IDF release/v4.0 a3f3c7bdc

2025-07-04 06:16:35 +02:00 · 2020-04-07 00:12:32 +00:00
parent 2271c7726d
commit b47b0dc966
130 changed files with 1032 additions and 447 deletions
--- a/platform.txt
+++ b/platform.txt
@ -35,7 +35,7 @@ compiler.S.flags=-c -g3 -x assembler-with-cpp -MMD -mlongcalls
 compiler.c.elf.cmd=xtensa-esp32-elf-gcc
 compiler.c.elf.flags=-nostdlib "-L{compiler.sdk.path}/lib" "-L{compiler.sdk.path}/ld" -T esp32_out.ld -T esp32.project.ld -T esp32.peripherals.ld -T esp32.rom.ld -T esp32.rom.libgcc.ld -T esp32.rom.syscalls.ld -T esp32.rom.newlib-data.ld -Wl,--gc-sections -Wl,-static -Wl,--undefined=uxTopUsedPriority -u call_user_start_cpu0 -u __cxa_guard_dummy -u ld_include_panic_highint_hdl -u newlib_include_locks_impl -u newlib_include_heap_impl -u newlib_include_syscalls_impl -u pthread_include_pthread_impl -u pthread_include_pthread_cond_impl -u pthread_include_pthread_local_storage_impl -fno-rtti -mfix-esp32-psram-cache-issue
-compiler.c.elf.libs=-lgcc -lfr -lspi_flash -lesp_eth -lesp32 -lesp_event -lpp -lsmartconfig -limage_util -lmesh -lwpa_supplicant -lesp_wifi -ltcp_transport -lesp_websocket_client -lphy -lesp_ringbuf -lrtc -lunity -llibsodium -lcxx -lfatfs -lbootloader_support -lapp_trace -ljsmn -lcoexist -lm -lesp-tls -lnvs_flash -lfb_gfx -lbt -lfd -lcoap -lmbedtls -lod -llog -lesp_http_server -lface_detection -lheap -lmqtt -lvfs -lesp_adc_cal -lesp_rom -lhal -ljson -lefuse -lesp_http_client -lbtdm_app -lprotocomm -lcore -lsdmmc -lopenssl -lfreemodbus -lsoc -lspiffs -lexpat -lesp_https_ota -lesp32-camera -lpthread -lespnow -lasio -lesp_common -lmdns -lapp_update -lwifi_provisioning -lfreertos -lnewlib -lnet80211 -lface_recognition -lprotobuf-c -lconsole -lxtensa -lesp_local_ctrl -lnghttp -lulp -lesp_gdbstub -lespcoredump -ldriver -llwip -lwear_levelling -ldl_lib -ltcpip_adapter  -lc -lstdc++
+compiler.c.elf.libs=-lgcc -ltcpip_adapter -lmbedtls -lnet80211 -lsdmmc -lfd -lmesh -lapp_trace -lwpa_supplicant -ljsmn -lface_recognition -lmqtt -lapp_update -llwip -lsmartconfig -lesp_gdbstub -lopenssl -lbt -lconsole -ldl -lprotocomm -lasio -lspi_flash -lesp_http_server -lespcoredump -lcoexist -lesp_eth -lbtdm_app -lrtc -lnvs_flash -ltcp_transport -lesp32 -lesp32-camera -lfreertos -lxtensa -lvfs -lcoap -lpp -lwear_levelling -lcxx -lprotobuf-c -lcore -lfr -llog -limage_util -lulp -llibsodium -ldriver -lfreemodbus -lesp_https_ota -lheap -lspiffs -lhal -lesp_websocket_client -lesp_common -lfatfs -lespnow -ljson -lunity -lesp_wifi -lm -lfb_gfx -lesp_event -lesp-tls -lesp_local_ctrl -lesp_rom -lbootloader_support -lwifi_provisioning -lod -lpthread -lexpat -lface_detection -lmdns -lesp_http_client -lsoc -lesp_adc_cal -lnewlib -lefuse -lphy -lesp_ringbuf -lnghttp  -lc -lstdc++
 compiler.as.cmd=xtensa-esp32-elf-as
--- a/tools/platformio-build.py
+++ b/tools/platformio-build.py
@ -186,7 +186,7 @@ env.Append(
    ],
    LIBS=[
-        "-lgcc", "-lfr", "-lspi_flash", "-lesp_eth", "-lesp32", "-lesp_event", "-lpp", "-lsmartconfig", "-limage_util", "-lmesh", "-lwpa_supplicant", "-lesp_wifi", "-ltcp_transport", "-lesp_websocket_client", "-lphy", "-lesp_ringbuf", "-lrtc", "-lunity", "-llibsodium", "-lcxx", "-lfatfs", "-lbootloader_support", "-lapp_trace", "-ljsmn", "-lcoexist", "-lm", "-lesp-tls", "-lnvs_flash", "-lfb_gfx", "-lbt", "-lfd", "-lcoap", "-lmbedtls", "-lod", "-llog", "-lesp_http_server", "-lface_detection", "-lheap", "-lmqtt", "-lvfs", "-lesp_adc_cal", "-lesp_rom", "-lhal", "-ljson", "-lefuse", "-lesp_http_client", "-lbtdm_app", "-lprotocomm", "-lcore", "-lsdmmc", "-lopenssl", "-lfreemodbus", "-lsoc", "-lspiffs", "-lexpat", "-lesp_https_ota", "-lesp32-camera", "-lpthread", "-lespnow", "-lasio", "-lesp_common", "-lmdns", "-lapp_update", "-lwifi_provisioning", "-lfreertos", "-lnewlib", "-lnet80211", "-lface_recognition", "-lprotobuf-c", "-lconsole", "-lxtensa", "-lesp_local_ctrl", "-lnghttp", "-lulp", "-lesp_gdbstub", "-lespcoredump", "-ldriver", "-llwip", "-lwear_levelling", "-ldl_lib", "-ltcpip_adapter", "-lc", "-lstdc++"
+        "-lgcc", "-ltcpip_adapter", "-lmbedtls", "-lnet80211", "-lsdmmc", "-lfd", "-lmesh", "-lapp_trace", "-lwpa_supplicant", "-ljsmn", "-lface_recognition", "-lmqtt", "-lapp_update", "-llwip", "-lsmartconfig", "-lesp_gdbstub", "-lopenssl", "-lbt", "-lconsole", "-ldl", "-lprotocomm", "-lasio", "-lspi_flash", "-lesp_http_server", "-lespcoredump", "-lcoexist", "-lesp_eth", "-lbtdm_app", "-lrtc", "-lnvs_flash", "-ltcp_transport", "-lesp32", "-lesp32-camera", "-lfreertos", "-lxtensa", "-lvfs", "-lcoap", "-lpp", "-lwear_levelling", "-lcxx", "-lprotobuf-c", "-lcore", "-lfr", "-llog", "-limage_util", "-lulp", "-llibsodium", "-ldriver", "-lfreemodbus", "-lesp_https_ota", "-lheap", "-lspiffs", "-lhal", "-lesp_websocket_client", "-lesp_common", "-lfatfs", "-lespnow", "-ljson", "-lunity", "-lesp_wifi", "-lm", "-lfb_gfx", "-lesp_event", "-lesp-tls", "-lesp_local_ctrl", "-lesp_rom", "-lbootloader_support", "-lwifi_provisioning", "-lod", "-lpthread", "-lexpat", "-lface_detection", "-lmdns", "-lesp_http_client", "-lsoc", "-lesp_adc_cal", "-lnewlib", "-lefuse", "-lphy", "-lesp_ringbuf", "-lnghttp", "-lc", "-lstdc++"
    ],
    LIBSOURCE_DIRS=[
--- a/tools/sdk/bin/bootloader_dio_40m.bin
+++ b/tools/sdk/bin/bootloader_dio_40m.bin
--- a/tools/sdk/bin/bootloader_dio_80m.bin
+++ b/tools/sdk/bin/bootloader_dio_80m.bin
--- a/tools/sdk/bin/bootloader_dout_40m.bin
+++ b/tools/sdk/bin/bootloader_dout_40m.bin
--- a/tools/sdk/bin/bootloader_dout_80m.bin
+++ b/tools/sdk/bin/bootloader_dout_80m.bin
--- a/tools/sdk/bin/bootloader_qio_40m.bin
+++ b/tools/sdk/bin/bootloader_qio_40m.bin
--- a/tools/sdk/bin/bootloader_qio_80m.bin
+++ b/tools/sdk/bin/bootloader_qio_80m.bin
--- a/tools/sdk/bin/bootloader_qout_40m.bin
+++ b/tools/sdk/bin/bootloader_qout_40m.bin
--- a/tools/sdk/bin/bootloader_qout_80m.bin
+++ b/tools/sdk/bin/bootloader_qout_80m.bin
--- a/tools/sdk/include/bt/esp_gap_bt_api.h
+++ b/tools/sdk/include/bt/esp_gap_bt_api.h
@ -79,22 +79,24 @@ typedef struct {
 } esp_bt_gap_dev_prop_t;
 /// Extended Inquiry Response data type
-typedef enum {
+#define ESP_BT_EIR_TYPE_FLAGS                   0x01      /*!< Flag with information such as BR/EDR and LE support */
-    ESP_BT_EIR_TYPE_FLAGS                    = 0x01,     /*!< Flag with information such as BR/EDR and LE support */
+#define ESP_BT_EIR_TYPE_INCMPL_16BITS_UUID      0x02      /*!< Incomplete list of 16-bit service UUIDs */
-    ESP_BT_EIR_TYPE_INCMPL_16BITS_UUID       = 0x02,     /*!< Incomplete list of 16-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_CMPL_16BITS_UUID        0x03      /*!< Complete list of 16-bit service UUIDs */
-    ESP_BT_EIR_TYPE_CMPL_16BITS_UUID         = 0x03,     /*!< Complete list of 16-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_INCMPL_32BITS_UUID      0x04      /*!< Incomplete list of 32-bit service UUIDs */
-    ESP_BT_EIR_TYPE_INCMPL_32BITS_UUID       = 0x04,     /*!< Incomplete list of 32-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_CMPL_32BITS_UUID        0x05      /*!< Complete list of 32-bit service UUIDs */
-    ESP_BT_EIR_TYPE_CMPL_32BITS_UUID         = 0x05,     /*!< Complete list of 32-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_INCMPL_128BITS_UUID     0x06      /*!< Incomplete list of 128-bit service UUIDs */
-    ESP_BT_EIR_TYPE_INCMPL_128BITS_UUID      = 0x06,     /*!< Incomplete list of 128-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_CMPL_128BITS_UUID       0x07      /*!< Complete list of 128-bit service UUIDs */
-    ESP_BT_EIR_TYPE_CMPL_128BITS_UUID        = 0x07,     /*!< Complete list of 128-bit service UUIDs */
+#define ESP_BT_EIR_TYPE_SHORT_LOCAL_NAME        0x08      /*!< Shortened Local Name */
-    ESP_BT_EIR_TYPE_SHORT_LOCAL_NAME         = 0x08,     /*!< Shortened Local Name */
+#define ESP_BT_EIR_TYPE_CMPL_LOCAL_NAME         0x09      /*!< Complete Local Name */
-    ESP_BT_EIR_TYPE_CMPL_LOCAL_NAME          = 0x09,     /*!< Complete Local Name */
+#define ESP_BT_EIR_TYPE_TX_POWER_LEVEL          0x0a      /*!< Tx power level, value is 1 octet ranging from  -127 to 127, unit is dBm*/
-    ESP_BT_EIR_TYPE_TX_POWER_LEVEL           = 0x0a,     /*!< Tx power level, value is 1 octet ranging from  -127 to 127, unit is dBm*/
+#define ESP_BT_EIR_TYPE_URL                     0x24      /*!< Uniform resource identifier */
