 @@
  *
  * \param conf     SSL configuration context
  */
-void mbedtls_ssl_config_init( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_init(mbedtls_ssl_config *conf);
 
 /**
  * \brief          Load reasonnable default SSL configuration values.
@@ -4150,22 +4294,24 @@
  * \return         0 if successful, or
  *                 MBEDTLS_ERR_XXX_ALLOC_FAILED on memory allocation error.
  */
-int mbedtls_ssl_config_defaults( mbedtls_ssl_config *conf,
-                                 int endpoint, int transport, int preset );
+int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
+                                int endpoint,
+                                int transport,
+                                int preset);
 
 /**
  * \brief          Free an SSL configuration context
  *
  * \param conf     SSL configuration context
  */
-void mbedtls_ssl_config_free( mbedtls_ssl_config *conf );
+void mbedtls_ssl_config_free(mbedtls_ssl_config *conf);
 
 /**
  * \brief          Initialize SSL session structure
  *
  * \param session  SSL session
  */
-void mbedtls_ssl_session_init( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_init(mbedtls_ssl_session *session);
 
 /**
  * \brief          Free referenced items in an SSL session including the
@@ -4176,7 +4322,7 @@
  *
  * \param session  SSL session
  */
-void mbedtls_ssl_session_free( mbedtls_ssl_session *session );
+void mbedtls_ssl_session_free(mbedtls_ssl_session *session);
 
 /**
  * \brief          TLS-PRF function for key derivation.
@@ -4193,11 +4339,14 @@
  *
  * \return         0 on success. An SSL specific error on failure.
  */
-int  mbedtls_ssl_tls_prf( const mbedtls_tls_prf_types prf,
-                          const unsigned char *secret, size_t slen,
-                          const char *label,
-                          const unsigned char *random, size_t rlen,
-                          unsigned char *dstbuf, size_t dlen );
+int mbedtls_ssl_tls_prf(const mbedtls_tls_prf_types prf,
+                        const unsigned char *secret,
+                        size_t slen,
+                        const char *label,
+                        const unsigned char *random,
+                        size_t rlen,
+                        unsigned char *dstbuf,
+                        size_t dlen);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ssl_cache.h b/include/mbedtls/ssl_cache.h
index 6a81ac9..9635809 100644
--- a/include/mbedtls/ssl_cache.h
+++ b/include/mbedtls/ssl_cache.h
@@ -28,23 +28,25 @@
 #include "mbedtls/ssl.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 
 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT)
-#define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT       86400   /*!< 1 day  */
+#    define MBEDTLS_SSL_CACHE_DEFAULT_TIMEOUT 86400 /*!< 1 day  */
 #endif
 
 #if !defined(MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES)
-#define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES      50   /*!< Maximum entries in cache */
+#    define MBEDTLS_SSL_CACHE_DEFAULT_MAX_ENTRIES \
+        50 /*!< Maximum entries in cache */
 #endif
 
 /* \} name SECTION: Module settings */
@@ -59,31 +61,29 @@
 /**
  * \brief   This structure is used for storing cache entries
  */
-struct mbedtls_ssl_cache_entry
-{
+struct mbedtls_ssl_cache_entry {
 #if defined(MBEDTLS_HAVE_TIME)
-    mbedtls_time_t MBEDTLS_PRIVATE(timestamp);           /*!< entry timestamp    */
+    mbedtls_time_t MBEDTLS_PRIVATE(timestamp); /*!< entry timestamp    */
 #endif
 
-    unsigned char MBEDTLS_PRIVATE(session_id)[32];       /*!< session ID         */
+    unsigned char MBEDTLS_PRIVATE(session_id)[32]; /*!< session ID         */
     size_t MBEDTLS_PRIVATE(session_id_len);
 
-    unsigned char *MBEDTLS_PRIVATE(session);             /*!< serialized session */
+    unsigned char *MBEDTLS_PRIVATE(session); /*!< serialized session */
     size_t MBEDTLS_PRIVATE(session_len);
 
-    mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next);      /*!< chain pointer      */
+    mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(next); /*!< chain pointer      */
 };
 
 /**
  * \brief Cache context
  */
-struct mbedtls_ssl_cache_context
-{
-    mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain);     /*!< start of the chain     */
-    int MBEDTLS_PRIVATE(timeout);                /*!< cache entry timeout    */
-    int MBEDTLS_PRIVATE(max_entries);            /*!< maximum entries        */
+struct mbedtls_ssl_cache_context {
+    mbedtls_ssl_cache_entry *MBEDTLS_PRIVATE(chain); /*!< start of the chain */
+    int MBEDTLS_PRIVATE(timeout); /*!< cache entry timeout    */
+    int MBEDTLS_PRIVATE(max_entries); /*!< maximum entries        */
 #if defined(MBEDTLS_THREADING_C)
-    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);    /*!< mutex                  */
+    mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex); /*!< mutex */
 #endif
 };
 
@@ -92,7 +92,7 @@
  *
  * \param cache    SSL cache context
  */
-void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_init(mbedtls_ssl_cache_context *cache);
 
 /**
  * \brief          Cache get callback implementation
@@ -105,10 +105,10 @@
  * \param session         The address at which to store the session
  *                        associated with \p session_id, if present.
  */
-int mbedtls_ssl_cache_get( void *data,
-                           unsigned char const *session_id,
-                           size_t session_id_len,
-                           mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_get(void *data,
+                          unsigned char const *session_id,
+                          size_t session_id_len,
+                          mbedtls_ssl_session *session);
 
 /**
  * \brief          Cache set callback implementation
@@ -120,10 +120,10 @@
  * \param session_id_len  The length of \p session_id in bytes.
  * \param session         The session to store.
  */
-int mbedtls_ssl_cache_set( void *data,
-                           unsigned char const *session_id,
-                           size_t session_id_len,
-                           const mbedtls_ssl_session *session );
+int mbedtls_ssl_cache_set(void *data,
+                          unsigned char const *session_id,
+                          size_t session_id_len,
+                          const mbedtls_ssl_session *session);
 
 #if defined(MBEDTLS_HAVE_TIME)
 /**
@@ -135,7 +135,8 @@
  * \param cache    SSL cache context
  * \param timeout  cache entry timeout in seconds
  */
-void mbedtls_ssl_cache_set_timeout( mbedtls_ssl_cache_context *cache, int timeout );
+void mbedtls_ssl_cache_set_timeout(mbedtls_ssl_cache_context *cache,
+                                   int timeout);
 #endif /* MBEDTLS_HAVE_TIME */
 
 /**
@@ -145,14 +146,15 @@
  * \param cache    SSL cache context
  * \param max      cache entry maximum
  */
-void mbedtls_ssl_cache_set_max_entries( mbedtls_ssl_cache_context *cache, int max );
+void mbedtls_ssl_cache_set_max_entries(mbedtls_ssl_cache_context *cache,
+                                       int max);
 
 /**
  * \brief          Free referenced items in a cache context and clear memory
  *
  * \param cache    SSL cache context
  */
-void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache );
+void mbedtls_ssl_cache_free(mbedtls_ssl_cache_context *cache);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 20e3307..5122e8c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -37,240 +37,240 @@
  * Supported ciphersuites (Official IANA names)
  */
 /** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_MD5                    0x01
+#define MBEDTLS_TLS_RSA_WITH_NULL_MD5 0x01
 /** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA                    0x02
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA 0x02
 
 /** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA                    0x2C
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA 0x2C
 /** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA                0x2D
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA 0x2D
 /** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA                0x2E
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA             0x2F
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA    0x2E
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA 0x2F
 
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA         0x33
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA             0x35
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA         0x39
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0x33
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA     0x35
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0x39
 
 /** Weak! */
-#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256                 0x3B
+#define MBEDTLS_TLS_RSA_WITH_NULL_SHA256 0x3B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256          0x3C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CBC_SHA256 0x3C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256          0x3D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256 0x3D
 
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA        0x41
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA    0x45
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA     0x41
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0x45
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256      0x67
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 0x67
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256      0x6B
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 0x6B
 
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA        0x84
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA    0x88
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA     0x84
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0x88
 
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA             0x8C
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA             0x8D
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA 0x8C
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA 0x8D
 
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA         0x90
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA         0x91
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA 0x90
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA 0x91
 
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA         0x94
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA         0x95
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA 0x94
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA 0x95
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256          0x9C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_GCM_SHA256 0x9C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384          0x9D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_GCM_SHA384 0x9D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256      0x9E
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x9E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384      0x9F
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 0x9F
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256          0xA8
+#define MBEDTLS_TLS_PSK_WITH_AES_128_GCM_SHA256 0xA8
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384          0xA9
+#define MBEDTLS_TLS_PSK_WITH_AES_256_GCM_SHA384 0xA9
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256      0xAA
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 0xAA
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384      0xAB
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 0xAB
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256      0xAC
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 0xAC
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384      0xAD
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 0xAD
 
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256          0xAE
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384          0xAF
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CBC_SHA256 0xAE
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CBC_SHA384 0xAF
 /** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256                 0xB0
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA256 0xB0
 /** Weak! */
-#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384                 0xB1
+#define MBEDTLS_TLS_PSK_WITH_NULL_SHA384 0xB1
 
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256      0xB2
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384      0xB3
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 0xB2
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 0xB3
 /** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256             0xB4
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA256 0xB4
 /** Weak! */
-#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384             0xB5
+#define MBEDTLS_TLS_DHE_PSK_WITH_NULL_SHA384 0xB5
 
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256      0xB6
-#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384      0xB7
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 0xB6
+#define MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 0xB7
 /** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256             0xB8
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA256 0xB8
 /** Weak! */
-#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384             0xB9
+#define MBEDTLS_TLS_RSA_PSK_WITH_NULL_SHA384 0xB9
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256     0xBA
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBA
 /** TLS 1.2 */
 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 0xBE
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256     0xC0
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC0
 /** TLS 1.2 */
 #define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 0xC4
 
 /** Weak! */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA             0xC001
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA      0xC004
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA      0xC005
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_NULL_SHA        0xC001
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 0xC004
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 0xC005
 
 /** Weak! */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA            0xC006
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA     0xC009
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA     0xC00A
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_NULL_SHA        0xC006
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 0xC009
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 0xC00A
 
 /** Weak! */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA               0xC00B
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA        0xC00E
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA        0xC00F
+#define MBEDTLS_TLS_ECDH_RSA_WITH_NULL_SHA        0xC00B
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 0xC00E
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 0xC00F
 
 /** Weak! */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA              0xC010
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA       0xC013
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA       0xC014
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_NULL_SHA        0xC010
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 0xC013
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 0xC014
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256  0xC023
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384  0xC024
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256   0xC025
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 0xC025
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384   0xC026
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 0xC026
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256    0xC027
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384    0xC028
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 0xC028
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256     0xC029
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 0xC029
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384     0xC02A
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 0xC02A
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256  0xC02B
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384  0xC02C
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256   0xC02D
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384   0xC02E
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 0xC02E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256    0xC02F
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384    0xC030
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256     0xC031
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 0xC031
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384     0xC032
+#define MBEDTLS_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 0xC032
 
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA       0xC035
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA       0xC036
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256    0xC037
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384    0xC038
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA              0xC039
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256           0xC03A
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384           0xC03B
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA    0xC035
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA    0xC036
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 0xC037
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384 0xC038
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA           0xC039
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA256        0xC03A
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_NULL_SHA384        0xC03B
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256         0xC03C
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_CBC_SHA256 0xC03C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384         0xC03D
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_CBC_SHA384 0xC03D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256     0xC044
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC044
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384     0xC045
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC045
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC048
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC049
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256  0xC04A
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_CBC_SHA256 0xC04A
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384  0xC04B
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_CBC_SHA384 0xC04B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256   0xC04C
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256 0xC04C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384   0xC04D
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384 0xC04D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256    0xC04E
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_CBC_SHA256 0xC04E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384    0xC04F
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_CBC_SHA384 0xC04F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256         0xC050
+#define MBEDTLS_TLS_RSA_WITH_ARIA_128_GCM_SHA256 0xC050
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384         0xC051
+#define MBEDTLS_TLS_RSA_WITH_ARIA_256_GCM_SHA384 0xC051
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256     0xC052
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC052
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384     0xC053
+#define MBEDTLS_TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC053
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05C
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256  0xC05E
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_128_GCM_SHA256 0xC05E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384  0xC05F
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_ARIA_256_GCM_SHA384 0xC05F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256   0xC060
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256 0xC060
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384   0xC061
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384 0xC061
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256    0xC062
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_128_GCM_SHA256 0xC062
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384    0xC063
+#define MBEDTLS_TLS_ECDH_RSA_WITH_ARIA_256_GCM_SHA384 0xC063
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256         0xC064
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_CBC_SHA256 0xC064
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384         0xC065
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_CBC_SHA384 0xC065
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256     0xC066
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC066
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384     0xC067
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC067
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256     0xC068
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256 0xC068
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384     0xC069
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384 0xC069
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256         0xC06A
+#define MBEDTLS_TLS_PSK_WITH_ARIA_128_GCM_SHA256 0xC06A
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384         0xC06B
+#define MBEDTLS_TLS_PSK_WITH_ARIA_256_GCM_SHA384 0xC06B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256     0xC06C
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256 0xC06C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384     0xC06D
+#define MBEDTLS_TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384 0xC06D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256     0xC06E
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256 0xC06E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384     0xC06F
+#define MBEDTLS_TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384 0xC06F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256   0xC070
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256 0xC070
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384   0xC071
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384 0xC071
 