-    ESP_BT_EIR_TYPE_URL                      = 0x24,     /*!< Uniform resource identifier */
+#define ESP_BT_EIR_TYPE_MANU_SPECIFIC           0xff      /*!< Manufacturer specific data */
    ESP_BT_EIR_TYPE_MANU_SPECIFIC            = 0xff,     /*!< Manufacturer specific data */
 } esp_bt_eir_type_t;
 #define  ESP_BT_EIR_TYPE_MAX_NUM                12        /*!< MAX number of EIR type */
 typedef uint8_t esp_bt_eir_type_t;
 /* ESP_BT_EIR_FLAG bit definition */
 #define ESP_BT_EIR_FLAG_LIMIT_DISC         (0x01 << 0)
 #define ESP_BT_EIR_FLAG_GEN_DISC           (0x01 << 1)
--- a/tools/sdk/include/bt/esp_gatt_common_api.h
+++ b/tools/sdk/include/bt/esp_gatt_common_api.h
@ -44,6 +44,10 @@ extern "C" {
 */
 extern esp_err_t esp_ble_gatt_set_local_mtu (uint16_t mtu);
 #if (BLE_INCLUDED == TRUE)
 extern uint16_t esp_ble_get_sendable_packets_num (void);
 #endif
 #ifdef __cplusplus
 }
 #endif
--- a/tools/sdk/include/bt/esp_gatt_defs.h
+++ b/tools/sdk/include/bt/esp_gatt_defs.h
@ -73,8 +73,14 @@ extern "C" {
 #define ESP_GATT_UUID_CHAR_PRESENT_FORMAT           0x2904          /*  Characteristic Presentation Format*/
 #define ESP_GATT_UUID_CHAR_AGG_FORMAT               0x2905          /*  Characteristic Aggregate Format*/
 #define ESP_GATT_UUID_CHAR_VALID_RANGE              0x2906          /*  Characteristic Valid Range */
-#define ESP_GATT_UUID_EXT_RPT_REF_DESCR             0x2907
+#define ESP_GATT_UUID_EXT_RPT_REF_DESCR             0x2907          /*  External Report Reference */
-#define ESP_GATT_UUID_RPT_REF_DESCR                 0x2908
+#define ESP_GATT_UUID_RPT_REF_DESCR                 0x2908          /*  Report Reference */
 #define ESP_GATT_UUID_NUM_DIGITALS_DESCR            0x2909          /*  Number of Digitals */
 #define ESP_GATT_UUID_VALUE_TRIGGER_DESCR           0x290A          /*  Value Trigger Setting */
 #define ESP_GATT_UUID_ENV_SENSING_CONFIG_DESCR      0x290B          /*  Environmental Sensing Configuration */
 #define ESP_GATT_UUID_ENV_SENSING_MEASUREMENT_DESCR 0x290C          /*  Environmental Sensing Measurement */
 #define ESP_GATT_UUID_ENV_SENSING_TRIGGER_DESCR     0x290D          /*  Environmental Sensing Trigger Setting */
 #define ESP_GATT_UUID_TIME_TRIGGER_DESCR            0x290E          /*  Time Trigger Setting */
 /* GAP Profile Attributes */
 #define ESP_GATT_UUID_GAP_DEVICE_NAME               0x2A00
@ -443,7 +449,7 @@ typedef struct {
  * @brief service element
  */
 typedef struct {
-    bool                        is_primary;                 /*!< The service flag, true if the service is primary service, else is secondly service */
+    bool                        is_primary;                 /*!< The service flag, true if the service is primary service, else is secondary service */
    uint16_t                    start_handle;               /*!< The start handle of the service */
    uint16_t                    end_handle;                 /*!< The end handle of the service */
    esp_bt_uuid_t               uuid;                       /*!< The uuid of the service */
--- a/tools/sdk/include/config/sdkconfig.h
+++ b/tools/sdk/include/config/sdkconfig.h
@ -83,6 +83,7 @@
 #define CONFIG_BTDM_SCAN_DUPL_TYPE_DEVICE 1
 #define CONFIG_BTDM_SCAN_DUPL_TYPE 0
 #define CONFIG_BTDM_SCAN_DUPL_CACHE_SIZE 20
 #define CONFIG_BTDM_CTRL_FULL_SCAN_SUPPORTED 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_SUPP 1
 #define CONFIG_BTDM_BLE_ADV_REPORT_FLOW_CTRL_NUM 100
 #define CONFIG_BTDM_BLE_ADV_REPORT_DISCARD_THRSHOLD 20
@ -161,7 +162,9 @@
 #define CONFIG_OV2640_SUPPORT 1
 #define CONFIG_OV7725_SUPPORT 1
 #define CONFIG_OV3660_SUPPORT 1
 #define CONFIG_OV5640_SUPPORT 1
 #define CONFIG_SCCB_HARDWARE_I2C 1
 #define CONFIG_SCCB_HARDWARE_I2C_PORT1 1
 #define CONFIG_CAMERA_CORE1 1
 #define CONFIG_ADC_CAL_EFUSE_TP_ENABLE 1
 #define CONFIG_ADC_CAL_EFUSE_VREF_ENABLE 1
@ -199,8 +202,6 @@
 #define CONFIG_HTTPD_ERR_RESP_NO_DELAY 1
 #define CONFIG_HTTPD_PURGE_BUF_LEN 32
 #define CONFIG_ESP32_WIFI_SW_COEXIST_ENABLE 1
 #define CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_BALANCE 1
 #define CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_VALUE 2
 #define CONFIG_ESP32_WIFI_STATIC_RX_BUFFER_NUM 16
 #define CONFIG_ESP32_WIFI_DYNAMIC_RX_BUFFER_NUM 32
 #define CONFIG_ESP32_WIFI_DYNAMIC_TX_BUFFER 1
@ -394,6 +395,7 @@
 #define CONFIG_WL_SECTOR_SIZE_4096 1
 #define CONFIG_WL_SECTOR_SIZE 4096
 #define CONFIG_WIFI_PROV_SCAN_MAX_ENTRIES 16
 #define CONFIG_WIFI_PROV_AUTOSTOP_TIMEOUT 30
 #define CONFIG_WPA_MBEDTLS_CRYPTO 1
 /* List of deprecated options */
@ -1829,26 +1831,6 @@
 #define CONFIG_SW_COEXIST_ENABLE CONFIG_ESP32_WIFI_SW_COEXIST_ENABLE
 #endif
 #ifdef CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE
 #define CONFIG_SW_COEXIST_PREFERENCE CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE
 #endif
 #ifdef CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_BALANCE
 #define CONFIG_SW_COEXIST_PREFERENCE_BALANCE CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_BALANCE
 #endif
 #ifdef CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_BT
 #define CONFIG_SW_COEXIST_PREFERENCE_BT CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_BT
 #endif
 #ifdef CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_VALUE
 #define CONFIG_SW_COEXIST_PREFERENCE_VALUE CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_VALUE
 #endif
 #ifdef CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_WIFI
 #define CONFIG_SW_COEXIST_PREFERENCE_WIFI CONFIG_ESP32_WIFI_SW_COEXIST_PREFERENCE_WIFI
 #endif
 #ifdef CONFIG_ESP_SYSTEM_EVENT_QUEUE_SIZE
 #define CONFIG_SYSTEM_EVENT_QUEUE_SIZE CONFIG_ESP_SYSTEM_EVENT_QUEUE_SIZE
 #endif
@ -2005,5 +1987,5 @@
 #define CONFIG_WIFI_LWIP_ALLOCATION_FROM_SPIRAM_FIRST CONFIG_SPIRAM_TRY_ALLOCATE_WIFI_LWIP
 #endif
-#define CONFIG_ARDUINO_IDF_COMMIT "b6bec84c6"
+#define CONFIG_ARDUINO_IDF_COMMIT "a3f3c7bdc"
 #define CONFIG_ARDUINO_IDF_BRANCH "release/v4.0"
--- a/tools/sdk/include/driver/driver/ledc.h
+++ b/tools/sdk/include/driver/driver/ledc.h
@ -46,11 +46,6 @@ typedef enum {
    LEDC_DUTY_DIR_MAX,
 } ledc_duty_direction_t;
 typedef enum  {
    LEDC_REF_TICK = 0, /*!< LEDC timer clock divided from reference tick (1Mhz) */
    LEDC_APB_CLK,      /*!< LEDC timer clock divided from APB clock (80Mhz) */
 } ledc_clk_src_t;
 typedef enum {
    LEDC_AUTO_CLK,        /*!< The driver will automatically select the source clock(REF_TICK or APB) based on the giving resolution and duty parameter when init the timer*/
    LEDC_USE_REF_TICK,    /*!< LEDC timer select REF_TICK clock as source clock*/
@ -58,6 +53,15 @@ typedef enum {
    LEDC_USE_RTC8M_CLK,   /*!< LEDC timer select RTC8M_CLK as source clock. Only for low speed channels and this parameter must be the same for all low speed channels*/
 } ledc_clk_cfg_t;
 /* Note: Setting numeric values to match ledc_clk_cfg_t values are a hack to avoid collision with
   LEDC_AUTO_CLK in the driver, as these enums have very similar names and user may pass
   one of these by mistake. */
 typedef enum  {
    LEDC_REF_TICK = LEDC_USE_REF_TICK, /*!< LEDC timer clock divided from reference tick (1Mhz) */
    LEDC_APB_CLK = LEDC_USE_APB_CLK,  /*!< LEDC timer clock divided from APB clock (80Mhz) */
 } ledc_clk_src_t;
 typedef enum {
    LEDC_TIMER_0 = 0, /*!< LEDC timer 0 */
    LEDC_TIMER_1,     /*!< LEDC timer 1 */
@ -178,6 +182,19 @@ esp_err_t ledc_timer_config(const ledc_timer_config_t* timer_conf);
 */
 esp_err_t ledc_update_duty(ledc_mode_t speed_mode, ledc_channel_t channel);
 /**
 * @brief Set LEDC output gpio.
 *
 * @param  gpio_num The LEDC output gpio
 * @param speed_mode Select the LEDC speed_mode, high-speed mode and low-speed mode
 * @param  ledc_channel LEDC channel (0-7), select from ledc_channel_t
 *
 * @return
 *     - ESP_OK Success
 *     - ESP_ERR_INVALID_ARG Parameter error
 */
 esp_err_t ledc_set_pin(int gpio_num, ledc_mode_t speed_mode, ledc_channel_t ledc_channel);
 /**
 * @brief LEDC stop.
 *        Disable LEDC output, and set idle level
--- a/tools/sdk/include/esp-face/dl_lib_matrix3d.h
+++ b/tools/sdk/include/esp-face/dl_lib_matrix3d.h
@ -7,7 +7,7 @@
 #include <math.h>
 #include <assert.h>
-#if CONFIG_SPIRAM_SUPPORT
+#if CONFIG_ESP32_SPIRAM_SUPPORT
 #include "freertos/FreeRTOS.h"
 #endif
@ -80,20 +80,20 @@ typedef struct
 * @param align Align of memory. If not required, set 0.