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 0xC072
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 0xC073
@@ -282,42 +282,42 @@
 #define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384    0xC079
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256         0xC07A
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07A
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384         0xC07B
+#define MBEDTLS_TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256     0xC07C
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC07C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384     0xC07D
+#define MBEDTLS_TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC07D
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC086
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC087
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256  0xC088
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_128_GCM_SHA256 0xC088
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384  0xC089
+#define MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_GCM_SHA384 0xC089
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256   0xC08A
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08A
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384   0xC08B
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08B
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256    0xC08C
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_128_GCM_SHA256 0xC08C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384    0xC08D
+#define MBEDTLS_TLS_ECDH_RSA_WITH_CAMELLIA_256_GCM_SHA384 0xC08D
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256       0xC08E
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC08E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384       0xC08F
+#define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC08F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC090
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC090
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC091
+#define MBEDTLS_TLS_DHE_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC091
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256   0xC092
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_128_GCM_SHA256 0xC092
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384   0xC093
+#define MBEDTLS_TLS_RSA_PSK_WITH_CAMELLIA_256_GCM_SHA384 0xC093
 
 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_128_CBC_SHA256       0xC094
 #define MBEDTLS_TLS_PSK_WITH_CAMELLIA_256_CBC_SHA384       0xC095
@@ -329,71 +329,72 @@
 #define MBEDTLS_TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384 0xC09B
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM                0xC09C
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM 0xC09C
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM                0xC09D
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM 0xC09D
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM            0xC09E
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM 0xC09E
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM            0xC09F
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM 0xC09F
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8              0xC0A0
+#define MBEDTLS_TLS_RSA_WITH_AES_128_CCM_8 0xC0A0
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8              0xC0A1
+#define MBEDTLS_TLS_RSA_WITH_AES_256_CCM_8 0xC0A1
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8          0xC0A2
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_128_CCM_8 0xC0A2
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8          0xC0A3
+#define MBEDTLS_TLS_DHE_RSA_WITH_AES_256_CCM_8 0xC0A3
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM                0xC0A4
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM 0xC0A4
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM                0xC0A5
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM 0xC0A5
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM            0xC0A6
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM 0xC0A6
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM            0xC0A7
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM 0xC0A7
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8              0xC0A8
+#define MBEDTLS_TLS_PSK_WITH_AES_128_CCM_8 0xC0A8
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8              0xC0A9
+#define MBEDTLS_TLS_PSK_WITH_AES_256_CCM_8 0xC0A9
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8          0xC0AA
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_128_CCM_8 0xC0AA
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8          0xC0AB
+#define MBEDTLS_TLS_DHE_PSK_WITH_AES_256_CCM_8 0xC0AB
 /* The last two are named with PSK_DHE in the RFC, which looks like a typo */
 
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM        0xC0AC
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 0xC0AC
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM        0xC0AD
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM 0xC0AD
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8      0xC0AE
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8      0xC0AF
+#define MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF
 
 /** experimental */
-#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8          0xC0FF
+#define MBEDTLS_TLS_ECJPAKE_WITH_AES_128_CCM_8 0xC0FF
 
 /* RFC 7905 */
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256   0xCCA8
+#define MBEDTLS_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA8
 /** TLS 1.2 */
 #define MBEDTLS_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 0xCCA9
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256     0xCCAA
+#define MBEDTLS_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 0xCCAA
 /** TLS 1.2 */
-#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256         0xCCAB
+#define MBEDTLS_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAB
 /** TLS 1.2 */
-#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256   0xCCAC
+#define MBEDTLS_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAC
 /** TLS 1.2 */
-#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAD
+#define MBEDTLS_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAD
 /** TLS 1.2 */
-#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256     0xCCAE
+#define MBEDTLS_TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256 0xCCAE
 
 /* Reminder: update mbedtls_ssl_premaster_secret when adding a new key exchange.
  * Reminder: update MBEDTLS_KEY_EXCHANGE__xxx below
  */
-typedef enum {
+typedef enum
+{
     MBEDTLS_KEY_EXCHANGE_NONE = 0,
     MBEDTLS_KEY_EXCHANGE_RSA,
     MBEDTLS_KEY_EXCHANGE_DHE_RSA,
@@ -409,94 +410,93 @@
 } mbedtls_key_exchange_type_t;
 
 /* Key exchanges using a certificate */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||         \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||    \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED
 #endif
 
 /* Key exchanges allowing client certificate requests */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     ||       \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)    ||       \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||        \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||    \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||  \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_CERT_REQ_ALLOWED_ENABLED
 #endif
 
 /* Key exchanges involving server signature in ServerKeyExchange */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED
 #endif
 
 /* Key exchanges using ECDH */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED)      || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED
 #endif
 
 /* Key exchanges that don't involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED
 #endif
 
 /* Key exchanges that involve ephemeral keys */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED
 #endif
 
 /* Key exchanges using a PSK */
-#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED)           || \
-    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)       || \
-    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)       || \
+#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) ||     \
+    defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+    defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
 #endif
 
 /* Key exchanges using DHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED)       || \
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED
 #endif
 
 /* Key exchanges using ECDHE */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED)     || \
-    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)   || \
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) ||   \
+    defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
     defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
-#define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
+#    define MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
 #endif
 
 typedef struct mbedtls_ssl_ciphersuite_t mbedtls_ssl_ciphersuite_t;
 
 /** Weak ciphersuite flag  */
-#define MBEDTLS_CIPHERSUITE_WEAK       0x01
+#define MBEDTLS_CIPHERSUITE_WEAK 0x01
 /** Short authentication tag, eg for CCM_8 */
-#define MBEDTLS_CIPHERSUITE_SHORT_TAG  0x02
+#define MBEDTLS_CIPHERSUITE_SHORT_TAG 0x02
 /** Can't be used with DTLS */
-#define MBEDTLS_CIPHERSUITE_NODTLS     0x04
+#define MBEDTLS_CIPHERSUITE_NODTLS 0x04
 
 /**
  * \brief   This structure is used for storing ciphersuite information
  */
-struct mbedtls_ssl_ciphersuite_t
-{
+struct mbedtls_ssl_ciphersuite_t {
     int MBEDTLS_PRIVATE(id);
-    const char * MBEDTLS_PRIVATE(name);
+    const char *MBEDTLS_PRIVATE(name);
 
     mbedtls_cipher_type_t MBEDTLS_PRIVATE(cipher);
     mbedtls_md_type_t MBEDTLS_PRIVATE(mac);
@@ -510,92 +510,96 @@
     unsigned char MBEDTLS_PRIVATE(flags);
 };
 
-const int *mbedtls_ssl_list_ciphersuites( void );
+const int *mbedtls_ssl_list_ciphersuites(void);
 
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_string( const char *ciphersuite_name );
-const mbedtls_ssl_ciphersuite_t *mbedtls_ssl_ciphersuite_from_id( int ciphersuite_id );
+const mbedtls_ssl_ciphersuite_t *
+mbedtls_ssl_ciphersuite_from_string(const char *ciphersuite_name);
+const mbedtls_ssl_ciphersuite_t *
+mbedtls_ssl_ciphersuite_from_id(int ciphersuite_id);
 
 #if defined(MBEDTLS_PK_C)
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
-mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
+mbedtls_pk_type_t
+mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info);
+mbedtls_pk_type_t
+mbedtls_ssl_get_ciphersuite_sig_alg(const mbedtls_ssl_ciphersuite_t *info);
 #endif
 
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+int mbedtls_ssl_ciphersuite_uses_ec(const mbedtls_ssl_ciphersuite_t *info);
+int mbedtls_ssl_ciphersuite_uses_psk(const mbedtls_ssl_ciphersuite_t *info);
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_has_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_PFS_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_no_pfs(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_PSK:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_NON_PFS_ENABLED */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_ecdh(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDH_ENABLED */
 
-static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_cert_req_allowed(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 
-static inline int mbedtls_ssl_ciphersuite_uses_srv_cert( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_srv_cert(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_RSA:
         case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@@ -603,56 +607,56 @@
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_dhe(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED) */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
+static inline int
+mbedtls_ssl_ciphersuite_uses_ecdhe(const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED) */
 
 #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
-static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature(
+    const mbedtls_ssl_ciphersuite_t *info)
 {
-    switch( info->MBEDTLS_PRIVATE(key_exchange) )
-    {
+    switch (info->MBEDTLS_PRIVATE(key_exchange)) {
         case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
         case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
-            return 1 ;
+            return 1;
 
         default:
-            return 0 ;
+            return 0;
     }
 }
 #endif /* MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED */
diff --git a/include/mbedtls/ssl_cookie.h b/include/mbedtls/ssl_cookie.h
index a5ece81..ca338f4 100644
--- a/include/mbedtls/ssl_cookie.h
+++ b/include/mbedtls/ssl_cookie.h
@@ -28,19 +28,21 @@
 #include "mbedtls/ssl.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 /**
  * \name SECTION: Module settings
  *
  * The configuration options you can set for this module are in this section.
- * Either change them in mbedtls_config.h or define them on the compiler command line.
+ * Either change them in mbedtls_config.h or define them on the compiler command
+ * line.
  * \{
  */
 #ifndef MBEDTLS_SSL_COOKIE_TIMEOUT
-/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in number of cookies issued */
-#define MBEDTLS_SSL_COOKIE_TIMEOUT     60
+/** Default expiration delay of DTLS cookies, in seconds if HAVE_TIME, or in
+ * number of cookies issued */
+#    define MBEDTLS_SSL_COOKIE_TIMEOUT 60
 #endif
 
 /* \} name SECTION: Module settings */
@@ -52,14 +54,14 @@
 /**
  * \brief          Context for the default cookie functions.
  */
-typedef struct mbedtls_ssl_cookie_ctx
-{
-    mbedtls_md_context_t    MBEDTLS_PRIVATE(hmac_ctx);   /*!< context for the HMAC portion   */
+typedef struct mbedtls_ssl_cookie_ctx {
+    mbedtls_md_context_t MBEDTLS_PRIVATE(hmac_ctx); /*!< context for the HMAC
+                                                       portion   */
 #if !defined(MBEDTLS_HAVE_TIME)
-    unsigned long   MBEDTLS_PRIVATE(serial);     /*!< serial number for expiration   */
+    unsigned long MBEDTLS_PRIVATE(serial); /*!< serial number for expiration */
 #endif
-    unsigned long   MBEDTLS_PRIVATE(timeout);    /*!< timeout delay, in seconds if HAVE_TIME,
-                                     or in number of tickets issued */
+    unsigned long MBEDTLS_PRIVATE(timeout); /*!< timeout delay, in seconds if
+                                HAVE_TIME, or in number of tickets issued */
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
@@ -69,14 +71,14 @@
 /**
  * \brief          Initialize cookie context
  */
-void mbedtls_ssl_cookie_init( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_init(mbedtls_ssl_cookie_ctx *ctx);
 
 /**
  * \brief          Setup cookie context (generate keys)
  */
-int mbedtls_ssl_cookie_setup( mbedtls_ssl_cookie_ctx *ctx,
-                      int (*f_rng)(void *, unsigned char *, size_t),
-                      void *p_rng );
+int mbedtls_ssl_cookie_setup(mbedtls_ssl_cookie_ctx *ctx,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng);
 
 /**
  * \brief          Set expiration delay for cookies
@@ -87,12 +89,13 @@
  *                 issued in the meantime.
  *                 0 to disable expiration (NOT recommended)
  */
-void mbedtls_ssl_cookie_set_timeout( mbedtls_ssl_cookie_ctx *ctx, unsigned long delay );
+void mbedtls_ssl_cookie_set_timeout(mbedtls_ssl_cookie_ctx *ctx,
+                                    unsigned long delay);
 
 /**
  * \brief          Free cookie context
  */
-void mbedtls_ssl_cookie_free( mbedtls_ssl_cookie_ctx *ctx );
+void mbedtls_ssl_cookie_free(mbedtls_ssl_cookie_ctx *ctx);
 
 /**
  * \brief          Generate cookie, see \c mbedtls_ssl_cookie_write_t
diff --git a/include/mbedtls/ssl_ticket.h b/include/mbedtls/ssl_ticket.h
index 0f4117d..0f36b77 100644
--- a/include/mbedtls/ssl_ticket.h
+++ b/include/mbedtls/ssl_ticket.h
@@ -35,7 +35,7 @@
 #include "mbedtls/cipher.h"
 
 #if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
+#    include "mbedtls/threading.h"
 #endif
 
 #ifdef __cplusplus
@@ -45,33 +45,34 @@
 /**
  * \brief   Information for session ticket protection
  */
-typedef struct mbedtls_ssl_ticket_key
-{
-    unsigned char MBEDTLS_PRIVATE(name)[4];          /*!< random key identifier              */
-    uint32_t MBEDTLS_PRIVATE(generation_time);       /*!< key generation timestamp (seconds) */
-    mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx);   /*!< context for auth enc/decryption    */
-}
-mbedtls_ssl_ticket_key;
+typedef struct mbedtls_ssl_ticket_key {
+    unsigned char MBEDTLS_PRIVATE(name)[4]; /*!< random key identifier */
+    uint32_t MBEDTLS_PRIVATE(generation_time); /*!< key generation timestamp
+                                                  (seconds) */
+    mbedtls_cipher_context_t MBEDTLS_PRIVATE(ctx); /*!< context for auth
+                                                      enc/decryption    */
+} mbedtls_ssl_ticket_key;
 
 /**
  * \brief   Context for session ticket handling functions
  */
-typedef struct mbedtls_ssl_ticket_context
-{
-    mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys             */
-    unsigned char MBEDTLS_PRIVATE(active);           /*!< index of the currently active key  */
+typedef struct mbedtls_ssl_ticket_context {
+    mbedtls_ssl_ticket_key MBEDTLS_PRIVATE(keys)[2]; /*!< ticket protection keys
+                                                      */
+    unsigned char MBEDTLS_PRIVATE(active); /*!< index of the currently active
+                                              key  */
 
-    uint32_t MBEDTLS_PRIVATE(ticket_lifetime);       /*!< lifetime of tickets in seconds     */
+    uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< lifetime of tickets in
+                                                  seconds     */
 
     /** Callback for getting (pseudo-)random numbers                        */
-    int  (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
-    void *MBEDTLS_PRIVATE(p_rng);                    /*!< context for the RNG function       */
+    int (*MBEDTLS_PRIVATE(f_rng))(void *, unsigned char *, size_t);
+    void *MBEDTLS_PRIVATE(p_rng); /*!< context for the RNG function       */
 
 #if defined(MBEDTLS_THREADING_C)
     mbedtls_threading_mutex_t MBEDTLS_PRIVATE(mutex);
 #endif
-}
-mbedtls_ssl_ticket_context;
+} mbedtls_ssl_ticket_context;
 
 /**
  * \brief           Initialize a ticket context.
@@ -80,7 +81,7 @@
  *
  * \param ctx       Context to be initialized
  */
-void mbedtls_ssl_ticket_init( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_init(mbedtls_ssl_ticket_context *ctx);
 
 /**
  * \brief           Prepare context to be actually used
@@ -104,10 +105,11 @@
  * \return          0 if successful,
  *                  or a specific MBEDTLS_ERR_XXX error code
  */
-int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
-    int (*f_rng)(void *, unsigned char *, size_t), void *p_rng,
-    mbedtls_cipher_type_t cipher,
-    uint32_t lifetime );
+int mbedtls_ssl_ticket_setup(mbedtls_ssl_ticket_context *ctx,
+                             int (*f_rng)(void *, unsigned char *, size_t),
+                             void *p_rng,
+                             mbedtls_cipher_type_t cipher,
+                             uint32_t lifetime);
 
 /**
  * \brief           Implementation of the ticket write callback
@@ -128,7 +130,7 @@
  *
  * \param ctx       Context to be cleaned up
  */
-void mbedtls_ssl_ticket_free( mbedtls_ssl_ticket_context *ctx );
+void mbedtls_ssl_ticket_free(mbedtls_ssl_ticket_context *ctx);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index fbc7374..a56b3ff 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -32,14 +32,13 @@
 #endif
 
 /** Bad input parameters to function. */
-#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA              -0x001C
+#define MBEDTLS_ERR_THREADING_BAD_INPUT_DATA -0x001C
 /** Locking / unlocking / free failed with error code. */
-#define MBEDTLS_ERR_THREADING_MUTEX_ERROR                 -0x001E
+#define MBEDTLS_ERR_THREADING_MUTEX_ERROR -0x001E
 
 #if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-typedef struct mbedtls_threading_mutex_t
-{
+#    include <pthread.h>
+typedef struct mbedtls_threading_mutex_t {
     pthread_mutex_t MBEDTLS_PRIVATE(mutex);
     /* is_valid is 0 after a failed init or a free, and nonzero after a
      * successful init. This field is not considered part of the public
@@ -50,7 +49,7 @@
 
 #if defined(MBEDTLS_THREADING_ALT)
 /* You should define the mbedtls_threading_mutex_t type in your header */
-#include "threading_alt.h"
+#    include "threading_alt.h"
 
 /**
  * \brief           Set your alternate threading implementation function
@@ -70,15 +69,15 @@
  * \param mutex_lock    the lock function implementation
  * \param mutex_unlock  the unlock function implementation
  */
-void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * ),
-                       void (*mutex_free)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_lock)( mbedtls_threading_mutex_t * ),
-                       int (*mutex_unlock)( mbedtls_threading_mutex_t * ) );
+void mbedtls_threading_set_alt(void (*mutex_init)(mbedtls_threading_mutex_t *),
+                               void (*mutex_free)(mbedtls_threading_mutex_t *),
+                               int (*mutex_lock)(mbedtls_threading_mutex_t *),
+                               int (*mutex_unlock)(mbedtls_threading_mutex_t *));
 
 /**
  * \brief               Free global mutexes.
  */
-void mbedtls_threading_free_alt( void );
+void mbedtls_threading_free_alt(void);
 #endif /* MBEDTLS_THREADING_ALT */
 
 #if defined(MBEDTLS_THREADING_C)
@@ -87,19 +86,20 @@
  *
  * All these functions are expected to work or the result will be undefined.
  */
-extern void (*mbedtls_mutex_init)( mbedtls_threading_mutex_t *mutex );
-extern void (*mbedtls_mutex_free)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_lock)( mbedtls_threading_mutex_t *mutex );
-extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex );
+extern void (*mbedtls_mutex_init)(mbedtls_threading_mutex_t *mutex);
+extern void (*mbedtls_mutex_free)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_lock)(mbedtls_threading_mutex_t *mutex);
+extern int (*mbedtls_mutex_unlock)(mbedtls_threading_mutex_t *mutex);
 
 /*
  * Global mutexes
  */
-#if defined(MBEDTLS_FS_IO)
+#    if defined(MBEDTLS_FS_IO)
 extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
-#endif
+#    endif
 
-#if defined(MBEDTLS_HAVE_TIME_DATE) && !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+#    if defined(MBEDTLS_HAVE_TIME_DATE) && \
+        !defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
 /* This mutex may or may not be used in the default definition of
  * mbedtls_platform_gmtime_r(), but in order to determine that,
  * we need to check POSIX features, hence modify _POSIX_C_SOURCE.
@@ -107,7 +107,7 @@
  * an accompanying definition, in case mbedtls_platform_gmtime_r()
  * doesn't need it, but that's not a problem. */
 extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
-#endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
+#    endif /* MBEDTLS_HAVE_TIME_DATE && !MBEDTLS_PLATFORM_GMTIME_R_ALT */
 
 #endif /* MBEDTLS_THREADING_C */
 
diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h
index 25db1c6..5549209 100644
--- a/include/mbedtls/timing.h
+++ b/include/mbedtls/timing.h
@@ -38,27 +38,26 @@
 /**
  * \brief          timer structure
  */
-struct mbedtls_timing_hr_time
-{
+struct mbedtls_timing_hr_time {
     unsigned char MBEDTLS_PRIVATE(opaque)[32];
 };
 
 /**
  * \brief          Context for mbedtls_timing_set/get_delay()
  */
-typedef struct mbedtls_timing_delay_context
-{
-    struct mbedtls_timing_hr_time   MBEDTLS_PRIVATE(timer);
-    uint32_t                        MBEDTLS_PRIVATE(int_ms);
-    uint32_t                        MBEDTLS_PRIVATE(fin_ms);
+typedef struct mbedtls_timing_delay_context {
+    struct mbedtls_timing_hr_time MBEDTLS_PRIVATE(timer);
+    uint32_t MBEDTLS_PRIVATE(int_ms);
+    uint32_t MBEDTLS_PRIVATE(fin_ms);
 } mbedtls_timing_delay_context;
 
-#else  /* MBEDTLS_TIMING_ALT */
-#include "timing_alt.h"
+#else /* MBEDTLS_TIMING_ALT */
+#    include "timing_alt.h"
 #endif /* MBEDTLS_TIMING_ALT */
 
 /* Internal use */
-unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset );
+unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val,
+                                       int reset);
 
 /**
  * \brief          Set a pair of delays to watch
@@ -74,7 +73,7 @@
  * \note           To set a single delay, either use \c mbedtls_timing_set_timer
  *                 directly or use this function with int_ms == fin_ms.
  */
-void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms );
+void mbedtls_timing_set_delay(void *data, uint32_t int_ms, uint32_t fin_ms);
 
 /**
  * \brief          Get the status of delays
@@ -88,7 +87,7 @@
  *                  1 if only the intermediate delay is passed,
  *                  2 if the final delay is passed.
  */
-int mbedtls_timing_get_delay( void *data );
+int mbedtls_timing_get_delay(void *data);
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 773da4a..ebebc5d 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -31,9 +31,9 @@
 
 #if defined(MBEDTLS_VERSION_C)
 
-#ifdef __cplusplus
+#    ifdef __cplusplus
 extern "C" {
-#endif
+#    endif
 
 /**
  * Get the version number.
@@ -41,7 +41,7 @@
  * \return          The constructed version number in the format
  *                  MMNNPP00 (Major, Minor, Patch).
  */
-unsigned int mbedtls_version_get_number( void );
+unsigned int mbedtls_version_get_number(void);
 
 /**
  * Get the version string ("x.y.z").
@@ -49,7 +49,7 @@
  * \param string    The string that will receive the value.
  *                  (Should be at least 9 bytes in size)
  */
-void mbedtls_version_get_string( char *string );
+void mbedtls_version_get_string(char *string);
 
 /**
  * Get the full version string ("mbed TLS x.y.z").
@@ -60,7 +60,7 @@
  *                  (So the buffer should be at least 18 bytes to receive this
  *                  version string).
  */
-void mbedtls_version_get_string_full( char *string );
+void mbedtls_version_get_string_full(char *string);
 
 /**
  * \brief           Check if support for a feature was compiled into this
@@ -79,11 +79,11 @@
  *                  -2 if support for feature checking as a whole was not
  *                  compiled in.
  */
-int mbedtls_version_check_feature( const char *feature );
+int mbedtls_version_check_feature(const char *feature);
 
-#ifdef __cplusplus
+#    ifdef __cplusplus
 }
-#endif
+#    endif
 
 #endif /* MBEDTLS_VERSION_C */
 
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 1adbd22..f916a83 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -29,7 +29,7 @@
 #include "mbedtls/pk.h"
 
 #if defined(MBEDTLS_RSA_C)
-#include "mbedtls/rsa.h"
+#    include "mbedtls/rsa.h"
 #endif
 
 /**
@@ -46,7 +46,7 @@
  * Set this to a low value to prevent an adversary from making you waste
  * resources verifying an overlong certificate chain.
  */
-#define MBEDTLS_X509_MAX_INTERMEDIATE_CA   8
+#    define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8
 #endif
 
 /**
@@ -54,45 +54,46 @@
  * \{
  */
 /** Unavailable feature, e.g. RSA hashing/encryption combination. */
-#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE              -0x2080
+#define MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE -0x2080
 /** Requested OID is unknown. */
-#define MBEDTLS_ERR_X509_UNKNOWN_OID                      -0x2100
+#define MBEDTLS_ERR_X509_UNKNOWN_OID -0x2100
 /** The CRT/CRL/CSR format is invalid, e.g. different type expected. */
-#define MBEDTLS_ERR_X509_INVALID_FORMAT                   -0x2180
+#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180
 /** The CRT/CRL/CSR version element is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_VERSION                  -0x2200
+#define MBEDTLS_ERR_X509_INVALID_VERSION -0x2200
 /** The serial tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SERIAL                   -0x2280
+#define MBEDTLS_ERR_X509_INVALID_SERIAL -0x2280
 /** The algorithm tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_ALG                      -0x2300
+#define MBEDTLS_ERR_X509_INVALID_ALG -0x2300
 /** The name tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_NAME                     -0x2380
+#define MBEDTLS_ERR_X509_INVALID_NAME -0x2380
 /** The date tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_DATE                     -0x2400
+#define MBEDTLS_ERR_X509_INVALID_DATE -0x2400
 /** The signature tag or value invalid. */
-#define MBEDTLS_ERR_X509_INVALID_SIGNATURE                -0x2480
+#define MBEDTLS_ERR_X509_INVALID_SIGNATURE -0x2480
 /** The extension tag or value is invalid. */
-#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS               -0x2500
+#define MBEDTLS_ERR_X509_INVALID_EXTENSIONS -0x2500
 /** CRT/CRL/CSR has an unsupported version number. */
-#define MBEDTLS_ERR_X509_UNKNOWN_VERSION                  -0x2580
+#define MBEDTLS_ERR_X509_UNKNOWN_VERSION -0x2580
 /** Signature algorithm (oid) is unsupported. */
-#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG                  -0x2600
+#define MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG -0x2600
 /** Signature algorithms do not match. (see \c ::mbedtls_x509_crt sig_oid) */
-#define MBEDTLS_ERR_X509_SIG_MISMATCH                     -0x2680
+#define MBEDTLS_ERR_X509_SIG_MISMATCH -0x2680
 /** Certificate verification failed, e.g. CRL, CA or signature check failed. */
-#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED               -0x2700
+#define MBEDTLS_ERR_X509_CERT_VERIFY_FAILED -0x2700
 /** Format not recognized as DER or PEM. */
-#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT              -0x2780
+#define MBEDTLS_ERR_X509_CERT_UNKNOWN_FORMAT -0x2780
 /** Input invalid. */
-#define MBEDTLS_ERR_X509_BAD_INPUT_DATA                   -0x2800
+#define MBEDTLS_ERR_X509_BAD_INPUT_DATA -0x2800
 /** Allocation of memory failed. */
-#define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880
+#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880
 /** Read/write of file failed. */
-#define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900
+#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900
 /** Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980
-/** A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000
+#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980
+/** A fatal error occurred, eg the chain is too long or the vrfy callback
+ * failed. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000
 /* \} name */
 