 * @return Pointer of allocated memory. Null for failed.
 */
-static inline void *dl_lib_calloc(int cnt, int size, int align)
+static void *dl_lib_calloc(int cnt, int size, int align)
 {
    int total_size = cnt * size + align + sizeof(void *);
    void *res = malloc(total_size);
    if (NULL == res)
    {
-#if CONFIG_SPIRAM_SUPPORT
+#if CONFIG_ESP32_SPIRAM_SUPPORT
        res = heap_caps_malloc(total_size, MALLOC_CAP_8BIT | MALLOC_CAP_SPIRAM);
    }
    if (NULL == res)
    {
        printf("Item psram alloc failed. Size: %d x %d\n", cnt, size);
 #else
-        printf("Item alloc failed. Size: %d x %d\n", cnt, size);
+        printf("Item alloc failed. Size: %d x %d, SPIRAM_FLAG: %d\n", cnt, size, CONFIG_ESP32_SPIRAM_SUPPORT);
 #endif
        return NULL;
    }
--- a/tools/sdk/include/esp32-camera/esp_camera.h
+++ b/tools/sdk/include/esp32-camera/esp_camera.h
@ -68,6 +68,7 @@
 #include "esp_err.h"
 #include "driver/ledc.h"
 #include "sensor.h"
 #include "sys/time.h"
 #ifdef __cplusplus
 extern "C" {
@ -115,6 +116,7 @@ typedef struct {
    size_t width;               /*!< Width of the buffer in pixels */
    size_t height;              /*!< Height of the buffer in pixels */
    pixformat_t format;         /*!< Format of the pixel data */
    struct timeval timestamp;   /*!< Timestamp since boot of the first DMA buffer of the frame */
 } camera_fb_t;
 #define ESP_ERR_CAMERA_BASE 0x20000
--- a/tools/sdk/include/esp32-camera/sensor.h
+++ b/tools/sdk/include/esp32-camera/sensor.h
@ -9,11 +9,13 @@
 #ifndef __SENSOR_H__
 #define __SENSOR_H__
 #include <stdint.h>
 #include <stdbool.h>
 #define OV9650_PID     (0x96)
 #define OV2640_PID     (0x26)
 #define OV7725_PID     (0x77)
 #define OV2640_PID     (0x26)
 #define OV3660_PID     (0x36)
 #define OV5640_PID     (0x56)
 typedef enum {
    PIXFORMAT_RGB565,    // 2BPP/RGB565
@ -27,23 +29,45 @@ typedef enum {
 } pixformat_t;
 typedef enum {
-    FRAMESIZE_96x96,    // 96x96
+    FRAMESIZE_96X96,    // 96x96
    FRAMESIZE_QQVGA,    // 160x120
    FRAMESIZE_QQVGA2,   // 128x160
    FRAMESIZE_QCIF,     // 176x144
    FRAMESIZE_HQVGA,    // 240x176
-    FRAMESIZE_240x240,  // 240x240
+    FRAMESIZE_240X240,  // 240x240
    FRAMESIZE_QVGA,     // 320x240
    FRAMESIZE_CIF,      // 400x296
    FRAMESIZE_HVGA,     // 480x320
    FRAMESIZE_VGA,      // 640x480
    FRAMESIZE_SVGA,     // 800x600
    FRAMESIZE_XGA,      // 1024x768
    FRAMESIZE_HD,       // 1280x720
    FRAMESIZE_SXGA,     // 1280x1024
    FRAMESIZE_UXGA,     // 1600x1200
-    FRAMESIZE_QXGA,     // 2048*1536
+    // 3MP Sensors
    FRAMESIZE_FHD,      // 1920x1080
    FRAMESIZE_P_HD,     //  720x1280
    FRAMESIZE_P_3MP,    //  864x1536
    FRAMESIZE_QXGA,     // 2048x1536
    // 5MP Sensors
    FRAMESIZE_QHD,      // 2560x1440
    FRAMESIZE_WQXGA,    // 2560x1600
    FRAMESIZE_P_FHD,    // 1080x1920
    FRAMESIZE_QSXGA,    // 2560x1920
    FRAMESIZE_INVALID
 } framesize_t;
 typedef enum {
    ASPECT_RATIO_4X3,
    ASPECT_RATIO_3X2,
    ASPECT_RATIO_16X10,
    ASPECT_RATIO_5X3,
    ASPECT_RATIO_16X9,
    ASPECT_RATIO_21X9,
    ASPECT_RATIO_5X4,
    ASPECT_RATIO_1X1,
    ASPECT_RATIO_9X16
 } aspect_ratio_t;
 typedef enum {
    GAINCEILING_2X,
    GAINCEILING_4X,
@ -54,6 +78,28 @@ typedef enum {
    GAINCEILING_128X,
 } gainceiling_t;
 typedef struct {
        uint16_t max_width;
        uint16_t max_height;
        uint16_t start_x;
        uint16_t start_y;
        uint16_t end_x;
        uint16_t end_y;
        uint16_t offset_x;
        uint16_t offset_y;
        uint16_t total_x;
        uint16_t total_y;
 } ratio_settings_t;
 typedef struct {
        const uint16_t width;
        const uint16_t height;
        const aspect_ratio_t aspect_ratio;
 } resolution_info_t;
 // Resolution table (in sensor.c)
 extern const resolution_info_t resolution[];
 typedef struct {
    uint8_t MIDH;
    uint8_t MIDL;
@ -63,6 +109,8 @@ typedef struct {
 typedef struct {
    framesize_t framesize;//0 - 10
    bool scale;
    bool binning;
    uint8_t quality;//0 - 63
    int8_t brightness;//-2 - 2
    int8_t contrast;//-2 - 2
@ -132,9 +180,12 @@ typedef struct _sensor {
    int  (*set_raw_gma)         (sensor_t *sensor, int enable);
    int  (*set_lenc)            (sensor_t *sensor, int enable);
    int  (*get_reg)             (sensor_t *sensor, int reg, int mask);
    int  (*set_reg)             (sensor_t *sensor, int reg, int mask, int value);
    int  (*set_res_raw)         (sensor_t *sensor, int startX, int startY, int endX, int endY, int offsetX, int offsetY, int totalX, int totalY, int outputX, int outputY, bool scale, bool binning);
    int  (*set_pll)             (sensor_t *sensor, int bypass, int mul, int sys, int root, int pre, int seld5, int pclken, int pclk);
    int  (*set_xclk)            (sensor_t *sensor, int timer, int xclk);
 } sensor_t;
 // Resolution table (in camera.c)
 extern const int resolution[][2];
 #endif /* __SENSOR_H__ */
--- a/tools/sdk/include/esp_event/esp_event.h
+++ b/tools/sdk/include/esp_event/esp_event.h
@ -352,7 +352,7 @@ esp_err_t esp_event_isr_post_to(esp_event_loop_handle_t event_loop,
           address - memory address of the event loop
           name - name of the event loop, 'none' if no dedicated task
           total_recieved - number of successfully posted events
-           total_dropped - number of events unsucessfully posted due to queue being full
+           total_dropped - number of events unsuccessfully posted due to queue being full
   handler
       format: address ev:base,id inv:total_invoked run:total_runtime
--- a/tools/sdk/include/esp_http_client/esp_http_client.h
+++ b/tools/sdk/include/esp_http_client/esp_http_client.h
@ -473,6 +473,17 @@ esp_err_t esp_http_client_set_redirection(esp_http_client_handle_t client);
 */
 void esp_http_client_add_auth(esp_http_client_handle_t client);
 /**
 * @brief      Checks if entire data in the response has been read without any error.
 *
 * @param[in]  client   The esp_http_client handle
 * 
 * @return
 *     - true
 *     - false
 */
 bool esp_http_client_is_complete_data_received(esp_http_client_handle_t client);
 #ifdef __cplusplus
 }
 #endif
--- a/tools/sdk/include/esp_https_ota/esp_https_ota.h
+++ b/tools/sdk/include/esp_https_ota/esp_https_ota.h
@ -15,7 +15,7 @@
 #pragma once
 #include <esp_http_client.h>
-#include <esp_ota_ops.h>
+#include <bootloader_common.h>
 #ifdef __cplusplus
 extern "C" {
@ -110,6 +110,19 @@ esp_err_t esp_https_ota_begin(esp_https_ota_config_t *ota_config, esp_https_ota_
 */
 esp_err_t esp_https_ota_perform(esp_https_ota_handle_t https_ota_handle);
 /**
 * @brief   Checks if complete data was received or not
 *
 * @note    This API can be called just before esp_https_ota_finish() to validate if the complete image was indeed received.
 *
 * @param[in]   https_ota_handle pointer to esp_https_ota_handle_t structure
 *
 * @return
 *    - false
 *    - true
 */
 bool esp_https_ota_is_complete_data_received(esp_https_ota_handle_t https_ota_handle);
 /**
 * @brief    Clean-up HTTPS OTA Firmware upgrade and close HTTPS connection
 *
--- a/tools/sdk/include/esp_websocket_client/esp_websocket_client.h
+++ b/tools/sdk/include/esp_websocket_client/esp_websocket_client.h
@ -53,6 +53,8 @@ typedef struct {
    uint8_t op_code;                        /*!< Received opcode */
    esp_websocket_client_handle_t client;   /*!< esp_websocket_client_handle_t context */
    void *user_context;                     /*!< user_data context, from esp_websocket_client_config_t user_data */
    int payload_len;                        /*!< Total payload length, payloads exceeding buffer will be posted through multiple events */
    int payload_offset;                     /*!< Actual offset for the data associated with this event */
 } esp_websocket_event_data_t;
 /**
--- a/tools/sdk/include/esp_wifi/esp_coexist.h
+++ b/tools/sdk/include/esp_wifi/esp_coexist.h
@ -32,6 +32,22 @@ typedef enum {
    ESP_COEX_PREFER_NUM,            /*!< Prefer value numbers */
 } esp_coex_prefer_t;
 /**
 * @brief coex status type
 */
 typedef enum {
    ESP_COEX_ST_TYPE_WIFI = 0,
    ESP_COEX_ST_TYPE_BLE,
    ESP_COEX_ST_TYPE_BT,
 } esp_coex_status_type_t;
 #define ESP_COEX_BLE_ST_MESH_CONFIG        0x08
 #define ESP_COEX_BLE_ST_MESH_TRAFFIC       0x10
 #define ESP_COEX_BLE_ST_MESH_STANDBY       0x20
 #define ESP_COEX_BT_ST_A2DP_STREAMING      0x10
 #define ESP_COEX_BT_ST_A2DP_PAUSED         0x20
 /**
 * @brief Get software coexist version string
 *
@ -40,7 +56,8 @@ typedef enum {
 const char *esp_coex_version_get(void);
 /**
- * @brief Set coexist preference of performance
+ * @deprecated Use esp_coex_status_bit_set() and esp_coex_status_bit_clear() instead.
 *  Set coexist preference of performance
 *  For example, if prefer to bluetooth, then it will make A2DP(play audio via classic bt)
 *  more smooth while wifi is runnning something.
 *  If prefer to wifi, it will do similar things as prefer to bluetooth.