 /**
@@ -101,45 +102,46 @@
  */
 /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
 /** The certificate validity has expired. */
-#define MBEDTLS_X509_BADCERT_EXPIRED             0x01
+#define MBEDTLS_X509_BADCERT_EXPIRED 0x01
 /** The certificate has been revoked (is on a CRL). */
-#define MBEDTLS_X509_BADCERT_REVOKED             0x02
+#define MBEDTLS_X509_BADCERT_REVOKED 0x02
 /** The certificate Common Name (CN) does not match with the expected CN. */
-#define MBEDTLS_X509_BADCERT_CN_MISMATCH         0x04
+#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04
 /** The certificate is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCERT_NOT_TRUSTED         0x08
+#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08
 /** The CRL is not correctly signed by the trusted CA. */
-#define MBEDTLS_X509_BADCRL_NOT_TRUSTED          0x10
+#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10
 /** The CRL is expired. */
-#define MBEDTLS_X509_BADCRL_EXPIRED              0x20
+#define MBEDTLS_X509_BADCRL_EXPIRED 0x20
 /** Certificate was missing. */
-#define MBEDTLS_X509_BADCERT_MISSING             0x40
+#define MBEDTLS_X509_BADCERT_MISSING 0x40
 /** Certificate verification was skipped. */
-#define MBEDTLS_X509_BADCERT_SKIP_VERIFY         0x80
+#define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80
 /** Other reason (can be used by verify callback) */
-#define MBEDTLS_X509_BADCERT_OTHER             0x0100
+#define MBEDTLS_X509_BADCERT_OTHER 0x0100
 /** The certificate validity starts in the future. */
-#define MBEDTLS_X509_BADCERT_FUTURE            0x0200
+#define MBEDTLS_X509_BADCERT_FUTURE 0x0200
 /** The CRL is from the future */
-#define MBEDTLS_X509_BADCRL_FUTURE             0x0400
+#define MBEDTLS_X509_BADCRL_FUTURE 0x0400
 /** Usage does not match the keyUsage extension. */
-#define MBEDTLS_X509_BADCERT_KEY_USAGE         0x0800
+#define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800
 /** Usage does not match the extendedKeyUsage extension. */
-#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE     0x1000
+#define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000
 /** Usage does not match the nsCertType extension. */
-#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE      0x2000
+#define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000
 /** The certificate is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCERT_BAD_MD            0x4000
+#define MBEDTLS_X509_BADCERT_BAD_MD 0x4000
 /** The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCERT_BAD_PK            0x8000
-/** The certificate is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCERT_BAD_KEY         0x010000
+#define MBEDTLS_X509_BADCERT_BAD_PK 0x8000
+/** The certificate is signed with an unacceptable key (eg bad curve, RSA too
+ * short). */
+#define MBEDTLS_X509_BADCERT_BAD_KEY 0x010000
 /** The CRL is signed with an unacceptable hash. */
-#define MBEDTLS_X509_BADCRL_BAD_MD           0x020000
+#define MBEDTLS_X509_BADCRL_BAD_MD 0x020000
 /** The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA). */
-#define MBEDTLS_X509_BADCRL_BAD_PK           0x040000
+#define MBEDTLS_X509_BADCRL_BAD_PK 0x040000
 /** The CRL is signed with an unacceptable key (eg bad curve, RSA too short). */
-#define MBEDTLS_X509_BADCRL_BAD_KEY          0x080000
+#define MBEDTLS_X509_BADCRL_BAD_KEY 0x080000
 
 /* \} name */
 /* \} addtogroup x509_module */
@@ -156,43 +158,43 @@
  *      iPAddress                       [7]     OCTET STRING,
  *      registeredID                    [8]     OBJECT IDENTIFIER
  */
-#define MBEDTLS_X509_SAN_OTHER_NAME                      0
-#define MBEDTLS_X509_SAN_RFC822_NAME                     1
-#define MBEDTLS_X509_SAN_DNS_NAME                        2
-#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME               3
-#define MBEDTLS_X509_SAN_DIRECTORY_NAME                  4
-#define MBEDTLS_X509_SAN_EDI_PARTY_NAME                  5
-#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER     6
-#define MBEDTLS_X509_SAN_IP_ADDRESS                      7
-#define MBEDTLS_X509_SAN_REGISTERED_ID                   8
+#define MBEDTLS_X509_SAN_OTHER_NAME                  0
+#define MBEDTLS_X509_SAN_RFC822_NAME                 1
+#define MBEDTLS_X509_SAN_DNS_NAME                    2
+#define MBEDTLS_X509_SAN_X400_ADDRESS_NAME           3
+#define MBEDTLS_X509_SAN_DIRECTORY_NAME              4
+#define MBEDTLS_X509_SAN_EDI_PARTY_NAME              5
+#define MBEDTLS_X509_SAN_UNIFORM_RESOURCE_IDENTIFIER 6
+#define MBEDTLS_X509_SAN_IP_ADDRESS                  7
+#define MBEDTLS_X509_SAN_REGISTERED_ID               8
 
 /*
  * X.509 v3 Key Usage Extension flags
  * Reminder: update x509_info_key_usage() when adding new flags.
  */
-#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE            (0x80)  /* bit 0 */
-#define MBEDTLS_X509_KU_NON_REPUDIATION              (0x40)  /* bit 1 */
-#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT             (0x20)  /* bit 2 */
-#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT            (0x10)  /* bit 3 */
-#define MBEDTLS_X509_KU_KEY_AGREEMENT                (0x08)  /* bit 4 */
-#define MBEDTLS_X509_KU_KEY_CERT_SIGN                (0x04)  /* bit 5 */
-#define MBEDTLS_X509_KU_CRL_SIGN                     (0x02)  /* bit 6 */
-#define MBEDTLS_X509_KU_ENCIPHER_ONLY                (0x01)  /* bit 7 */
-#define MBEDTLS_X509_KU_DECIPHER_ONLY              (0x8000)  /* bit 8 */
+#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
+#define MBEDTLS_X509_KU_NON_REPUDIATION   (0x40) /* bit 1 */
+#define MBEDTLS_X509_KU_KEY_ENCIPHERMENT  (0x20) /* bit 2 */
+#define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
+#define MBEDTLS_X509_KU_KEY_AGREEMENT     (0x08) /* bit 4 */
+#define MBEDTLS_X509_KU_KEY_CERT_SIGN     (0x04) /* bit 5 */
+#define MBEDTLS_X509_KU_CRL_SIGN          (0x02) /* bit 6 */
+#define MBEDTLS_X509_KU_ENCIPHER_ONLY     (0x01) /* bit 7 */
+#define MBEDTLS_X509_KU_DECIPHER_ONLY     (0x8000) /* bit 8 */
 
 /*
  * Netscape certificate types
  * (http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html)
  */
 
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT         (0x80)  /* bit 0 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER         (0x40)  /* bit 1 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL              (0x20)  /* bit 2 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING     (0x10)  /* bit 3 */
-#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED           (0x08)  /* bit 4 */
-#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA             (0x04)  /* bit 5 */
-#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA           (0x02)  /* bit 6 */
-#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA  (0x01)  /* bit 7 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT        (0x80) /* bit 0 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER        (0x40) /* bit 1 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL             (0x20) /* bit 2 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING    (0x10) /* bit 3 */
+#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED          (0x08) /* bit 4 */
+#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA            (0x04) /* bit 5 */
+#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA          (0x02) /* bit 6 */
+#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
 
 /*
  * X.509 extension types
@@ -203,32 +205,42 @@
  * Those are defined in oid.h as oid.c needs them in a data structure. Since
  * these were previously defined here, let's have aliases for compatibility.
  */
-#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER   MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
-#define MBEDTLS_X509_EXT_KEY_USAGE                MBEDTLS_OID_X509_EXT_KEY_USAGE
-#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES     MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
-#define MBEDTLS_X509_EXT_POLICY_MAPPINGS          MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
-#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME         MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME         /* Supported (DNS) */
-#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME          MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
-#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS  MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
-#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS        MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS        /* Supported */
-#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS         MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
-#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS       MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
-#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE       MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
-#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS  MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
-#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY       MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
-#define MBEDTLS_X509_EXT_FRESHEST_CRL             MBEDTLS_OID_X509_EXT_FRESHEST_CRL
-#define MBEDTLS_X509_EXT_NS_CERT_TYPE             MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
+#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER \
+    MBEDTLS_OID_X509_EXT_AUTHORITY_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER \
+    MBEDTLS_OID_X509_EXT_SUBJECT_KEY_IDENTIFIER
+#define MBEDTLS_X509_EXT_KEY_USAGE MBEDTLS_OID_X509_EXT_KEY_USAGE
+#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES \
+    MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES
+#define MBEDTLS_X509_EXT_POLICY_MAPPINGS MBEDTLS_OID_X509_EXT_POLICY_MAPPINGS
+#define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME \
+    MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME /* Supported (DNS) */
+#define MBEDTLS_X509_EXT_ISSUER_ALT_NAME MBEDTLS_OID_X509_EXT_ISSUER_ALT_NAME
+#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS \
+    MBEDTLS_OID_X509_EXT_SUBJECT_DIRECTORY_ATTRS
+#define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS \
+    MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS /* Supported */
+#define MBEDTLS_X509_EXT_NAME_CONSTRAINTS MBEDTLS_OID_X509_EXT_NAME_CONSTRAINTS
+#define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS \
+    MBEDTLS_OID_X509_EXT_POLICY_CONSTRAINTS
+#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE \
+    MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE
+#define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS \
+    MBEDTLS_OID_X509_EXT_CRL_DISTRIBUTION_POINTS
+#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY \
+    MBEDTLS_OID_X509_EXT_INIHIBIT_ANYPOLICY
+#define MBEDTLS_X509_EXT_FRESHEST_CRL MBEDTLS_OID_X509_EXT_FRESHEST_CRL
+#define MBEDTLS_X509_EXT_NS_CERT_TYPE MBEDTLS_OID_X509_EXT_NS_CERT_TYPE
 
 /*
  * Storage format identifiers
  * Recognized formats: PEM and DER
  */
-#define MBEDTLS_X509_FORMAT_DER                 1
-#define MBEDTLS_X509_FORMAT_PEM                 2
+#define MBEDTLS_X509_FORMAT_DER 1
+#define MBEDTLS_X509_FORMAT_PEM 2
 
 /** Maximum value size of a DN entry */
-#define MBEDTLS_X509_MAX_DN_NAME_SIZE         256
+#define MBEDTLS_X509_MAX_DN_NAME_SIZE 256
 
 #ifdef __cplusplus
 extern "C" {
@@ -265,12 +277,16 @@
 typedef mbedtls_asn1_sequence mbedtls_x509_sequence;
 
 /** Container for date and time (precision in seconds). */
-typedef struct mbedtls_x509_time
-{
-    int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon), MBEDTLS_PRIVATE(day);         /**< Date. */
-    int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min), MBEDTLS_PRIVATE(sec);         /**< Time. */
-}
-mbedtls_x509_time;
+typedef struct mbedtls_x509_time {
+    int MBEDTLS_PRIVATE(year), MBEDTLS_PRIVATE(mon),
+        MBEDTLS_PRIVATE(day); /**<
+                                 Date.
+                               */
+    int MBEDTLS_PRIVATE(hour), MBEDTLS_PRIVATE(min),
+        MBEDTLS_PRIVATE(sec); /**<
+                                 Time.
+                               */
+} mbedtls_x509_time;
 
 /** \} name Structures for parsing X.509 certificates, CRLs and CSRs */
 /** \} addtogroup x509_module */
@@ -286,7 +302,7 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_dn_gets( char *buf, size_t size, const mbedtls_x509_name *dn );
+int mbedtls_x509_dn_gets(char *buf, size_t size, const mbedtls_x509_name *dn);
 
 /**
  * \brief          Store the certificate serial in printable form into buf;
@@ -299,7 +315,9 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *serial );
+int mbedtls_x509_serial_gets(char *buf,
+                             size_t size,
+                             const mbedtls_x509_buf *serial);
 
 /**
  * \brief          Check a given mbedtls_x509_time against the system time
@@ -313,7 +331,7 @@
  * \return         1 if the given time is in the past or an error occurred,
  *                 0 otherwise.
  */
-int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
+int mbedtls_x509_time_is_past(const mbedtls_x509_time *to);
 
 /**
  * \brief          Check a given mbedtls_x509_time against the system time
@@ -327,59 +345,84 @@
  * \return         1 if the given time is in the future or an error occurred,
  *                 0 otherwise.
  */
-int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
+int mbedtls_x509_time_is_future(const mbedtls_x509_time *from);
 
 /*
  * Internal module functions. You probably do not want to use these unless you
  * know you do.
  */
-int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_name *cur );
-int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
-                       mbedtls_x509_buf *alg );
-int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *alg, mbedtls_x509_buf *params );
+int mbedtls_x509_get_name(unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_x509_name *cur);
+int mbedtls_x509_get_alg_null(unsigned char **p,
+                              const unsigned char *end,
+                              mbedtls_x509_buf *alg);
+int mbedtls_x509_get_alg(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_x509_buf *alg,
+                         mbedtls_x509_buf *params);
 #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
-int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
-                                mbedtls_md_type_t *md_alg, mbedtls_md_type_t *mgf_md,
-                                int *salt_len );
+int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
+                                       mbedtls_md_type_t *md_alg,
+                                       mbedtls_md_type_t *mgf_md,
+                                       int *salt_len);
 #endif
-int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig );
-int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x509_buf *sig_params,
-                      mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
-                      void **sig_opts );
-int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
-                   mbedtls_x509_time *t );
-int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
-                     mbedtls_x509_buf *serial );
-int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
-                  mbedtls_x509_buf *ext, int tag );
+int mbedtls_x509_get_sig(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_x509_buf *sig);
+int mbedtls_x509_get_sig_alg(const mbedtls_x509_buf *sig_oid,
+                             const mbedtls_x509_buf *sig_params,
+                             mbedtls_md_type_t *md_alg,
+                             mbedtls_pk_type_t *pk_alg,
+                             void **sig_opts);
+int mbedtls_x509_get_time(unsigned char **p,
+                          const unsigned char *end,
+                          mbedtls_x509_time *t);
+int mbedtls_x509_get_serial(unsigned char **p,
+                            const unsigned char *end,
+                            mbedtls_x509_buf *serial);
+int mbedtls_x509_get_ext(unsigned char **p,
+                         const unsigned char *end,
+                         mbedtls_x509_buf *ext,
+                         int tag);
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
-int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
-                       mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
-                       const void *sig_opts );
+int mbedtls_x509_sig_alg_gets(char *buf,
+                              size_t size,
+                              const mbedtls_x509_buf *sig_oid,
+                              mbedtls_pk_type_t pk_alg,
+                              mbedtls_md_type_t md_alg,
+                              const void *sig_opts);
 #endif
-int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
-int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
-int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,
-                        int critical, const unsigned char *val,
-                        size_t val_len );
-int mbedtls_x509_write_extensions( unsigned char **p, unsigned char *start,
-                           mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_names( unsigned char **p, unsigned char *start,
-                      mbedtls_asn1_named_data *first );
-int mbedtls_x509_write_sig( unsigned char **p, unsigned char *start,
-                    const char *oid, size_t oid_len,
-                    unsigned char *sig, size_t size );
+int mbedtls_x509_key_size_helper(char *buf, size_t buf_size, const char *name);
+int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head,
+                                 const char *name);
+int mbedtls_x509_set_extension(mbedtls_asn1_named_data **head,
+                               const char *oid,
+                               size_t oid_len,
+                               int critical,
+                               const unsigned char *val,
+                               size_t val_len);
+int mbedtls_x509_write_extensions(unsigned char **p,
+                                  unsigned char *start,
+                                  mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_names(unsigned char **p,
+                             unsigned char *start,
+                             mbedtls_asn1_named_data *first);
+int mbedtls_x509_write_sig(unsigned char **p,
+                           unsigned char *start,
+                           const char *oid,
+                           size_t oid_len,
+                           unsigned char *sig,
+                           size_t size);
 
-#define MBEDTLS_X509_SAFE_SNPRINTF                          \
-    do {                                                    \
-        if( ret < 0 || (size_t) ret >= n )                  \
-            return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL ;    \
-                                                            \
-        n -= (size_t) ret;                                  \
-        p += (size_t) ret;                                  \
-    } while( 0 )
+#define MBEDTLS_X509_SAFE_SNPRINTF                    \
+    do {                                              \
+        if (ret < 0 || (size_t)ret >= n)              \
+            return MBEDTLS_ERR_X509_BUFFER_TOO_SMALL; \
+                                                      \
+        n -= (size_t)ret;                             \
+        p += (size_t)ret;                             \
+    } while (0)
 
 #ifdef __cplusplus
 }
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 9331827..da32e01 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -44,8 +44,7 @@
  * Certificate revocation list entry.
  * Contains the CA-specific serial numbers and revocation dates.
  */
-typedef struct mbedtls_x509_crl_entry
-{
+typedef struct mbedtls_x509_crl_entry {
     mbedtls_x509_buf MBEDTLS_PRIVATE(raw);
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(serial);
@@ -55,41 +54,54 @@
     mbedtls_x509_buf MBEDTLS_PRIVATE(entry_ext);
 
     struct mbedtls_x509_crl_entry *MBEDTLS_PRIVATE(next);
-}
-mbedtls_x509_crl_entry;
+} mbedtls_x509_crl_entry;
 
 /**
  * Certificate revocation list structure.
  * Every CRL may have multiple entries.
  */
-typedef struct mbedtls_x509_crl
-{
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);           /**< The raw certificate data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs);           /**< The raw certificate body (DER). The part that is To Be Signed. */
+typedef struct mbedtls_x509_crl {
+    mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
+                                            */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
+                                              The part that is To Be Signed. */
 
-    int MBEDTLS_PRIVATE(version);            /**< CRL version (1=v1, 2=v2) */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);       /**< CRL signature type identifier */
+    int MBEDTLS_PRIVATE(version); /**< CRL version (1=v1, 2=v2) */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< CRL signature type
+                                                  identifier */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw);    /**< The raw issuer data (DER). */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
+                                                     (DER). */
 
-    mbedtls_x509_name MBEDTLS_PRIVATE(issuer);       /**< The parsed issuer data (named information object). */
+    mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
+                                                  (named information object). */
 
     mbedtls_x509_time MBEDTLS_PRIVATE(this_update);
     mbedtls_x509_time MBEDTLS_PRIVATE(next_update);
 
-    mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry);   /**< The CRL entries containing the certificate revocation times for this CA. */
+    mbedtls_x509_crl_entry MBEDTLS_PRIVATE(entry); /**< The CRL entries
+                                                      containing the certificate
+                                                      revocation times for this
+                                                      CA. */
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(crl_ext);
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid2);
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
-    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+                                                  the MD algorithm of the
+                                                  signature algorithm, e.g.
+                                                  MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+                                                  the Public Key algorithm of
+                                                  the signature algorithm, e.g.
+                                                  MBEDTLS_PK_RSA */
+    void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+                                        mbedtls_pk_verify_ext(), e.g. for
+                                        RSASSA-PSS */
 
     struct mbedtls_x509_crl *MBEDTLS_PRIVATE(next);
-}
-mbedtls_x509_crl;
+} mbedtls_x509_crl;
 
 /**
  * \brief          Parse a DER-encoded CRL and append it to the chained list
@@ -101,8 +113,9 @@
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
-                        const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse_der(mbedtls_x509_crl *chain,
+                               const unsigned char *buf,
+                               size_t buflen);
 /**
  * \brief          Parse one or more CRLs and append them to the chained list
  *
@@ -115,7 +128,9 @@
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crl_parse(mbedtls_x509_crl *chain,
+                           const unsigned char *buf,
+                           size_t buflen);
 
 #if defined(MBEDTLS_FS_IO)
 /**
@@ -128,7 +143,7 @@
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
+int mbedtls_x509_crl_parse_file(mbedtls_x509_crl *chain, const char *path);
 #endif /* MBEDTLS_FS_IO */
 
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
@@ -143,8 +158,10 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crl *crl );
+int mbedtls_x509_crl_info(char *buf,
+                          size_t size,
+                          const char *prefix,
+                          const mbedtls_x509_crl *crl);
 #endif /* !MBEDTLS_X509_REMOVE_INFO */
 
 /**
@@ -152,14 +169,14 @@
  *
  * \param crl      CRL chain to initialize
  */
-void mbedtls_x509_crl_init( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_init(mbedtls_x509_crl *crl);
 
 /**
  * \brief          Unallocate all CRL data
  *
  * \param crl      CRL chain to free
  */
-void mbedtls_x509_crl_free( mbedtls_x509_crl *crl );
+void mbedtls_x509_crl_free(mbedtls_x509_crl *crl);
 
 /* \} name */
 /* \} addtogroup x509_module */
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 49211a9..63f2b40 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -46,54 +46,114 @@
 /**
  * Container for an X.509 certificate. The certificate may be chained.
  */
-typedef struct mbedtls_x509_crt
-{
-    int MBEDTLS_PRIVATE(own_buffer);                     /**< Indicates if \c raw is owned
-                                         *   by the structure or not.        */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);               /**< The raw certificate data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs);               /**< The raw certificate body (DER). The part that is To Be Signed. */
+typedef struct mbedtls_x509_crt {
+    int MBEDTLS_PRIVATE(own_buffer); /**< Indicates if \c raw is owned
+                                      *   by the structure or not.        */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw certificate data (DER).
+                                            */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(tbs); /**< The raw certificate body (DER).
+                                              The part that is To Be Signed. */
 
-    int MBEDTLS_PRIVATE(version);                /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(serial);            /**< Unique id for certificate issued by a specific CA. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);           /**< Signature algorithm, e.g. sha1RSA */
+    int MBEDTLS_PRIVATE(version); /**< The X.509 version. (1=v1, 2=v2, 3=v3) */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(serial); /**< Unique id for certificate
+                                                 issued by a specific CA. */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid); /**< Signature algorithm, e.g.
+                                                  sha1RSA */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw);        /**< The raw issuer data (DER). Used for quick comparison. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw);       /**< The raw subject data (DER). Used for quick comparison. */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_raw); /**< The raw issuer data
+                                                     (DER). Used for quick
+                                                     comparison. */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
+                                                      (DER). Used for quick
+                                                      comparison. */
 
-    mbedtls_x509_name MBEDTLS_PRIVATE(issuer);           /**< The parsed issuer data (named information object). */
-    mbedtls_x509_name MBEDTLS_PRIVATE(subject);          /**< The parsed subject data (named information object). */
+    mbedtls_x509_name MBEDTLS_PRIVATE(issuer); /**< The parsed issuer data
+                                                  (named information object). */
+    mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
+                                                   (named information object).
+                                                 */
 
-    mbedtls_x509_time MBEDTLS_PRIVATE(valid_from);       /**< Start time of certificate validity. */
-    mbedtls_x509_time MBEDTLS_PRIVATE(valid_to);         /**< End time of certificate validity. */
+    mbedtls_x509_time MBEDTLS_PRIVATE(valid_from); /**< Start time of
+                                                      certificate validity. */
+    mbedtls_x509_time MBEDTLS_PRIVATE(valid_to); /**< End time of certificate
+                                                    validity. */
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(pk_raw);
-    mbedtls_pk_context MBEDTLS_PRIVATE(pk);              /**< Container for the public key context. */
+    mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
+                                               context. */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id);         /**< Optional X.509 v2/v3 issuer unique identifier. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id);        /**< Optional X.509 v2/v3 subject unique identifier. */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext);            /**< Optional X.509 v3 extensions.  */
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names);    /**< Optional list of raw entries of Subject Alternative Names extension (currently only dNSName and OtherName are listed). */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(issuer_id); /**< Optional X.509 v2/v3
+                                                    issuer unique identifier. */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_id); /**< Optional X.509 v2/v3
+                                                     subject unique identifier.
+                                                   */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(v3_ext); /**< Optional X.509 v3 extensions.
+                                               */
+    mbedtls_x509_sequence MBEDTLS_PRIVATE(subject_alt_names); /**< Optional list
+                                                                 of raw entries
+                                                                 of Subject
+                                                                 Alternative
+                                                                 Names extension
+                                                                 (currently only
+                                                                 dNSName and
+                                                                 OtherName are
+                                                                 listed). */
 
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional list of certificate policies (Only anyPolicy is printed and enforced, however the rest of the policies are still listed). */
+    mbedtls_x509_sequence MBEDTLS_PRIVATE(certificate_policies); /**< Optional
+                                                                    list of
+                                                                    certificate
+                                                                    policies
+                                                                    (Only
+                                                                    anyPolicy is
+                                                                    printed and
+                                                                    enforced,
+                                                                    however the
+                                                                    rest of the
+                                                                    policies are
+                                                                    still
+                                                                    listed). */
 
-    int MBEDTLS_PRIVATE(ext_types);              /**< Bit string containing detected and parsed extensions */
-    int MBEDTLS_PRIVATE(ca_istrue);              /**< Optional Basic Constraint extension value: 1 if this certificate belongs to a CA, 0 otherwise. */
-    int MBEDTLS_PRIVATE(max_pathlen);            /**< Optional Basic Constraint extension value: The maximum path length to the root certificate. Path length is 1 higher than RFC 5280 'meaning', so 1+ */
+    int MBEDTLS_PRIVATE(ext_types); /**< Bit string containing detected and
+                                       parsed extensions */
+    int MBEDTLS_PRIVATE(ca_istrue); /**< Optional Basic Constraint extension
+                                       value: 1 if this certificate belongs to a
+                                       CA, 0 otherwise. */
+    int MBEDTLS_PRIVATE(max_pathlen); /**< Optional Basic Constraint extension
+                                         value: The maximum path length to the
+                                         root certificate. Path length is 1
+                                         higher than RFC 5280 'meaning', so 1+
+                                       */
 
-    unsigned int MBEDTLS_PRIVATE(key_usage);     /**< Optional key usage extension value: See the values in x509.h */
+    unsigned int MBEDTLS_PRIVATE(key_usage); /**< Optional key usage extension
+                                                value: See the values in x509.h
+                                              */
 
-    mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of extended key usage OIDs. */
+    mbedtls_x509_sequence MBEDTLS_PRIVATE(ext_key_usage); /**< Optional list of
+                                                             extended key usage
+                                                             OIDs. */
 
-    unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape certificate type extension value: See the values in x509.h */
+    unsigned char MBEDTLS_PRIVATE(ns_cert_type); /**< Optional Netscape
+                                                    certificate type extension
+                                                    value: See the values in
+                                                    x509.h */
 
-    mbedtls_x509_buf MBEDTLS_PRIVATE(sig);               /**< Signature: hash of the tbs part signed with the private key. */
-    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);           /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);           /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);             /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(sig); /**< Signature: hash of the tbs part
+                                              signed with the private key. */
+    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+                                                  the MD algorithm of the
+                                                  signature algorithm, e.g.
+                                                  MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+                                                  the Public Key algorithm of
+                                                  the signature algorithm, e.g.
+                                                  MBEDTLS_PK_RSA */
+    void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+                                        mbedtls_pk_verify_ext(), e.g. for
+                                        RSASSA-PSS */
 
-    struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next);     /**< Next certificate in the CA-chain. */
-}
-mbedtls_x509_crt;
+    struct mbedtls_x509_crt *MBEDTLS_PRIVATE(next); /**< Next certificate in the
+                                                       CA-chain. */
+} mbedtls_x509_crt;
 