@ -51,6 +68,23 @@ const char *esp_coex_version_get(void);
 */
 esp_err_t esp_coex_preference_set(esp_coex_prefer_t prefer);
 /**
 * @brief Set coex schm status
 * @param type : WIFI/BLE/BT
 * @param status : WIFI/BLE/BT STATUS
 * @return : ESP_OK - success, other - failed
 */
 esp_err_t esp_coex_status_bit_set(esp_coex_status_type_t type, uint32_t status);
 /**
 * @brief Clear coex schm status
 * @param type : WIFI/BLE/BT
 * @param status : WIFI/BLE/BT STATUS
 * @return : ESP_OK - success, other - failed
 */
 esp_err_t esp_coex_status_bit_clear(esp_coex_status_type_t type, uint32_t status);
 #ifdef __cplusplus
 }
 #endif
--- a/tools/sdk/include/esp_wifi/esp_private/wifi.h
+++ b/tools/sdk/include/esp_wifi/esp_private/wifi.h
@ -377,6 +377,43 @@ esp_err_t esp_wifi_internal_get_log(wifi_log_level_t *log_level, uint32_t *log_m
  */
 esp_err_t esp_wifi_internal_ioctl(int cmd, wifi_ioctl_config_t *cfg);
 /**
  * @brief     Get the user-configured channel info 
  *
  * @param     ifx : WiFi interface 
  * @param     primary : store the configured primary channel 
  * @param     second : store the configured second channel
  *
  * @return    
  *    - ESP_OK: succeed
  */
 esp_err_t esp_wifi_internal_get_config_channel(wifi_interface_t ifx, uint8_t *primary, uint8_t *second);
 /**
  * @brief     Get the negotiated channel info after WiFi connection established 
  *
  * @param     ifx : WiFi interface 
  * @param     aid : the connection number when a STA connects to the softAP    
  * @param     primary : store the negotiated primary channel 
  * @param     second : store the negotiated second channel
  * @attention the aid param is only works when the ESP32 in softAP/softAP+STA mode 
  *
  * @return    
  *    - ESP_OK: succeed
  */
 esp_err_t esp_wifi_internal_get_negotiated_channel(wifi_interface_t ifx, uint8_t aid, uint8_t *primary, uint8_t *second);
 /**
  * @brief     Get the negotiated bandwidth info after WiFi connection established 
  *
  * @param     ifx : WiFi interface 
  * @param     bw : store the negotiated bandwidth 
  *
  * @return    
  *    - ESP_OK: succeed
  */
 esp_err_t esp_wifi_internal_get_negotiated_bandwidth(wifi_interface_t ifx, uint8_t aid, uint8_t *bw);
 #ifdef __cplusplus
 }
 #endif
--- a/tools/sdk/include/esp_wifi/esp_private/wifi_os_adapter.h
+++ b/tools/sdk/include/esp_wifi/esp_private/wifi_os_adapter.h
@ -106,6 +106,7 @@ typedef struct {
    int32_t (* _get_time)(void *t);
    unsigned long (* _random)(void);
    void (* _log_write)(uint32_t level, const char* tag, const char* format, ...);
    void (* _log_writev)(uint32_t level, const char* tag, const char* format, va_list args);
    uint32_t (* _log_timestamp)(void);
    void * (* _malloc_internal)(size_t size);
    void * (* _realloc_internal)(void *ptr, size_t size);
--- a/tools/sdk/include/esp_wifi/esp_wifi.h
+++ b/tools/sdk/include/esp_wifi/esp_wifi.h
@ -542,8 +542,10 @@ esp_err_t esp_wifi_get_bandwidth(wifi_interface_t ifx, wifi_bandwidth_t *bw);
 /**
  * @brief     Set primary/secondary channel of ESP32
  *
-  * @attention 1. This is a special API for sniffer
+  * @attention 1. This API should be called after esp_wifi_start()
-  * @attention 2. This API should be called after esp_wifi_start() and esp_wifi_set_promiscuous()
+  * @attention 2. When ESP32 is in STA mode, this API should not be called when STA is scanning or connecting to an external AP
  * @attention 3. When ESP32 is in softAP mode, this API should not be called when softAP has connected to external STAs
  * @attention 4. When ESP32 is in STA+softAP mode, this API should not be called when in the scenarios described above  
  *
  * @param     primary  for HT20, primary is the channel number, for HT40, primary is the primary channel
  * @param     second   for HT20, second is ignored, for HT40, second is the second channel
--- a/tools/sdk/include/esp_wifi/esp_wifi_types.h
+++ b/tools/sdk/include/esp_wifi/esp_wifi_types.h
@ -207,7 +207,7 @@ typedef struct {
    uint8_t channel;            /**< Channel of ESP32 soft-AP */
    wifi_auth_mode_t authmode;  /**< Auth mode of ESP32 soft-AP. Do not support AUTH_WEP in soft-AP mode */
    uint8_t ssid_hidden;        /**< Broadcast SSID or not, default 0, broadcast the SSID */
-    uint8_t max_connection;     /**< Max number of stations allowed to connect in, default 4, max 4 */
+    uint8_t max_connection;     /**< Max number of stations allowed to connect in, default 4, max 10 */
    uint16_t beacon_interval;   /**< Beacon interval, 100 ~ 60000 ms, default 100 ms */
 } wifi_ap_config_t;
--- a/tools/sdk/include/log/esp_log.h
+++ b/tools/sdk/include/log/esp_log.h
@ -106,6 +106,15 @@ uint32_t esp_log_early_timestamp(void);
 */
 void esp_log_write(esp_log_level_t level, const char* tag, const char* format, ...) __attribute__ ((format (printf, 3, 4)));
 /**
 * @brief Write message into the log, va_list variant
 * @see esp_log_write()
 *
 * This function is provided to ease integration toward other logging framework,
 * so that esp_log can be used as a log sink.
 */
 void esp_log_writev(esp_log_level_t level, const char* tag, const char* format, va_list args);
 /** @cond */
 #include "esp_log_internal.h"
--- a/tools/sdk/include/lwip/lwip/opt.h
+++ b/tools/sdk/include/lwip/lwip/opt.h
@ -1010,6 +1010,13 @@
 #define LWIP_DHCP_AUTOIP_COOP           0
 #endif
 /**
 * ESP_IPV6_AUTOCONFIG==1: Enable stateless address autoconfiguration as per RFC 4862.
 */
 #if !defined ESP_IPV6_AUTOCONFIG
 #define ESP_IPV6_AUTOCONFIG 0
 #endif
 /**
 * LWIP_DHCP_AUTOIP_COOP_TRIES: Set to the number of DHCP DISCOVER probes
 * that should be sent before falling back on AUTOIP (the DHCP client keeps
--- a/tools/sdk/include/lwip/lwipopts.h
+++ b/tools/sdk/include/lwip/lwipopts.h
@ -757,7 +757,6 @@
 #define ESP_THREAD_SAFE_DEBUG           LWIP_DBG_OFF
 #define ESP_DHCP                        1
 #define ESP_DNS                         1
 #define ESP_IPV6_AUTOCONFIG             1
 #define ESP_PERF                        0
 #define ESP_RANDOM_TCP_PORT             1
 #define ESP_IP4_ATON                    1
@ -781,6 +780,10 @@
 #define ESP_LWIP_SELECT                 1
 #define ESP_LWIP_LOCK                   1
 #ifdef CONFIG_LWIP_IPV6_AUTOCONFIG
 #define ESP_IPV6_AUTOCONFIG             CONFIG_LWIP_IPV6_AUTOCONFIG
 #endif
 #ifdef ESP_IRAM_ATTR
 #undef ESP_IRAM_ATTR
 #endif
--- a/tools/sdk/include/lwip/netif/ppp/pppapi.h
+++ b/tools/sdk/include/lwip/netif/ppp/pppapi.h
@ -47,7 +47,7 @@ extern "C" {
 struct pppapi_msg_msg {
  ppp_pcb *ppp;
  union {
-#if ESP_PPP
+#if ESP_PPP && PPP_AUTH_SUPPORT
    struct {
      u8_t authtype;
      const char *user;
@ -111,7 +111,7 @@ struct pppapi_msg {
 /* API for application */
 err_t pppapi_set_default(ppp_pcb *pcb);
-#if ESP_PPP
+#if ESP_PPP && PPP_AUTH_SUPPORT
 void pppapi_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd);
 #endif
 #if PPP_NOTIFY_PHASE
--- a/tools/sdk/include/mbedtls/mbedtls/bignum.h
+++ b/tools/sdk/include/mbedtls/mbedtls/bignum.h
@ -186,7 +186,7 @@ extern "C" {
 */
 typedef struct mbedtls_mpi
 {
-    int s;              /*!<  integer sign      */
+    int s;              /*!<  Sign: -1 if the mpi is negative, 1 otherwise */
    size_t n;           /*!<  total # of limbs  */
    mbedtls_mpi_uint *p;          /*!<  pointer to limbs  */
 }
@ -561,6 +561,24 @@ int mbedtls_mpi_cmp_abs( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 */
 int mbedtls_mpi_cmp_mpi( const mbedtls_mpi *X, const mbedtls_mpi *Y );
 /**
 * \brief          Check if an MPI is less than the other in constant time.
 *
 * \param X        The left-hand MPI. This must point to an initialized MPI
 *                 with the same allocated length as Y.
 * \param Y        The right-hand MPI. This must point to an initialized MPI
 *                 with the same allocated length as X.
 * \param ret      The result of the comparison:
 *                 \c 1 if \p X is less than \p Y.
 *                 \c 0 if \p X is greater than or equal to \p Y.
 *
 * \return         0 on success.
 * \return         MBEDTLS_ERR_MPI_BAD_INPUT_DATA if the allocated length of
 *                 the two input MPIs is not the same.
 */
 int mbedtls_mpi_lt_mpi_ct( const mbedtls_mpi *X, const mbedtls_mpi *Y,
        unsigned *ret );
 /**
 * \brief          Compare an MPI with an integer.
 *
--- a/tools/sdk/include/mbedtls/mbedtls/bn_mul.h
+++ b/tools/sdk/include/mbedtls/mbedtls/bn_mul.h
@ -642,7 +642,8 @@
           "r6", "r7", "r8", "r9", "cc"         \
         );
-#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
+#elif (__ARM_ARCH >= 6) && \
    defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
 #define MULADDC_INIT                            \
    asm(
--- a/tools/sdk/include/mbedtls/mbedtls/check_config.h
+++ b/tools/sdk/include/mbedtls/mbedtls/check_config.h
@ -134,7 +134,9 @@
    !defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)   &&                  \
    !defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) &&                  \
    !defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) &&                  \
-    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) ) )
+    !defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) &&                  \
    !defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) &&                 \
    !defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) ) )
 #error "MBEDTLS_ECP_C defined, but not all prerequisites"
 #endif
@ -279,6 +281,14 @@
 #error "MBEDTLS_MEMORY_BUFFER_ALLOC_C defined, but not all prerequisites"
 #endif
 #if defined(MBEDTLS_MEMORY_BACKTRACE) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #error "MBEDTLS_MEMORY_BACKTRACE defined, but not all prerequesites"
 #endif
 #if defined(MBEDTLS_MEMORY_DEBUG) && !defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
 #error "MBEDTLS_MEMORY_DEBUG defined, but not all prerequesites"
 #endif
 #if defined(MBEDTLS_PADLOCK_C) && !defined(MBEDTLS_HAVE_ASM)
 #error "MBEDTLS_PADLOCK_C defined, but not all prerequisites"
 #endif
@ -691,7 +701,7 @@
 /*
 * Avoid warning from -pedantic. This is a convenient place for this
 * workaround since this is included by every single file before the
- * #if defined(MBEDTLS_xxx_C) that results in emtpy translation units.
+ * #if defined(MBEDTLS_xxx_C) that results in empty translation units.
 */
 typedef int mbedtls_iso_c_forbids_empty_translation_units;
--- a/tools/sdk/include/mbedtls/mbedtls/config.h
+++ b/tools/sdk/include/mbedtls/mbedtls/config.h
@ -139,7 +139,7 @@
 *
 * System has time.h, time(), and an implementation for
 * mbedtls_platform_gmtime_r() (see below).
- * The time needs to be correct (not necesarily very accurate, but at least
+ * The time needs to be correct (not necessarily very accurate, but at least
 * the date should be correct). This is used to verify the validity period of
 * X.509 certificates.
 *
@ -276,28 +276,52 @@
 * For example, when a function accepts as input a pointer to a buffer that may
 * contain untrusted data, and its documentation mentions that this pointer
 * must not be NULL:
- * - the pointer is checked to be non-NULL only if this option is enabled
+ * - The pointer is checked to be non-NULL only if this option is enabled.
- * - the content of the buffer is always validated
+ * - The content of the buffer is always validated.
 *
 * When this flag is defined, if a library function receives a parameter that
- * is invalid, it will:
+ * is invalid:
- * - invoke the macro MBEDTLS_PARAM_FAILED() which by default expands to a
+ * 1. The function will invoke the macro MBEDTLS_PARAM_FAILED().
- *   call to the function mbedtls_param_failed()
+ * 2. If MBEDTLS_PARAM_FAILED() did not terminate the program, the function
- * - immediately return (with a specific error code unless the function
+ *   will immediately return. If the function returns an Mbed TLS error code,
- *   returns void and can't communicate an error).
+ *   the error code in this case is MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
 *
- * When defining this flag, you also need to:
+ * When defining this flag, you also need to arrange a definition for
- * - either provide a definition of the function mbedtls_param_failed() in
+ * MBEDTLS_PARAM_FAILED(). You can do this by any of the following methods:
- *   your application (see platform_util.h for its prototype) as the library
+ * - By default, the library defines MBEDTLS_PARAM_FAILED() to call a
- *   calls that function, but does not provide a default definition for it,
+ *   function mbedtls_param_failed(), but the library does not define this
- * - or provide a different definition of the macro MBEDTLS_PARAM_FAILED()
+ *   function. If you do not make any other arrangements, you must provide
- *   below if the above mechanism is not flexible enough to suit your needs.
+ *   the function mbedtls_param_failed() in your application.
- *   See the documentation of this macro later in this file.
+ *   See `platform_util.h` for its prototype.
 * - If you enable the macro #MBEDTLS_CHECK_PARAMS_ASSERT, then the
 *   library defines #MBEDTLS_PARAM_FAILED(\c cond) to be `assert(cond)`.
 *   You can still supply an alternative definition of
 *   MBEDTLS_PARAM_FAILED(), which may call `assert`.
 * - If you define a macro MBEDTLS_PARAM_FAILED() before including `config.h`
 *   or you uncomment the definition of MBEDTLS_PARAM_FAILED() in `config.h`,
 *   the library will call the macro that you defined and will not supply
 *   its own version. Note that if MBEDTLS_PARAM_FAILED() calls `assert`,
 *   you need to enable #MBEDTLS_CHECK_PARAMS_ASSERT so that library source
 *   files include `<assert.h>`.
 *
 * Uncomment to enable validation of application-controlled parameters.
 */
 //#define MBEDTLS_CHECK_PARAMS
 /**
 * \def MBEDTLS_CHECK_PARAMS_ASSERT
 *
 * Allow MBEDTLS_PARAM_FAILED() to call `assert`, and make it default to
 * `assert`. This macro is only used if #MBEDTLS_CHECK_PARAMS is defined.
 *
 * If this macro is not defined, then MBEDTLS_PARAM_FAILED() defaults to
 * calling a function mbedtls_param_failed(). See the documentation of
 * #MBEDTLS_CHECK_PARAMS for details.
 *
 * Uncomment to allow MBEDTLS_PARAM_FAILED() to call `assert`.
 */
 //#define MBEDTLS_CHECK_PARAMS_ASSERT
 /* \} name SECTION: System support */
 /**
@ -401,7 +425,7 @@
 * \note Because of a signature change, the core AES encryption and decryption routines are
 *       currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt,
 *       respectively. When setting up alternative implementations, these functions should
- *       be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
+ *       be overridden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt
 *       must stay untouched.
 *
 * \note If you use the AES_xxx_ALT macros, then is is recommended to also set
@ -416,6 +440,16 @@
 *            dependencies on them, and considering stronger message digests
 *            and ciphers instead.
 *
 * \warning   If both MBEDTLS_ECDSA_SIGN_ALT and MBEDTLS_ECDSA_DETERMINISTIC are
 *            enabled, then the deterministic ECDH signature functions pass the
 *            the static HMAC-DRBG as RNG to mbedtls_ecdsa_sign(). Therefore
 *            alternative implementations should use the RNG only for generating
 *            the ephemeral key and nothing else. If this is not possible, then
 *            MBEDTLS_ECDSA_DETERMINISTIC should be disabled and an alternative
 *            implementation should be provided for mbedtls_ecdsa_sign_det_ext()
 *            (and for mbedtls_ecdsa_sign_det() too if backward compatibility is
 *            desirable).
 *
 */
 //#define MBEDTLS_MD2_PROCESS_ALT
 //#define MBEDTLS_MD4_PROCESS_ALT
@ -655,6 +689,13 @@
 #define MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN
 #define MBEDTLS_CIPHER_PADDING_ZEROS
 /** \def MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
 *
 * Uncomment this macro to use a 128-bit key in the CTR_DRBG module.
 * By default, CTR_DRBG uses a 256-bit key.
 */
 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
 /**
 * \def MBEDTLS_ENABLE_WEAK_CIPHERSUITES
 *
@ -1558,7 +1599,7 @@
 * \def MBEDTLS_SSL_SESSION_TICKETS
 *
 * Enable support for RFC 5077 session tickets in SSL.
- * Client-side, provides full support for session tickets (maintainance of a
+ * Client-side, provides full support for session tickets (maintenance of a
 * session store remains the responsibility of the application, though).
 * Server-side, you also need to provide callbacks for writing and parsing
 * tickets, including authenticated encryption and key management. Example
@ -1724,7 +1765,7 @@
 *
 * \warning TLS-level compression MAY REDUCE SECURITY! See for example the
 * CRIME attack. Before enabling this option, you should examine with care if
- * CRIME or similar exploits may be a applicable to your use case.
+ * CRIME or similar exploits may be applicable to your use case.
 *
 * \note Currently compression can't be used with DTLS.
 *
@ -2115,7 +2156,11 @@
 *
 * Enable the CTR_DRBG AES-based random generator.
 * The CTR_DRBG generator uses AES-256 by default.
- * To use AES-128 instead, enable MBEDTLS_CTR_DRBG_USE_128_BIT_KEY below.
+ * To use AES-128 instead, enable \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY above.
 *
 * \note To achieve a 256-bit security strength with CTR_DRBG,
 *       you must use AES-256 *and* use sufficient entropy.
 *       See ctr_drbg.h for more details.
 *
 * Module:  library/ctr_drbg.c
 * Caller:
@ -3007,7 +3052,6 @@
 //#define MBEDTLS_CTR_DRBG_MAX_INPUT                256 /**< Maximum number of additional input bytes */
 //#define MBEDTLS_CTR_DRBG_MAX_REQUEST             1024 /**< Maximum number of requested bytes per call */
 //#define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT           384 /**< Maximum size of (re)seed buffer */
 //#define MBEDTLS_CTR_DRBG_USE_128_BIT_KEY              /**< Use 128-bit key for CTR_DRBG - may reduce security (see ctr_drbg.h) */
 /* HMAC_DRBG options */
 //#define MBEDTLS_HMAC_DRBG_RESEED_INTERVAL   10000 /**< Interval before reseed is performed by default */
@ -3036,7 +3080,7 @@
 //#define MBEDTLS_PLATFORM_STD_TIME            time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_STD_FPRINTF      fprintf /**< Default fprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_PRINTF        printf /**< Default printf to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_STD_SNPRINTF    snprintf /**< Default snprintf to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_SUCCESS       0 /**< Default exit value to use, can be undefined */
 //#define MBEDTLS_PLATFORM_STD_EXIT_FAILURE       1 /**< Default exit value to use, can be undefined */
@ -3053,20 +3097,23 @@
 //#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO       time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
 //#define MBEDTLS_PLATFORM_FPRINTF_MACRO      fprintf /**< Default fprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_PRINTF_MACRO        printf /**< Default printf macro to use, can be undefined */
-/* Note: your snprintf must correclty zero-terminate the buffer! */
+/* Note: your snprintf must correctly zero-terminate the buffer! */
 //#define MBEDTLS_PLATFORM_SNPRINTF_MACRO    snprintf /**< Default snprintf macro to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO   mbedtls_platform_std_nv_seed_read /**< Default nv_seed_read function to use, can be undefined */
 //#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO  mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
 /**
 * \brief       This macro is invoked by the library when an invalid parameter
- *              is detected that is only checked with MBEDTLS_CHECK_PARAMS
+ *              is detected that is only checked with #MBEDTLS_CHECK_PARAMS
 *              (see the documentation of that option for context).
 *
- *              When you leave this undefined here, a default definition is
+ *              When you leave this undefined here, the library provides
- *              provided that invokes the function mbedtls_param_failed(),
+ *              a default definition. If the macro #MBEDTLS_CHECK_PARAMS_ASSERT
- *              which is declared in platform_util.h for the benefit of the
+ *              is defined, the default definition is `assert(cond)`,
- *              library, but that you need to define in your application.
+ *              otherwise the default definition calls a function
 *              mbedtls_param_failed(). This function is declared in
 *              `platform_util.h` for the benefit of the library, but
 *              you need to define in your application.
 *
 *              When you define this here, this replaces the default
 *              definition in platform_util.h (which no longer declares the
@ -3075,6 +3122,9 @@
 *              particular, that all the necessary declarations are visible
 *              from within the library - you can ensure that by providing
 *              them in this file next to the macro definition).
 *              If you define this macro to call `assert`, also define
 *              #MBEDTLS_CHECK_PARAMS_ASSERT so that library source files
 *              include `<assert.h>`.
 *
 *              Note that you may define this macro to expand to nothing, in
 *              which case you don't have to worry about declarations or
--- a/tools/sdk/include/mbedtls/mbedtls/ctr_drbg.h
+++ b/tools/sdk/include/mbedtls/mbedtls/ctr_drbg.h
@ -1,7 +1,8 @@
 /**
 * \file ctr_drbg.h
 *
- * \brief    This file contains CTR_DRBG definitions and functions.
+ * \brief    This file contains definitions and functions for the
 *           CTR_DRBG pseudorandom generator.
 *
 * CTR_DRBG is a standardized way of building a PRNG from a block-cipher
 * in counter mode operation, as defined in <em>NIST SP 800-90A:
@ -9,13 +10,35 @@
 * Bit Generators</em>.
 *
 * The Mbed TLS implementation of CTR_DRBG uses AES-256 (default) or AES-128
- * as the underlying block cipher.
+ * (if \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled at compile time)
 * as the underlying block cipher, with a derivation function.