 /**
  * From RFC 5280 section 4.2.1.6:
@@ -101,52 +161,55 @@
  *      type-id    OBJECT IDENTIFIER,
  *      value      [0] EXPLICIT ANY DEFINED BY type-id }
  */
-typedef struct mbedtls_x509_san_other_name
-{
+typedef struct mbedtls_x509_san_other_name {
     /**
      * The type_id is an OID as deifned in RFC 5280.
      * To check the value of the type id, you should use
      * \p MBEDTLS_OID_CMP with a known OID mbedtls_x509_buf.
      */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(type_id);                   /**< The type id. */
-    union
-    {
+    mbedtls_x509_buf MBEDTLS_PRIVATE(type_id); /**< The type id. */
+    union {
         /**
          * From RFC 4108 section 5:
          * HardwareModuleName ::= SEQUENCE {
          *                         hwType OBJECT IDENTIFIER,
          *                         hwSerialNum OCTET STRING }
          */
-        struct
-        {
-            mbedtls_x509_buf MBEDTLS_PRIVATE(oid);               /**< The object identifier. */
-            mbedtls_x509_buf MBEDTLS_PRIVATE(val);               /**< The named value. */
-        }
-        MBEDTLS_PRIVATE(hardware_module_name);
-    }
-    MBEDTLS_PRIVATE(value);
-}
-mbedtls_x509_san_other_name;
+        struct {
+            mbedtls_x509_buf MBEDTLS_PRIVATE(oid); /**< The object identifier.
+                                                    */
+            mbedtls_x509_buf MBEDTLS_PRIVATE(val); /**< The named value. */
+        } MBEDTLS_PRIVATE(hardware_module_name);
+    } MBEDTLS_PRIVATE(value);
+} mbedtls_x509_san_other_name;
 
 /**
- * A structure for holding the parsed Subject Alternative Name, according to type
+ * A structure for holding the parsed Subject Alternative Name, according to
+ * type
  */
-typedef struct mbedtls_x509_subject_alternative_name
-{
-    int MBEDTLS_PRIVATE(type);                              /**< The SAN type, value of MBEDTLS_X509_SAN_XXX. */
+typedef struct mbedtls_x509_subject_alternative_name {
+    int MBEDTLS_PRIVATE(type); /**< The SAN type, value of MBEDTLS_X509_SAN_XXX.
+                                */
     union {
-        mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The otherName supported type. */
-        mbedtls_x509_buf   MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for the un constructed types. Only dnsName currently supported */
-    }
-    MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
-}
-mbedtls_x509_subject_alternative_name;
+        mbedtls_x509_san_other_name MBEDTLS_PRIVATE(other_name); /**< The
+                                                                    otherName
+                                                                    supported
+                                                                    type. */
+        mbedtls_x509_buf MBEDTLS_PRIVATE(unstructured_name); /**< The buffer for
+                                                                the un
+                                                                constructed
+                                                                types. Only
+                                                                dnsName
+                                                                currently
+                                                                supported */
+    } MBEDTLS_PRIVATE(san); /**< A union of the supported SAN types */
+} mbedtls_x509_subject_alternative_name;
 
 /**
  * Build flag from an algorithm/curve identifier (pk, md, ecp)
  * Since 0 is always XXX_NONE, ignore it.
  */
-#define MBEDTLS_X509_ID_FLAG( id )   ( 1 << ( (id) - 1 ) )
+#define MBEDTLS_X509_ID_FLAG(id) (1 << ((id)-1))
 
 /**
  * Security profile for certificate verification.
@@ -173,24 +236,22 @@
  *  my_profile.allowed_pks = MBEDTLS_X509_ID_FLAG( MBEDTLS_PK_RSA );
  *  my_profile.rsa_min_bitlen = 3072;
  */
-typedef struct mbedtls_x509_crt_profile
-{
-    uint32_t allowed_mds;       /**< MDs for signatures         */
-    uint32_t allowed_pks;       /**< PK algs for signatures     */
-    uint32_t allowed_curves;    /**< Elliptic curves for ECDSA  */
-    uint32_t rsa_min_bitlen;    /**< Minimum size for RSA keys  */
-}
-mbedtls_x509_crt_profile;
+typedef struct mbedtls_x509_crt_profile {
+    uint32_t allowed_mds; /**< MDs for signatures         */
+    uint32_t allowed_pks; /**< PK algs for signatures     */
+    uint32_t allowed_curves; /**< Elliptic curves for ECDSA  */
+    uint32_t rsa_min_bitlen; /**< Minimum size for RSA keys  */
+} mbedtls_x509_crt_profile;
 
-#define MBEDTLS_X509_CRT_VERSION_1              0
-#define MBEDTLS_X509_CRT_VERSION_2              1
-#define MBEDTLS_X509_CRT_VERSION_3              2
+#define MBEDTLS_X509_CRT_VERSION_1 0
+#define MBEDTLS_X509_CRT_VERSION_2 1
+#define MBEDTLS_X509_CRT_VERSION_3 2
 
 #define MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN 32
 #define MBEDTLS_X509_RFC5280_UTC_TIME_LEN   15
 
-#if !defined( MBEDTLS_X509_MAX_FILE_PATH_LEN )
-#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
+#if !defined(MBEDTLS_X509_MAX_FILE_PATH_LEN)
+#    define MBEDTLS_X509_MAX_FILE_PATH_LEN 512
 #endif
 
 /* This macro unfolds to the concatenation of macro invocations
@@ -199,73 +260,71 @@
  *                             human readable description )
  * where X509_CRT_ERROR_INFO is defined by the user.
  * See x509_crt.c for an example of how to use this. */
-#define MBEDTLS_X509_CRT_ERROR_INFO_LIST                                  \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED,            \
-                         "MBEDTLS_X509_BADCERT_EXPIRED",          \
-                         "The certificate validity has expired" ) \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED,            \
-                         "MBEDTLS_X509_BADCERT_REVOKED",          \
-                         "The certificate has been revoked (is on a CRL)" ) \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH,                  \
-                         "MBEDTLS_X509_BADCERT_CN_MISMATCH",                \
-                         "The certificate Common Name (CN) does not match with the expected CN" ) \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED,                             \
-                         "MBEDTLS_X509_BADCERT_NOT_TRUSTED",                           \
-                         "The certificate is not correctly signed by the trusted CA" ) \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED,                      \
-                         "MBEDTLS_X509_BADCRL_NOT_TRUSTED",                    \
-                         "The CRL is not correctly signed by the trusted CA" ) \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED,    \
-                         "MBEDTLS_X509_BADCRL_EXPIRED",  \
-                         "The CRL is expired" )          \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING,   \
-                         "MBEDTLS_X509_BADCERT_MISSING", \
-                         "Certificate was missing" )     \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY,         \
-                         "MBEDTLS_X509_BADCERT_SKIP_VERIFY",       \
-                         "Certificate verification was skipped" )  \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER,                          \
-                         "MBEDTLS_X509_BADCERT_OTHER",                        \
-                         "Other reason (can be used by verify callback)" )    \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE,                         \
-                         "MBEDTLS_X509_BADCERT_FUTURE",                       \
-                         "The certificate validity starts in the future" )    \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE,     \
-                         "MBEDTLS_X509_BADCRL_FUTURE",   \
-                         "The CRL is from the future" )  \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE,                      \
-                         "MBEDTLS_X509_BADCERT_KEY_USAGE",                    \
-                         "Usage does not match the keyUsage extension" )      \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE,                       \
-                         "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE",                     \
-                         "Usage does not match the extendedKeyUsage extension" )   \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE,                        \
-                         "MBEDTLS_X509_BADCERT_NS_CERT_TYPE",                      \
-                         "Usage does not match the nsCertType extension" )         \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD,                              \
-                         "MBEDTLS_X509_BADCERT_BAD_MD",                            \
-                         "The certificate is signed with an unacceptable hash." )  \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK,                                                  \
-                         "MBEDTLS_X509_BADCERT_BAD_PK",                                                \
-                         "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." )  \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY,                                                            \
-                         "MBEDTLS_X509_BADCERT_BAD_KEY",                                                          \
-                         "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." )    \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD,                          \
-                         "MBEDTLS_X509_BADCRL_BAD_MD",                        \
-                         "The CRL is signed with an unacceptable hash." )     \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK,                                            \
-                         "MBEDTLS_X509_BADCRL_BAD_PK",                                          \
-                         "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." )   \
-    X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY,                                                    \
-                         "MBEDTLS_X509_BADCRL_BAD_KEY",                                                  \
-                         "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." )
+#define MBEDTLS_X509_CRT_ERROR_INFO_LIST                                                     \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXPIRED,                                        \
+                        "MBEDTLS_X509_BADCERT_EXPIRED",                                      \
+                        "The certificate validity has expired")                              \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_REVOKED,                                        \
+                        "MBEDTLS_X509_BADCERT_REVOKED",                                      \
+                        "The certificate has been revoked (is on a CRL)")                    \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCERT_CN_MISMATCH, "MBEDTLS_X509_BADCERT_CN_MISMATCH",                \
+        "The certificate Common Name (CN) does not match with the expected CN")              \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCERT_NOT_TRUSTED, "MBEDTLS_X509_BADCERT_NOT_TRUSTED",                \
+        "The certificate is not correctly signed by the trusted CA")                         \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_NOT_TRUSTED,                                     \
+                        "MBEDTLS_X509_BADCRL_NOT_TRUSTED",                                   \
+                        "The CRL is not correctly signed by the trusted CA")                 \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_EXPIRED,                                         \
+                        "MBEDTLS_X509_BADCRL_EXPIRED", "The CRL is expired")                 \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_MISSING,                                        \
+                        "MBEDTLS_X509_BADCERT_MISSING",                                      \
+                        "Certificate was missing")                                           \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_SKIP_VERIFY,                                    \
+                        "MBEDTLS_X509_BADCERT_SKIP_VERIFY",                                  \
+                        "Certificate verification was skipped")                              \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_OTHER,                                          \
+                        "MBEDTLS_X509_BADCERT_OTHER",                                        \
+                        "Other reason (can be used by verify callback)")                     \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_FUTURE,                                         \
+                        "MBEDTLS_X509_BADCERT_FUTURE",                                       \
+                        "The certificate validity starts in the future")                     \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_FUTURE,                                          \
+                        "MBEDTLS_X509_BADCRL_FUTURE",                                        \
+                        "The CRL is from the future")                                        \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_KEY_USAGE,                                      \
+                        "MBEDTLS_X509_BADCERT_KEY_USAGE",                                    \
+                        "Usage does not match the keyUsage extension")                       \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_EXT_KEY_USAGE,                                  \
+                        "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE",                                \
+                        "Usage does not match the extendedKeyUsage extension")               \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCERT_NS_CERT_TYPE,                                   \
+                        "MBEDTLS_X509_BADCERT_NS_CERT_TYPE",                                 \
+                        "Usage does not match the nsCertType extension")                     \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCERT_BAD_MD, "MBEDTLS_X509_BADCERT_BAD_MD",                          \
+        "The certificate is signed with an unacceptable hash.")                              \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCERT_BAD_PK, "MBEDTLS_X509_BADCERT_BAD_PK",                          \
+        "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA).")          \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCERT_BAD_KEY, "MBEDTLS_X509_BADCERT_BAD_KEY",                        \
+        "The certificate is signed with an unacceptable key (eg bad curve, RSA too short).") \
+    X509_CRT_ERROR_INFO(MBEDTLS_X509_BADCRL_BAD_MD,                                          \
+                        "MBEDTLS_X509_BADCRL_BAD_MD",                                        \
+                        "The CRL is signed with an unacceptable hash.")                      \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCRL_BAD_PK, "MBEDTLS_X509_BADCRL_BAD_PK",                            \
+        "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA).")                  \
+    X509_CRT_ERROR_INFO(                                                                     \
+        MBEDTLS_X509_BADCRL_BAD_KEY, "MBEDTLS_X509_BADCRL_BAD_KEY",                          \
+        "The CRL is signed with an unacceptable key (eg bad curve, RSA too short).")
 
 /**
  * Container for writing a certificate (CRT)
  */
-typedef struct mbedtls_x509write_cert
-{
+typedef struct mbedtls_x509write_cert {
     int MBEDTLS_PRIVATE(version);
     mbedtls_mpi MBEDTLS_PRIVATE(serial);
     mbedtls_pk_context *MBEDTLS_PRIVATE(subject_key);
@@ -276,8 +335,7 @@
     char MBEDTLS_PRIVATE(not_before)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
     char MBEDTLS_PRIVATE(not_after)[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
     mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_cert;
+} mbedtls_x509write_cert;
 
 /**
  * Item in a verification chain: cert and flags for it
@@ -290,14 +348,15 @@
 /**
  * Max size of verification chain: end-entity + intermediates + trusted root
  */
-#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE  ( MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2 )
+#define MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE \
+    (MBEDTLS_X509_MAX_INTERMEDIATE_CA + 2)
 
 /**
  * Verification chain as built by \c mbedtls_crt_verify_chain()
  */
-typedef struct
-{
-    mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)[MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
+typedef struct {
+    mbedtls_x509_crt_verify_chain_item MBEDTLS_PRIVATE(items)
+        [MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE];
     unsigned MBEDTLS_PRIVATE(len);
 
 #if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
@@ -314,24 +373,26 @@
 /**
  * \brief       Context for resuming X.509 verify operations
  */
-typedef struct
-{
+typedef struct {
     /* for check_signature() */
     mbedtls_pk_restart_ctx MBEDTLS_PRIVATE(pk);
 
     /* for find_parent_in() */
-    mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in progress */
+    mbedtls_x509_crt *MBEDTLS_PRIVATE(parent); /* non-null iff parent_in in
+                                                  progress */
     mbedtls_x509_crt *MBEDTLS_PRIVATE(fallback_parent);
     int MBEDTLS_PRIVATE(fallback_signature_is_good);
 
     /* for find_parent() */
-    int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in progress */
+    int MBEDTLS_PRIVATE(parent_is_trusted); /* -1 if find_parent is not in
+                                               progress */
 
     /* for verify_chain() */
-    enum {
+    enum
+    {
         x509_crt_rs_none,
         x509_crt_rs_find_parent,
-    } MBEDTLS_PRIVATE(in_progress);  /* none if no operation is in progress */
+    } MBEDTLS_PRIVATE(in_progress); /* none if no operation is in progress */
     int MBEDTLS_PRIVATE(self_cnt);
     mbedtls_x509_crt_verify_chain MBEDTLS_PRIVATE(ver_chain);
 
@@ -398,9 +459,9 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_x509_crt_parse_der( mbedtls_x509_crt *chain,
-                                const unsigned char *buf,
-                                size_t buflen );
+int mbedtls_x509_crt_parse_der(mbedtls_x509_crt *chain,
+                               const unsigned char *buf,
+                               size_t buflen);
 
 /**
  * \brief          The type of certificate extension callbacks.
@@ -432,12 +493,12 @@
  * \return         \c 0 on success.
  * \return         A negative error code on failure.
  */
-typedef int (*mbedtls_x509_crt_ext_cb_t)( void *p_ctx,
-                                          mbedtls_x509_crt const *crt,
-                                          mbedtls_x509_buf const *oid,
-                                          int critical,
-                                          const unsigned char *p,
-                                          const unsigned char *end );
+typedef int (*mbedtls_x509_crt_ext_cb_t)(void *p_ctx,
+                                         mbedtls_x509_crt const *crt,
+                                         mbedtls_x509_buf const *oid,
+                                         int critical,
+                                         const unsigned char *p,
+                                         const unsigned char *end);
 
 /**
  * \brief            Parse a single DER formatted certificate and add it
@@ -479,12 +540,12 @@
  * \return           \c 0 if successful.
  * \return           A negative error code on failure.
  */
-int mbedtls_x509_crt_parse_der_with_ext_cb( mbedtls_x509_crt *chain,
-                                            const unsigned char *buf,
-                                            size_t buflen,
-                                            int make_copy,
-                                            mbedtls_x509_crt_ext_cb_t cb,
-                                            void *p_ctx );
+int mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt *chain,
+                                           const unsigned char *buf,
+                                           size_t buflen,
+                                           int make_copy,
+                                           mbedtls_x509_crt_ext_cb_t cb,
+                                           void *p_ctx);
 
 /**
  * \brief          Parse a single DER formatted certificate and add it
@@ -513,9 +574,9 @@
  * \return         \c 0 if successful.
  * \return         A negative error code on failure.
  */
-int mbedtls_x509_crt_parse_der_nocopy( mbedtls_x509_crt *chain,
-                                       const unsigned char *buf,
-                                       size_t buflen );
+int mbedtls_x509_crt_parse_der_nocopy(mbedtls_x509_crt *chain,
+                                      const unsigned char *buf,
+                                      size_t buflen);
 
 /**
  * \brief          Parse one DER-encoded or one or more concatenated PEM-encoded
@@ -547,9 +608,11 @@
  * \return         A negative X509 or PEM error code otherwise.
  *
  */
-int mbedtls_x509_crt_parse( mbedtls_x509_crt *chain, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_crt_parse(mbedtls_x509_crt *chain,
+                           const unsigned char *buf,
+                           size_t buflen);
 
-#if defined(MBEDTLS_FS_IO)
+#    if defined(MBEDTLS_FS_IO)
 /**
  * \brief          Load one or more certificates and add them
  *                 to the chained list. Parses permissively. If some
@@ -563,7 +626,7 @@
  * \return         0 if all certificates parsed successfully, a positive number
  *                 if partly successful or a specific X509 or PEM error code
  */
-int mbedtls_x509_crt_parse_file( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_file(mbedtls_x509_crt *chain, const char *path);
 
 /**
  * \brief          Load one or more certificate files from a path and add them
@@ -578,9 +641,9 @@
  * \return         0 if all certificates parsed successfully, a positive number
  *                 if partly successful or a specific X509 or PEM error code
  */
-int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
+int mbedtls_x509_crt_parse_path(mbedtls_x509_crt *chain, const char *path);
 
-#endif /* MBEDTLS_FS_IO */
+#    endif /* MBEDTLS_FS_IO */
 /**
  * \brief          This function parses an item in the SubjectAlternativeNames
  *                 extension.
@@ -608,10 +671,11 @@
  *                 SAN type.
  * \return         Another negative value for any other failure.
  */
-int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
-                                         mbedtls_x509_subject_alternative_name *san );
+int mbedtls_x509_parse_subject_alt_name(
+    const mbedtls_x509_buf *san_buf,
+    mbedtls_x509_subject_alternative_name *san);
 
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
+#    if !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
  * \brief          Returns an informational string about the
  *                 certificate.
@@ -624,8 +688,10 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_crt *crt );
+int mbedtls_x509_crt_info(char *buf,
+                          size_t size,
+                          const char *prefix,
+                          const mbedtls_x509_crt *crt);
 
 /**
  * \brief          Returns an informational string about the
@@ -639,9 +705,11 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
-                          uint32_t flags );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
+int mbedtls_x509_crt_verify_info(char *buf,
+                                 size_t size,
+                                 const char *prefix,
+                                 uint32_t flags);
+#    endif /* !MBEDTLS_X509_REMOVE_INFO */
 
 /**
  * \brief          Verify a chain of certificates.
@@ -709,12 +777,14 @@
  * \return         Another negative error code in case of a fatal error
  *                 encountered during the verification process.
  */
-int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
+int mbedtls_x509_crt_verify(
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crl *ca_crl,
+    const char *cn,
+    uint32_t *flags,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy);
 
 /**
  * \brief          Verify a chain of certificates with respect to
@@ -750,13 +820,15 @@
  * \return         Another negative error code in case of a fatal error
  *                 encountered during the verification process.
  */
-int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
+int mbedtls_x509_crt_verify_with_profile(
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crl *ca_crl,
+    const mbedtls_x509_crt_profile *profile,
+    const char *cn,
+    uint32_t *flags,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy);
 
 /**
  * \brief          Restartable version of \c mbedtls_crt_verify_with_profile()
@@ -784,14 +856,16 @@
  * \return         #MBEDTLS_ERR_ECP_IN_PROGRESS if maximum number of
  *                 operations was reached: see \c mbedtls_ecp_set_max_ops().
  */
-int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt *trust_ca,
-                     mbedtls_x509_crl *ca_crl,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy,
-                     mbedtls_x509_crt_restart_ctx *rs_ctx );
+int mbedtls_x509_crt_verify_restartable(
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt *trust_ca,
+    mbedtls_x509_crl *ca_crl,
+    const mbedtls_x509_crt_profile *profile,
+    const char *cn,
+    uint32_t *flags,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy,
+    mbedtls_x509_crt_restart_ctx *rs_ctx);
 
 /**
  * \brief               The type of trusted certificate callbacks.
@@ -823,11 +897,11 @@
  *                      to the caller.
  * \return              A negative error code on failure.
  */
-typedef int (*mbedtls_x509_crt_ca_cb_t)( void *p_ctx,
-                                         mbedtls_x509_crt const *child,
-                                         mbedtls_x509_crt **candidate_cas );
+typedef int (*mbedtls_x509_crt_ca_cb_t)(void *p_ctx,
+                                        mbedtls_x509_crt const *child,
+                                        mbedtls_x509_crt **candidate_cas);
 
-#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
+#    if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
 /**
  * \brief          Version of \c mbedtls_x509_crt_verify_with_profile() which
  *                 uses a callback to acquire the list of trusted CA
@@ -850,15 +924,17 @@
  *
  * \return         See \c mbedtls_crt_verify_with_profile().
  */
-int mbedtls_x509_crt_verify_with_ca_cb( mbedtls_x509_crt *crt,
-                     mbedtls_x509_crt_ca_cb_t f_ca_cb,
-                     void *p_ca_cb,
-                     const mbedtls_x509_crt_profile *profile,
-                     const char *cn, uint32_t *flags,
-                     int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
-                     void *p_vrfy );
+int mbedtls_x509_crt_verify_with_ca_cb(
+    mbedtls_x509_crt *crt,
+    mbedtls_x509_crt_ca_cb_t f_ca_cb,
+    void *p_ca_cb,
+    const mbedtls_x509_crt_profile *profile,
+    const char *cn,
+    uint32_t *flags,
+    int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *),
+    void *p_vrfy);
 
-#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
+#    endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
 
 /**
  * \brief          Check usage of certificate against keyUsage extension.
@@ -881,8 +957,8 @@
  *                 (intermediate) CAs the keyUsage extension is automatically
  *                 checked by \c mbedtls_x509_crt_verify().
  */
-int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,
-                                      unsigned int usage );
+int mbedtls_x509_crt_check_key_usage(const mbedtls_x509_crt *crt,
+                                     unsigned int usage);
 
 /**
  * \brief           Check usage of certificate against extendedKeyUsage.
@@ -897,11 +973,11 @@
  *
  * \note            Usually only makes sense on leaf certificates.
  */
-int mbedtls_x509_crt_check_extended_key_usage( const mbedtls_x509_crt *crt,
-                                               const char *usage_oid,
-                                               size_t usage_len );
+int mbedtls_x509_crt_check_extended_key_usage(const mbedtls_x509_crt *crt,
+                                              const char *usage_oid,
+                                              size_t usage_len);
 
-#if defined(MBEDTLS_X509_CRL_PARSE_C)
+#    if defined(MBEDTLS_X509_CRL_PARSE_C)
 /**
  * \brief          Verify the certificate revocation status
  *
@@ -911,34 +987,35 @@
  * \return         1 if the certificate is revoked, 0 otherwise
  *
  */
-int mbedtls_x509_crt_is_revoked( const mbedtls_x509_crt *crt, const mbedtls_x509_crl *crl );
-#endif /* MBEDTLS_X509_CRL_PARSE_C */
+int mbedtls_x509_crt_is_revoked(const mbedtls_x509_crt *crt,
+                                const mbedtls_x509_crl *crl);
+#    endif /* MBEDTLS_X509_CRL_PARSE_C */
 
 /**
  * \brief          Initialize a certificate (chain)
  *
  * \param crt      Certificate chain to initialize
  */
-void mbedtls_x509_crt_init( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_init(mbedtls_x509_crt *crt);
 
 /**
  * \brief          Unallocate all certificate data
  *
  * \param crt      Certificate chain to free
  */
-void mbedtls_x509_crt_free( mbedtls_x509_crt *crt );
+void mbedtls_x509_crt_free(mbedtls_x509_crt *crt);
 
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+#    if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
 /**
  * \brief           Initialize a restart context
  */
-void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx );
+void mbedtls_x509_crt_restart_init(mbedtls_x509_crt_restart_ctx *ctx);
 
 /**
  * \brief           Free the components of a restart context
  */
-void mbedtls_x509_crt_restart_free( mbedtls_x509_crt_restart_ctx *ctx );
-#endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
+void mbedtls_x509_crt_restart_free(mbedtls_x509_crt_restart_ctx *ctx);
+#    endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
 #endif /* MBEDTLS_X509_CRT_PARSE_C */
 
 /* \} name */
@@ -950,7 +1027,7 @@
  *
  * \param ctx       CRT context to initialize
  */
-void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx);
 
 /**
  * \brief           Set the verion for a Certificate
@@ -960,7 +1037,8 @@
  * \param version   version to set (MBEDTLS_X509_CRT_VERSION_1, MBEDTLS_X509_CRT_VERSION_2 or
  *                                  MBEDTLS_X509_CRT_VERSION_3)
  */
-void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version );
+void mbedtls_x509write_crt_set_version(mbedtls_x509write_cert *ctx,
+                                       int version);
 
 /**
  * \brief           Set the serial number for a Certificate.
@@ -970,7 +1048,8 @@
  *
  * \return          0 if successful
  */
-int mbedtls_x509write_crt_set_serial( mbedtls_x509write_cert *ctx, const mbedtls_mpi *serial );
+int mbedtls_x509write_crt_set_serial(mbedtls_x509write_cert *ctx,
+                                     const mbedtls_mpi *serial);
 
 /**
  * \brief           Set the validity period for a Certificate
@@ -986,8 +1065,9 @@
  * \return          0 if timestamp was parsed successfully, or
  *                  a specific error code
  */
-int mbedtls_x509write_crt_set_validity( mbedtls_x509write_cert *ctx, const char *not_before,
-                                const char *not_after );
+int mbedtls_x509write_crt_set_validity(mbedtls_x509write_cert *ctx,
+                                       const char *not_before,
+                                       const char *not_after);
 
 /**
  * \brief           Set the issuer name for a Certificate
@@ -1001,8 +1081,8 @@
  * \return          0 if issuer name was parsed successfully, or
  *                  a specific error code
  */
-int mbedtls_x509write_crt_set_issuer_name( mbedtls_x509write_cert *ctx,
-                                   const char *issuer_name );
+int mbedtls_x509write_crt_set_issuer_name(mbedtls_x509write_cert *ctx,
+                                          const char *issuer_name);
 
 /**
  * \brief           Set the subject name for a Certificate
@@ -1016,8 +1096,8 @@
  * \return          0 if subject name was parsed successfully, or
  *                  a specific error code
  */
-int mbedtls_x509write_crt_set_subject_name( mbedtls_x509write_cert *ctx,
-                                    const char *subject_name );
+int mbedtls_x509write_crt_set_subject_name(mbedtls_x509write_cert *ctx,
+                                           const char *subject_name);
 
 /**
  * \brief           Set the subject public key for the certificate
@@ -1025,7 +1105,8 @@
  * \param ctx       CRT context to use
  * \param key       public key to include
  */
-void mbedtls_x509write_crt_set_subject_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_subject_key(mbedtls_x509write_cert *ctx,
+                                           mbedtls_pk_context *key);
 
 /**
  * \brief           Set the issuer key used for signing the certificate
@@ -1033,7 +1114,8 @@
  * \param ctx       CRT context to use
  * \param key       private key to sign with
  */
-void mbedtls_x509write_crt_set_issuer_key( mbedtls_x509write_cert *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_crt_set_issuer_key(mbedtls_x509write_cert *ctx,
+                                          mbedtls_pk_context *key);
 