 * The initial seeding grabs #MBEDTLS_CTR_DRBG_ENTROPY_LEN bytes of entropy.
 * See the documentation of mbedtls_ctr_drbg_seed() for more details.
 *
- *  \warning Using 128-bit keys for CTR_DRBG limits the security of generated
+ * Based on NIST SP 800-90A §10.2.1 table 3 and NIST SP 800-57 part 1 table 2,
- *  keys and operations that use random values generated to 128-bit security.
+ * here are the security strengths achieved in typical configuration:
 * - 256 bits under the default configuration of the library, with AES-256
 *   and with #MBEDTLS_CTR_DRBG_ENTROPY_LEN set to 48 or more.
 * - 256 bits if AES-256 is used, #MBEDTLS_CTR_DRBG_ENTROPY_LEN is set
 *   to 32 or more, and the DRBG is initialized with an explicit
 *   nonce in the \c custom parameter to mbedtls_ctr_drbg_seed().
 * - 128 bits if AES-256 is used but #MBEDTLS_CTR_DRBG_ENTROPY_LEN is
 *   between 24 and 47 and the DRBG is not initialized with an explicit
 *   nonce (see mbedtls_ctr_drbg_seed()).
 * - 128 bits if AES-128 is used (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY enabled)
 *   and #MBEDTLS_CTR_DRBG_ENTROPY_LEN is set to 24 or more (which is
 *   always the case unless it is explicitly set to a different value
 *   in config.h).
 *
 * Note that the value of #MBEDTLS_CTR_DRBG_ENTROPY_LEN defaults to:
 * - \c 48 if the module \c MBEDTLS_SHA512_C is enabled and the symbol
 *   \c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled at compile time.
 *   This is the default configuration of the library.
 * - \c 32 if the module \c MBEDTLS_SHA512_C is disabled at compile time.
 * - \c 32 if \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled at compile time.
 */
 /*
- *  Copyright (C) 2006-2018, Arm Limited (or its affiliates), All Rights Reserved
+ *  Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -56,9 +79,19 @@
 #define MBEDTLS_CTR_DRBG_BLOCKSIZE          16 /**< The block size used by the cipher. */
 #if defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
-#define MBEDTLS_CTR_DRBG_KEYSIZE            16 /**< The key size used by the cipher (compile-time choice: 128 bits). */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            16
 /**< The key size in bytes used by the cipher.
 *
 * Compile-time choice: 16 bytes (128 bits)
 * because #MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled.
 */
 #else
-#define MBEDTLS_CTR_DRBG_KEYSIZE            32 /**< The key size used by the cipher (compile-time choice: 256 bits). */
+#define MBEDTLS_CTR_DRBG_KEYSIZE            32
 /**< The key size in bytes used by the cipher.
 *
 * Compile-time choice: 32 bytes (256 bits)
 * because \c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled.
 */
 #endif
 #define MBEDTLS_CTR_DRBG_KEYBITS            ( MBEDTLS_CTR_DRBG_KEYSIZE * 8 ) /**< The key size for the DRBG operation, in bits. */
@ -73,21 +106,31 @@
 * \{
 */
 /** \def MBEDTLS_CTR_DRBG_ENTROPY_LEN
 *
 * \brief The amount of entropy used per seed by default, in bytes.
 */
 #if !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN)
 #if defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
 /** This is 48 bytes because the entropy module uses SHA-512
 * (\c MBEDTLS_ENTROPY_FORCE_SHA256 is disabled).
 */
 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN        48
-/**< The amount of entropy used per seed by default:
+
- * <ul><li>48 with SHA-512.</li>
+#else /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
- * <li>32 with SHA-256.</li></ul>
+
 /** This is 32 bytes because the entropy module uses SHA-256
 * (the SHA512 module is disabled or
 * \c MBEDTLS_ENTROPY_FORCE_SHA256 is enabled).
 */
-#else
+#if !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY)
 /** \warning To achieve a 256-bit security strength, you must pass a nonce
 *           to mbedtls_ctr_drbg_seed().
 */
 #endif /* !defined(MBEDTLS_CTR_DRBG_USE_128_BIT_KEY) */
 #define MBEDTLS_CTR_DRBG_ENTROPY_LEN        32
-/**< Amount of entropy used per seed by default:
+#endif /* defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256) */
- * <ul><li>48 with SHA-512.</li>
+#endif /* !defined(MBEDTLS_CTR_DRBG_ENTROPY_LEN) */
 * <li>32 with SHA-256.</li></ul>
 */
 #endif
 #endif
 #if !defined(MBEDTLS_CTR_DRBG_RESEED_INTERVAL)
 #define MBEDTLS_CTR_DRBG_RESEED_INTERVAL    10000
@ -106,7 +149,7 @@
 #if !defined(MBEDTLS_CTR_DRBG_MAX_SEED_INPUT)
 #define MBEDTLS_CTR_DRBG_MAX_SEED_INPUT     384
-/**< The maximum size of seed or reseed buffer. */
+/**< The maximum size of seed or reseed buffer in bytes. */
 #endif
 /* \} name SECTION: Module settings */
@ -164,17 +207,68 @@ void mbedtls_ctr_drbg_init( mbedtls_ctr_drbg_context *ctx );
 * \brief               This function seeds and sets up the CTR_DRBG
 *                      entropy source for future reseeds.
 *
- * \note Personalization data can be provided in addition to the more generic
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
 * to use the entropy module:
 * - \p f_entropy is mbedtls_entropy_func();
 * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
 *   with mbedtls_entropy_init() (which registers the platform's default
 *   entropy sources).
 *
 * The entropy length is #MBEDTLS_CTR_DRBG_ENTROPY_LEN by default.
 * You can override it by calling mbedtls_ctr_drbg_set_entropy_len().
 *
 * You can provide a personalization string in addition to the
 * entropy source, to make this instantiation as unique as possible.
 *
 * \note                The _seed_material_ value passed to the derivation
 *                      function in the CTR_DRBG Instantiate Process
 *                      described in NIST SP 800-90A §10.2.1.3.2
 *                      is the concatenation of the string obtained from
 *                      calling \p f_entropy and the \p custom string.
 *                      The origin of the nonce depends on the value of
 *                      the entropy length relative to the security strength.
 *                      - If the entropy length is at least 1.5 times the
 *                        security strength then the nonce is taken from the
 *                        string obtained with \p f_entropy.
 *                      - If the entropy length is less than the security
 *                        strength, then the nonce is taken from \p custom.
 *                        In this case, for compliance with SP 800-90A,
 *                        you must pass a unique value of \p custom at
 *                        each invocation. See SP 800-90A §8.6.7 for more
 *                        details.
 */
 #if MBEDTLS_CTR_DRBG_ENTROPY_LEN < MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2
 /** \warning            When #MBEDTLS_CTR_DRBG_ENTROPY_LEN is less than
 *                      #MBEDTLS_CTR_DRBG_KEYSIZE * 3 / 2, to achieve the
 *                      maximum security strength permitted by CTR_DRBG,
 *                      you must pass a value of \p custom that is a nonce:
 *                      this value must never be repeated in subsequent
 *                      runs of the same application or on a different
 *                      device.
 */
 #endif
 /**
 * \param ctx           The CTR_DRBG context to seed.
 *                      It must have been initialized with
 *                      mbedtls_ctr_drbg_init().
 *                      After a successful call to mbedtls_ctr_drbg_seed(),
 *                      you may not call mbedtls_ctr_drbg_seed() again on
 *                      the same context unless you call
 *                      mbedtls_ctr_drbg_free() and mbedtls_ctr_drbg_init()
 *                      again first.
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
-                        length of the buffer.
+ *                      length of the buffer.
- * \param p_entropy     The entropy context.
+ *                      \p f_entropy is always called with a buffer size
- * \param custom        Personalization data, that is device-specific
+ *                      equal to the entropy length.
-                        identifiers. Can be NULL.
+ * \param p_entropy     The entropy context to pass to \p f_entropy.
- * \param len           The length of the personalization data.
+ * \param custom        The personalization string.
 *                      This can be \c NULL, in which case the personalization
 *                      string is empty regardless of the value of \p len.
 * \param len           The length of the personalization string.
 *                      This must be at most
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT
 *                      - #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
 *
 * \return              \c 0 on success.
 * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@ -197,7 +291,8 @@ void mbedtls_ctr_drbg_free( mbedtls_ctr_drbg_context *ctx );
 *                      The default value is off.
 *
 * \note                If enabled, entropy is gathered at the beginning of
- *                      every call to mbedtls_ctr_drbg_random_with_add().
+ *                      every call to mbedtls_ctr_drbg_random_with_add()
 *                      or mbedtls_ctr_drbg_random().
 *                      Only use this if your entropy source has sufficient
 *                      throughput.
 *
@ -209,17 +304,36 @@ void mbedtls_ctr_drbg_set_prediction_resistance( mbedtls_ctr_drbg_context *ctx,
 /**
 * \brief               This function sets the amount of entropy grabbed on each
- *                      seed or reseed. The default value is
+ *                      seed or reseed.
- *                      #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
+ *
 * The default value is #MBEDTLS_CTR_DRBG_ENTROPY_LEN.
 *
 * \note                The security strength of CTR_DRBG is bounded by the
 *                      entropy length. Thus:
 *                      - When using AES-256
 *                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is disabled,
 *                        which is the default),
 *                        \p len must be at least 32 (in bytes)
 *                        to achieve a 256-bit strength.
 *                      - When using AES-128
 *                        (\c MBEDTLS_CTR_DRBG_USE_128_BIT_KEY is enabled)
 *                        \p len must be at least 16 (in bytes)
 *                        to achieve a 128-bit strength.
 *
 * \param ctx           The CTR_DRBG context.
- * \param len           The amount of entropy to grab.
+ * \param len           The amount of entropy to grab, in bytes.
 *                      This must be at most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 */
 void mbedtls_ctr_drbg_set_entropy_len( mbedtls_ctr_drbg_context *ctx,
                               size_t len );
 /**
 * \brief               This function sets the reseed interval.
 *
 * The reseed interval is the number of calls to mbedtls_ctr_drbg_random()
 * or mbedtls_ctr_drbg_random_with_add() after which the entropy function
 * is called again.
 *
 * The default value is #MBEDTLS_CTR_DRBG_RESEED_INTERVAL.
 *
 * \param ctx           The CTR_DRBG context.
@ -233,8 +347,12 @@ void mbedtls_ctr_drbg_set_reseed_interval( mbedtls_ctr_drbg_context *ctx,
 *                      extracts data from the entropy source.
 *
 * \param ctx           The CTR_DRBG context.
- * \param additional    Additional data to add to the state. Can be NULL.
+ * \param additional    Additional data to add to the state. Can be \c NULL.
 * \param len           The length of the additional data.
 *                      This must be less than
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
 *                      where \c entropy_len is the entropy length
 *                      configured for the context.
 *
 * \return              \c 0 on success.
 * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on failure.
@ -246,7 +364,8 @@ int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx,
 * \brief              This function updates the state of the CTR_DRBG context.
 *
 * \param ctx          The CTR_DRBG context.
- * \param additional   The data to update the state with.
+ * \param additional   The data to update the state with. This must not be
 *                     \c NULL unless \p add_len is \c 0.
 * \param add_len      Length of \p additional in bytes. This must be at
 *                     most #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT.