 /**
  * \brief           Set the MD algorithm to use for the signature
@@ -1042,7 +1124,8 @@
  * \param ctx       CRT context to use
  * \param md_alg    MD algorithm to use
  */
-void mbedtls_x509write_crt_set_md_alg( mbedtls_x509write_cert *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_crt_set_md_alg(mbedtls_x509write_cert *ctx,
+                                      mbedtls_md_type_t md_alg);
 
 /**
  * \brief           Generic function to add to or replace an extension in the
@@ -1057,10 +1140,12 @@
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_extension( mbedtls_x509write_cert *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len );
+int mbedtls_x509write_crt_set_extension(mbedtls_x509write_cert *ctx,
+                                        const char *oid,
+                                        size_t oid_len,
+                                        int critical,
+                                        const unsigned char *val,
+                                        size_t val_len);
 
 /**
  * \brief           Set the basicConstraints extension for a CRT
@@ -1073,10 +1158,11 @@
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_basic_constraints( mbedtls_x509write_cert *ctx,
-                                         int is_ca, int max_pathlen );
+int mbedtls_x509write_crt_set_basic_constraints(mbedtls_x509write_cert *ctx,
+                                                int is_ca,
+                                                int max_pathlen);
 
-#if defined(MBEDTLS_SHA1_C)
+#    if defined(MBEDTLS_SHA1_C)
 /**
  * \brief           Set the subjectKeyIdentifier extension for a CRT
  *                  Requires that mbedtls_x509write_crt_set_subject_key() has been
@@ -1086,7 +1172,8 @@
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_subject_key_identifier( mbedtls_x509write_cert *ctx );
+int mbedtls_x509write_crt_set_subject_key_identifier(
+    mbedtls_x509write_cert *ctx);
 
 /**
  * \brief           Set the authorityKeyIdentifier extension for a CRT
@@ -1097,8 +1184,9 @@
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *ctx );
-#endif /* MBEDTLS_SHA1_C */
+int mbedtls_x509write_crt_set_authority_key_identifier(
+    mbedtls_x509write_cert *ctx);
+#    endif /* MBEDTLS_SHA1_C */
 
 /**
  * \brief           Set the Key Usage Extension flags
@@ -1109,8 +1197,8 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
-                                         unsigned int key_usage );
+int mbedtls_x509write_crt_set_key_usage(mbedtls_x509write_cert *ctx,
+                                        unsigned int key_usage);
 
 /**
  * \brief           Set the Netscape Cert Type flags
@@ -1121,15 +1209,15 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
-                                    unsigned char ns_cert_type );
+int mbedtls_x509write_crt_set_ns_cert_type(mbedtls_x509write_cert *ctx,
+                                           unsigned char ns_cert_type);
 
 /**
  * \brief           Free the contents of a CRT write context
  *
  * \param ctx       CRT context to free
  */
-void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx );
+void mbedtls_x509write_crt_free(mbedtls_x509write_cert *ctx);
 
 /**
  * \brief           Write a built up certificate to a X509 DER structure
@@ -1148,11 +1236,13 @@
  *
  * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
+int mbedtls_x509write_crt_der(mbedtls_x509write_cert *ctx,
+                              unsigned char *buf,
+                              size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng);
 
-#if defined(MBEDTLS_PEM_WRITE_C)
+#    if defined(MBEDTLS_PEM_WRITE_C)
 /**
  * \brief           Write a built up certificate to a X509 PEM string
  *
@@ -1166,10 +1256,12 @@
  *
  * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_crt_pem( mbedtls_x509write_cert *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_x509write_crt_pem(mbedtls_x509write_cert *ctx,
+                              unsigned char *buf,
+                              size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng);
+#    endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CRT_WRITE_C */
 
 #ifdef __cplusplus
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index 674f9ce..55dc9b8 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -43,37 +43,46 @@
 /**
  * Certificate Signing Request (CSR) structure.
  */
-typedef struct mbedtls_x509_csr
-{
-    mbedtls_x509_buf MBEDTLS_PRIVATE(raw);           /**< The raw CSR data (DER). */
-    mbedtls_x509_buf MBEDTLS_PRIVATE(cri);           /**< The raw CertificateRequestInfo body (DER). */
+typedef struct mbedtls_x509_csr {
+    mbedtls_x509_buf MBEDTLS_PRIVATE(raw); /**< The raw CSR data (DER). */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(cri); /**< The raw CertificateRequestInfo
+                                              body (DER). */
 
-    int MBEDTLS_PRIVATE(version);            /**< CSR version (1=v1). */
+    int MBEDTLS_PRIVATE(version); /**< CSR version (1=v1). */
 
-    mbedtls_x509_buf  MBEDTLS_PRIVATE(subject_raw);  /**< The raw subject data (DER). */
-    mbedtls_x509_name MBEDTLS_PRIVATE(subject);      /**< The parsed subject data (named information object). */
+    mbedtls_x509_buf MBEDTLS_PRIVATE(subject_raw); /**< The raw subject data
+                                                      (DER). */
+    mbedtls_x509_name MBEDTLS_PRIVATE(subject); /**< The parsed subject data
+                                                   (named information object).
+                                                 */
 
-    mbedtls_pk_context MBEDTLS_PRIVATE(pk);          /**< Container for the public key context. */
+    mbedtls_pk_context MBEDTLS_PRIVATE(pk); /**< Container for the public key
+                                               context. */
 
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig_oid);
     mbedtls_x509_buf MBEDTLS_PRIVATE(sig);
-    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md);       /**< Internal representation of the MD algorithm of the signature algorithm, e.g. MBEDTLS_MD_SHA256 */
-    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk);       /**< Internal representation of the Public Key algorithm of the signature algorithm, e.g. MBEDTLS_PK_RSA */
-    void *MBEDTLS_PRIVATE(sig_opts);         /**< Signature options to be passed to mbedtls_pk_verify_ext(), e.g. for RSASSA-PSS */
-}
-mbedtls_x509_csr;
+    mbedtls_md_type_t MBEDTLS_PRIVATE(sig_md); /**< Internal representation of
+                                                  the MD algorithm of the
+                                                  signature algorithm, e.g.
+                                                  MBEDTLS_MD_SHA256 */
+    mbedtls_pk_type_t MBEDTLS_PRIVATE(sig_pk); /**< Internal representation of
+                                                  the Public Key algorithm of
+                                                  the signature algorithm, e.g.
+                                                  MBEDTLS_PK_RSA */
+    void *MBEDTLS_PRIVATE(sig_opts); /**< Signature options to be passed to
+                                        mbedtls_pk_verify_ext(), e.g. for
+                                        RSASSA-PSS */
+} mbedtls_x509_csr;
 
 /**
  * Container for writing a CSR
  */
-typedef struct mbedtls_x509write_csr
-{
+typedef struct mbedtls_x509write_csr {
     mbedtls_pk_context *MBEDTLS_PRIVATE(key);
     mbedtls_asn1_named_data *MBEDTLS_PRIVATE(subject);
     mbedtls_md_type_t MBEDTLS_PRIVATE(md_alg);
     mbedtls_asn1_named_data *MBEDTLS_PRIVATE(extensions);
-}
-mbedtls_x509write_csr;
+} mbedtls_x509write_csr;
 
 #if defined(MBEDTLS_X509_CSR_PARSE_C)
 /**
@@ -87,8 +96,9 @@
  *
  * \return         0 if successful, or a specific X509 error code
  */
-int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
-                        const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse_der(mbedtls_x509_csr *csr,
+                               const unsigned char *buf,
+                               size_t buflen);
 
 /**
  * \brief          Load a Certificate Signing Request (CSR), DER or PEM format
@@ -102,9 +112,11 @@
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, size_t buflen );
+int mbedtls_x509_csr_parse(mbedtls_x509_csr *csr,
+                           const unsigned char *buf,
+                           size_t buflen);
 
-#if defined(MBEDTLS_FS_IO)
+#    if defined(MBEDTLS_FS_IO)
 /**
  * \brief          Load a Certificate Signing Request (CSR)
  *
@@ -115,10 +127,10 @@
  *
  * \return         0 if successful, or a specific X509 or PEM error code
  */
-int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
-#endif /* MBEDTLS_FS_IO */
+int mbedtls_x509_csr_parse_file(mbedtls_x509_csr *csr, const char *path);
+#    endif /* MBEDTLS_FS_IO */
 
-#if !defined(MBEDTLS_X509_REMOVE_INFO)
+#    if !defined(MBEDTLS_X509_REMOVE_INFO)
 /**
  * \brief          Returns an informational string about the
  *                 CSR.
@@ -131,23 +143,25 @@
  * \return         The length of the string written (not including the
  *                 terminated nul byte), or a negative error code.
  */
-int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
-                   const mbedtls_x509_csr *csr );
-#endif /* !MBEDTLS_X509_REMOVE_INFO */
+int mbedtls_x509_csr_info(char *buf,
+                          size_t size,
+                          const char *prefix,
+                          const mbedtls_x509_csr *csr);
+#    endif /* !MBEDTLS_X509_REMOVE_INFO */
 
 /**
  * \brief          Initialize a CSR
  *
  * \param csr      CSR to initialize
  */
-void mbedtls_x509_csr_init( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_init(mbedtls_x509_csr *csr);
 
 /**
  * \brief          Unallocate all CSR data
  *
  * \param csr      CSR to free
  */
-void mbedtls_x509_csr_free( mbedtls_x509_csr *csr );
+void mbedtls_x509_csr_free(mbedtls_x509_csr *csr);
 #endif /* MBEDTLS_X509_CSR_PARSE_C */
 
 /* \} name */
@@ -159,7 +173,7 @@
  *
  * \param ctx       CSR context to initialize
  */
-void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_init(mbedtls_x509write_csr *ctx);
 
 /**
  * \brief           Set the subject name for a CSR
@@ -173,8 +187,8 @@
  * \return          0 if subject name was parsed successfully, or
  *                  a specific error code
  */
-int mbedtls_x509write_csr_set_subject_name( mbedtls_x509write_csr *ctx,
-                                    const char *subject_name );
+int mbedtls_x509write_csr_set_subject_name(mbedtls_x509write_csr *ctx,
+                                           const char *subject_name);
 
 /**
  * \brief           Set the key for a CSR (public key will be included,
@@ -183,7 +197,8 @@
  * \param ctx       CSR context to use
  * \param key       Asymetric key to include
  */
-void mbedtls_x509write_csr_set_key( mbedtls_x509write_csr *ctx, mbedtls_pk_context *key );
+void mbedtls_x509write_csr_set_key(mbedtls_x509write_csr *ctx,
+                                   mbedtls_pk_context *key);
 
 /**
  * \brief           Set the MD algorithm to use for the signature
@@ -192,7 +207,8 @@
  * \param ctx       CSR context to use
  * \param md_alg    MD algorithm to use
  */
-void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg );
+void mbedtls_x509write_csr_set_md_alg(mbedtls_x509write_csr *ctx,
+                                      mbedtls_md_type_t md_alg);
 
 /**
  * \brief           Set the Key Usage Extension flags
@@ -211,7 +227,8 @@
  *                  #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
  *                  function.
  */
-int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
+int mbedtls_x509write_csr_set_key_usage(mbedtls_x509write_csr *ctx,
+                                        unsigned char key_usage);
 
 /**
  * \brief           Set the Netscape Cert Type flags
@@ -222,8 +239,8 @@
  *
  * \return          0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
-                                    unsigned char ns_cert_type );
+int mbedtls_x509write_csr_set_ns_cert_type(mbedtls_x509write_csr *ctx,
+                                           unsigned char ns_cert_type);
 
 /**
  * \brief           Generic function to add to or replace an extension in the
@@ -238,17 +255,19 @@
  *
  * \return          0 if successful, or a MBEDTLS_ERR_X509_ALLOC_FAILED
  */
-int mbedtls_x509write_csr_set_extension( mbedtls_x509write_csr *ctx,
-                                 const char *oid, size_t oid_len,
-                                 int critical,
-                                 const unsigned char *val, size_t val_len );
+int mbedtls_x509write_csr_set_extension(mbedtls_x509write_csr *ctx,
+                                        const char *oid,
+                                        size_t oid_len,
+                                        int critical,
+                                        const unsigned char *val,
+                                        size_t val_len);
 
 /**
  * \brief           Free the contents of a CSR context
  *
  * \param ctx       CSR context to free
  */
-void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx );
+void mbedtls_x509write_csr_free(mbedtls_x509write_csr *ctx);
 
 /**
  * \brief           Write a CSR (Certificate Signing Request) to a
@@ -268,11 +287,13 @@
  *
  * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
+int mbedtls_x509write_csr_der(mbedtls_x509write_csr *ctx,
+                              unsigned char *buf,
+                              size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng);
 
-#if defined(MBEDTLS_PEM_WRITE_C)
+#    if defined(MBEDTLS_PEM_WRITE_C)
 /**
  * \brief           Write a CSR (Certificate Signing Request) to a
  *                  PEM string
@@ -287,10 +308,12 @@
  *
  * \note            \p f_rng is used for the signature operation.
  */
-int mbedtls_x509write_csr_pem( mbedtls_x509write_csr *ctx, unsigned char *buf, size_t size,
-                       int (*f_rng)(void *, unsigned char *, size_t),
-                       void *p_rng );
-#endif /* MBEDTLS_PEM_WRITE_C */
+int mbedtls_x509write_csr_pem(mbedtls_x509write_csr *ctx,
+                              unsigned char *buf,
+                              size_t size,
+                              int (*f_rng)(void *, unsigned char *, size_t),
+                              void *p_rng);
+#    endif /* MBEDTLS_PEM_WRITE_C */
 #endif /* MBEDTLS_X509_CSR_WRITE_C */
 
 #ifdef __cplusplus