 *
@ -264,14 +383,23 @@ int mbedtls_ctr_drbg_update_ret( mbedtls_ctr_drbg_context *ctx,
 * \brief   This function updates a CTR_DRBG instance with additional
 *          data and uses it to generate random data.
 *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
+ * \param output_len    The length of the buffer in bytes.
- * \param additional    Additional data to update. Can be NULL.
+ * \param additional    Additional data to update. Can be \c NULL, in which
- * \param add_len       The length of the additional data.
+ *                      case the additional data is empty regardless of
 *                      the value of \p add_len.
 * \param add_len       The length of the additional data
 *                      if \p additional is not \c NULL.
 *                      This must be less than #MBEDTLS_CTR_DRBG_MAX_INPUT
 *                      and less than
 *                      #MBEDTLS_CTR_DRBG_MAX_SEED_INPUT - \c entropy_len
 *                      where \c entropy_len is the entropy length
 *                      configured for the context.
 *
 * \return    \c 0 on success.
 * \return    #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
@ -284,12 +412,14 @@ int mbedtls_ctr_drbg_random_with_add( void *p_rng,
 /**
 * \brief   This function uses CTR_DRBG to generate random data.
 *
- * \note    The function automatically reseeds if the reseed counter is exceeded.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
 *
 * \param p_rng         The CTR_DRBG context. This must be a pointer to a
 *                      #mbedtls_ctr_drbg_context structure.
 * \param output        The buffer to fill.
- * \param output_len    The length of the buffer.
+ * \param output_len    The length of the buffer in bytes.
 *
 * \return              \c 0 on success.
 * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
@ -336,7 +466,7 @@ MBEDTLS_DEPRECATED void mbedtls_ctr_drbg_update(
 *
 * \return              \c 0 on success.
 * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
+ * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on reseed
 *                      failure.
 */
 int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
@ -350,8 +480,10 @@ int mbedtls_ctr_drbg_write_seed_file( mbedtls_ctr_drbg_context *ctx, const char
 *
 * \return              \c 0 on success.
 * \return              #MBEDTLS_ERR_CTR_DRBG_FILE_IO_ERROR on file error.
- * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return              #MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED on
- *                      #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG on failure.
+ *                      reseed failure.
 * \return              #MBEDTLS_ERR_CTR_DRBG_INPUT_TOO_BIG if the existing
 *                      seed file is too large.
 */
 int mbedtls_ctr_drbg_update_seed_file( mbedtls_ctr_drbg_context *ctx, const char *path );
 #endif /* MBEDTLS_FS_IO */
--- a/tools/sdk/include/mbedtls/mbedtls/ecdsa.h
+++ b/tools/sdk/include/mbedtls/mbedtls/ecdsa.h
@ -175,6 +175,19 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
 *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
 *                  4.1.3, step 5.
 *
 * \warning         Since the output of the internal RNG is always the same for
 *                  the same key and message, this limits the efficiency of
 *                  blinding and leaks information through side channels. For
 *                  secure behavior use mbedtls_ecdsa_sign_det_ext() instead.
 *
 *                  (Optimally the blinding is a random value that is different
 *                  on every execution. In this case the blinding is still
 *                  random from the attackers perspective, but is the same on
 *                  each execution. This means that this blinding does not
 *                  prevent attackers from recovering secrets by combining
 *                  several measurement traces, but may prevent some attacks
 *                  that exploit relationships between secret data.)
 *
 * \see             ecp.h
 *
 * \param grp       The context for the elliptic curve to use.
@ -200,6 +213,52 @@ int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r,
                            mbedtls_mpi *s, const mbedtls_mpi *d,
                            const unsigned char *buf, size_t blen,
                            mbedtls_md_type_t md_alg );
 /**
 * \brief           This function computes the ECDSA signature of a
 *                  previously-hashed message, deterministic version.
 *
 *                  For more information, see <em>RFC-6979: Deterministic
 *                  Usage of the Digital Signature Algorithm (DSA) and Elliptic
 *                  Curve Digital Signature Algorithm (ECDSA)</em>.
 *
 * \note            If the bitlength of the message hash is larger than the
 *                  bitlength of the group order, then the hash is truncated as
 *                  defined in <em>Standards for Efficient Cryptography Group
 *                  (SECG): SEC1 Elliptic Curve Cryptography</em>, section
 *                  4.1.3, step 5.
 *
 * \see             ecp.h
 *
 * \param grp           The context for the elliptic curve to use.
 *                      This must be initialized and have group parameters
 *                      set, for example through mbedtls_ecp_group_load().
 * \param r             The MPI context in which to store the first part
 *                      the signature. This must be initialized.
 * \param s             The MPI context in which to store the second part
 *                      the signature. This must be initialized.
 * \param d             The private signing key. This must be initialized
 *                      and setup, for example through mbedtls_ecp_gen_privkey().
 * \param buf           The hashed content to be signed. This must be a readable
 *                      buffer of length \p blen Bytes. It may be \c NULL if
 *                      \p blen is zero.
 * \param blen          The length of \p buf in Bytes.
 * \param md_alg        The hash algorithm used to hash the original data.
 * \param f_rng_blind   The RNG function used for blinding. This must not be
 *                      \c NULL.
 * \param p_rng_blind   The RNG context to be passed to \p f_rng. This may be
 *                      \c NULL if \p f_rng doesn't need a context parameter.
 *
 * \return          \c 0 on success.
 * \return          An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
 *                  error code on failure.
 */
 int mbedtls_ecdsa_sign_det_ext( mbedtls_ecp_group *grp, mbedtls_mpi *r,
                                mbedtls_mpi *s, const mbedtls_mpi *d,
                                const unsigned char *buf, size_t blen,
                                mbedtls_md_type_t md_alg,
                                int (*f_rng_blind)(void *, unsigned char *,
                                                   size_t),
                                void *p_rng_blind );
 #endif /* MBEDTLS_ECDSA_DETERMINISTIC */
 /**
--- a/tools/sdk/include/mbedtls/mbedtls/hkdf.h
+++ b/tools/sdk/include/mbedtls/mbedtls/hkdf.h
@ -7,7 +7,7 @@
 *          specified by RFC 5869.
 */
 /*
- * Copyright (C) 2016-2018, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2016-2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
--- a/tools/sdk/include/mbedtls/mbedtls/hmac_drbg.h
+++ b/tools/sdk/include/mbedtls/mbedtls/hmac_drbg.h
@ -1,10 +1,14 @@
 /**
 * \file hmac_drbg.h
 *
- * \brief HMAC_DRBG (NIST SP 800-90A)
+ * \brief The HMAC_DRBG pseudorandom generator.
 *
 * This module implements the HMAC_DRBG pseudorandom generator described
 * in <em>NIST SP 800-90A: Recommendation for Random Number Generation Using
 * Deterministic Random Bit Generators</em>.
 */
 /*
- *  Copyright (C) 2006-2015, ARM Limited, All Rights Reserved
+ *  Copyright (C) 2006-2019, ARM Limited, All Rights Reserved
 *  SPDX-License-Identifier: Apache-2.0
 *
 *  Licensed under the Apache License, Version 2.0 (the "License"); you may
@ -82,7 +86,7 @@ extern "C" {
 */
 typedef struct mbedtls_hmac_drbg_context
 {
-    /* Working state: the key K is not stored explicitely,
+    /* Working state: the key K is not stored explicitly,
     * but is implied by the HMAC context */
    mbedtls_md_context_t md_ctx;                    /*!< HMAC context (inc. K)  */
    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
@ -104,38 +108,72 @@ typedef struct mbedtls_hmac_drbg_context
 } mbedtls_hmac_drbg_context;
 /**
- * \brief               HMAC_DRBG context initialization
+ * \brief               HMAC_DRBG context initialization.
 *                      Makes the context ready for mbedtls_hmac_drbg_seed(),
 *                      mbedtls_hmac_drbg_seed_buf() or
 *                      mbedtls_hmac_drbg_free().
 *
- * \param ctx           HMAC_DRBG context to be initialized
+ * This function makes the context ready for mbedtls_hmac_drbg_seed(),
 * mbedtls_hmac_drbg_seed_buf() or mbedtls_hmac_drbg_free().
 *
 * \param ctx           HMAC_DRBG context to be initialized.
 */
 void mbedtls_hmac_drbg_init( mbedtls_hmac_drbg_context *ctx );
 /**
- * \brief               HMAC_DRBG initial seeding
+ * \brief               HMAC_DRBG initial seeding.
 *                      Seed and setup entropy source for future reseeds.
 *
- * \param ctx           HMAC_DRBG context to be seeded
+ * Set the initial seed and set up the entropy source for future reseeds.
 * \param md_info       MD algorithm to use for HMAC_DRBG
 * \param f_entropy     Entropy callback (p_entropy, buffer to fill, buffer
 *                      length)
 * \param p_entropy     Entropy context
 * \param custom        Personalization data (Device specific identifiers)
 *                      (Can be NULL)
 * \param len           Length of personalization data
 *
- * \note                The "security strength" as defined by NIST is set to:
+ * A typical choice for the \p f_entropy and \p p_entropy parameters is
- *                      128 bits if md_alg is SHA-1,
+ * to use the entropy module:
- *                      192 bits if md_alg is SHA-224,
+ * - \p f_entropy is mbedtls_entropy_func();
- *                      256 bits if md_alg is SHA-256 or higher.
+ * - \p p_entropy is an instance of ::mbedtls_entropy_context initialized
 *   with mbedtls_entropy_init() (which registers the platform's default
 *   entropy sources).
 *
 * You can provide a personalization string in addition to the
 * entropy source, to make this instantiation as unique as possible.
 *
 * \note                By default, the security strength as defined by NIST is:
 *                      - 128 bits if \p md_info is SHA-1;
 *                      - 192 bits if \p md_info is SHA-224;
 *                      - 256 bits if \p md_info is SHA-256, SHA-384 or SHA-512.
 *                      Note that SHA-256 is just as efficient as SHA-224.
 *                      The security strength can be reduced if a smaller
 *                      entropy length is set with
 *                      mbedtls_hmac_drbg_set_entropy_len().
 *
- * \return              0 if successful, or
+ * \note                The default entropy length is the security strength
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ *                      (converted from bits to bytes). You can override
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED, or
+ *                      it by calling mbedtls_hmac_drbg_set_entropy_len().
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED.
+ *
 * \note                During the initial seeding, this function calls
 *                      the entropy source to obtain a nonce
 *                      whose length is half the entropy length.
 *
 * \param ctx           HMAC_DRBG context to be seeded.
 * \param md_info       MD algorithm to use for HMAC_DRBG.
 * \param f_entropy     The entropy callback, taking as arguments the
 *                      \p p_entropy context, the buffer to fill, and the
 *                      length of the buffer.
 *                      \p f_entropy is always called with a length that is
 *                      less than or equal to the entropy length.
 * \param p_entropy     The entropy context to pass to \p f_entropy.
 * \param custom        The personalization string.
 *                      This can be \c NULL, in which case the personalization
 *                      string is empty regardless of the value of \p len.
 * \param len           The length of the personalization string.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
 *                      and also at most
 *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
 *                      where \p entropy_len is the entropy length
 *                      described above.
 *
 * \return              \c 0 if successful.
 * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
 *                      invalid.
 * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
 *                      memory to allocate context data.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
 *                      if the call to \p f_entropy failed.
 */
 int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
                    const mbedtls_md_info_t * md_info,
@ -146,98 +184,131 @@ int mbedtls_hmac_drbg_seed( mbedtls_hmac_drbg_context *ctx,
 /**
 * \brief               Initilisation of simpified HMAC_DRBG (never reseeds).
 *                      (For use with deterministic ECDSA.)
 *
- * \param ctx           HMAC_DRBG context to be initialised
+ * This function is meant for use in algorithms that need a pseudorandom
- * \param md_info       MD algorithm to use for HMAC_DRBG
+ * input such as deterministic ECDSA.
 * \param data          Concatenation of entropy string and additional data
 * \param data_len      Length of data in bytes
 *
- * \return              0 if successful, or
+ * \param ctx           HMAC_DRBG context to be initialised.
- *                      MBEDTLS_ERR_MD_BAD_INPUT_DATA, or
+ * \param md_info       MD algorithm to use for HMAC_DRBG.
- *                      MBEDTLS_ERR_MD_ALLOC_FAILED.
+ * \param data          Concatenation of the initial entropy string and
 *                      the additional data.
 * \param data_len      Length of \p data in bytes.
 *
 * \return              \c 0 if successful. or
 * \return              #MBEDTLS_ERR_MD_BAD_INPUT_DATA if \p md_info is
 *                      invalid.
 * \return              #MBEDTLS_ERR_MD_ALLOC_FAILED if there was not enough
 *                      memory to allocate context data.
 */
 int mbedtls_hmac_drbg_seed_buf( mbedtls_hmac_drbg_context *ctx,
                        const mbedtls_md_info_t * md_info,
                        const unsigned char *data, size_t data_len );
 /**
- * \brief               Enable / disable prediction resistance (Default: Off)
+ * \brief               This function turns prediction resistance on or off.
 *                      The default value is off.
 *
- * Note: If enabled, entropy is used for ctx->entropy_len before each call!
+ * \note                If enabled, entropy is gathered at the beginning of
- *       Only use this if you have ample supply of good entropy!
+ *                      every call to mbedtls_hmac_drbg_random_with_add()
 *                      or mbedtls_hmac_drbg_random().
 *                      Only use this if your entropy source has sufficient
 *                      throughput.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param resistance    MBEDTLS_HMAC_DRBG_PR_ON or MBEDTLS_HMAC_DRBG_PR_OFF
+ * \param resistance    #MBEDTLS_HMAC_DRBG_PR_ON or #MBEDTLS_HMAC_DRBG_PR_OFF.
 */
 void mbedtls_hmac_drbg_set_prediction_resistance( mbedtls_hmac_drbg_context *ctx,
                                          int resistance );
 /**
- * \brief               Set the amount of entropy grabbed on each reseed
+ * \brief               This function sets the amount of entropy grabbed on each
- *                      (Default: given by the security strength, which
+ *                      seed or reseed.
 *                      depends on the hash used, see \c mbedtls_hmac_drbg_init() )
 *
- * \param ctx           HMAC_DRBG context
+ * See the documentation of mbedtls_hmac_drbg_seed() for the default value.
- * \param len           Amount of entropy to grab, in bytes
+ *
 * \param ctx           The HMAC_DRBG context.
 * \param len           The amount of entropy to grab, in bytes.
 */
 void mbedtls_hmac_drbg_set_entropy_len( mbedtls_hmac_drbg_context *ctx,
                                size_t len );
 /**
- * \brief               Set the reseed interval
+ * \brief               Set the reseed interval.
 *                      (Default: MBEDTLS_HMAC_DRBG_RESEED_INTERVAL)
 *
- * \param ctx           HMAC_DRBG context
+ * The reseed interval is the number of calls to mbedtls_hmac_drbg_random()
- * \param interval      Reseed interval
+ * or mbedtls_hmac_drbg_random_with_add() after which the entropy function
 * is called again.
 *
 * The default value is #MBEDTLS_HMAC_DRBG_RESEED_INTERVAL.
 *
 * \param ctx           The HMAC_DRBG context.
 * \param interval      The reseed interval.
 */
 void mbedtls_hmac_drbg_set_reseed_interval( mbedtls_hmac_drbg_context *ctx,
                                    int interval );
 /**
- * \brief               HMAC_DRBG update state
+ * \brief               This function updates the state of the HMAC_DRBG context.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to update state with, or NULL
+ * \param additional    The data to update the state with.
- * \param add_len       Length of additional data, or 0
+ *                      If this is \c NULL, there is no additional data.
 * \param add_len       Length of \p additional in bytes.
 *                      Unused if \p additional is \c NULL.
 *
 * \return              \c 0 on success, or an error from the underlying
 *                      hash calculation.
 *
 * \note                Additional data is optional, pass NULL and 0 as second
 *                      third argument if no additional data is being used.
 */
 int mbedtls_hmac_drbg_update_ret( mbedtls_hmac_drbg_context *ctx,
                       const unsigned char *additional, size_t add_len );
 /**
- * \brief               HMAC_DRBG reseeding (extracts data from entropy source)
+ * \brief               This function reseeds the HMAC_DRBG context, that is
 *                      extracts data from the entropy source.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to add to state (Can be NULL)
+ * \param additional    Additional data to add to the state.
- * \param len           Length of additional data
+ *                      If this is \c NULL, there is no additional data
 *                      and \p len should be \c 0.
 * \param len           The length of the additional data.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
 *                      and also at most
 *                      #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
 *                      where \p entropy_len is the entropy length
 *                      (see mbedtls_hmac_drbg_set_entropy_len()).
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
 *                      if a call to the entropy function failed.
 */
 int mbedtls_hmac_drbg_reseed( mbedtls_hmac_drbg_context *ctx,
                      const unsigned char *additional, size_t len );
 /**
- * \brief               HMAC_DRBG generate random with additional update input
+ * \brief   This function updates an HMAC_DRBG instance with additional
 *          data and uses it to generate random data.
 *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \param p_rng         HMAC_DRBG context
+ * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- * \param output        Buffer to fill
+ *                      #mbedtls_hmac_drbg_context structure.
- * \param output_len    Length of the buffer
+ * \param output        The buffer to fill.
- * \param additional    Additional data to update with (can be NULL)
+ * \param output_len    The length of the buffer in bytes.
- * \param add_len       Length of additional data (can be 0)
+ *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 * \param additional    Additional data to update with.
 *                      If this is \c NULL, there is no additional data
 *                      and \p add_len should be \c 0.
 * \param add_len       The length of the additional data.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT.
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG, or
+ *                      if a call to the entropy source failed.
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG.
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
 *                      \p output_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if
 *                      \p add_len > #MBEDTLS_HMAC_DRBG_MAX_INPUT.
 */
 int mbedtls_hmac_drbg_random_with_add( void *p_rng,
                               unsigned char *output, size_t output_len,
@ -245,24 +316,29 @@ int mbedtls_hmac_drbg_random_with_add( void *p_rng,
                               size_t add_len );
 /**
- * \brief               HMAC_DRBG generate random
+ * \brief   This function uses HMAC_DRBG to generate random data.
 *
- * Note: Automatically reseeds if reseed_counter is reached or PR is enabled.
+ * This function automatically reseeds if the reseed counter is exceeded
 * or prediction resistance is enabled.
 *
- * \param p_rng         HMAC_DRBG context
+ * \param p_rng         The HMAC_DRBG context. This must be a pointer to a
- * \param output        Buffer to fill
+ *                      #mbedtls_hmac_drbg_context structure.
- * \param out_len       Length of the buffer
+ * \param output        The buffer to fill.
 * \param out_len       The length of the buffer in bytes.
 *                      This must be at most #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 *
- * \return              0 if successful, or
+ * \return              \c 0 if successful.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED, or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
- *                      MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
+ *                      if a call to the entropy source failed.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG if
 *                      \p out_len > #MBEDTLS_HMAC_DRBG_MAX_REQUEST.
 */
 int mbedtls_hmac_drbg_random( void *p_rng, unsigned char *output, size_t out_len );
 /**
 * \brief               Free an HMAC_DRBG context
 *
- * \param ctx           HMAC_DRBG context to free.
+ * \param ctx           The HMAC_DRBG context to free.
 */
 void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
@ -273,17 +349,16 @@ void mbedtls_hmac_drbg_free( mbedtls_hmac_drbg_context *ctx );
 #define MBEDTLS_DEPRECATED
 #endif
 /**
- * \brief               HMAC_DRBG update state
+ * \brief               This function updates the state of the HMAC_DRBG context.
 *
 * \deprecated          Superseded by mbedtls_hmac_drbg_update_ret()
 *                      in 2.16.0.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param additional    Additional data to update state with, or NULL
+ * \param additional    The data to update the state with.
- * \param add_len       Length of additional data, or 0
+ *                      If this is \c NULL, there is no additional data.
- *
+ * \param add_len       Length of \p additional in bytes.
- * \note                Additional data is optional, pass NULL and 0 as second
+ *                      Unused if \p additional is \c NULL.
 *                      third argument if no additional data is being used.
 */
 MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
    mbedtls_hmac_drbg_context *ctx,
@ -293,26 +368,31 @@ MBEDTLS_DEPRECATED void mbedtls_hmac_drbg_update(
 #if defined(MBEDTLS_FS_IO)
 /**
- * \brief               Write a seed file
+ * \brief               This function writes a seed file.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param path          Name of the file
+ * \param path          The name of the file.
 *
- * \return              0 if successful, 1 on file error, or
+ * \return              \c 0 on success.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on reseed
 *                      failure.
 */
 int mbedtls_hmac_drbg_write_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
 /**
- * \brief               Read and update a seed file. Seed is added to this
+ * \brief               This function reads and updates a seed file. The seed
- *                      instance
+ *                      is added to this instance.
 *
- * \param ctx           HMAC_DRBG context
+ * \param ctx           The HMAC_DRBG context.
- * \param path          Name of the file
+ * \param path          The name of the file.
 *
- * \return              0 if successful, 1 on file error,
+ * \return              \c 0 on success.
- *                      MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED or
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR on file error.
- *                      MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
+ * \return              #MBEDTLS_ERR_HMAC_DRBG_ENTROPY_SOURCE_FAILED on
 *                      reseed failure.
 * \return              #MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG if the existing
 *                      seed file is too large.
 */
 int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const char *path );
 #endif /* MBEDTLS_FS_IO */
@ -320,9 +400,10 @@ int mbedtls_hmac_drbg_update_seed_file( mbedtls_hmac_drbg_context *ctx, const ch
 #if defined(MBEDTLS_SELF_TEST)
 /**
- * \brief               Checkup routine
+ * \brief               The HMAC_DRBG Checkup routine.
 *
- * \return              0 if successful, or 1 if the test failed
+ * \return              \c 0 if successful.
 * \return              \c 1 if the test failed.
 */
 int mbedtls_hmac_drbg_self_test( int verbose );
 #endif
--- a/tools/sdk/include/mbedtls/mbedtls/pk.h
+++ b/tools/sdk/include/mbedtls/mbedtls/pk.h
@ -416,6 +416,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
 *
 * \note            For RSA, md_alg may be MBEDTLS_MD_NONE if hash_len != 0.
 *                  For ECDSA, md_alg may never be MBEDTLS_MD_NONE.
 *
 * \note            In order to ensure enough space for the signature, the
 *                  \p sig buffer size must be of at least
 *                  `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
 */
 int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
             const unsigned char *hash, size_t hash_len,
@ -430,6 +434,10 @@ int mbedtls_pk_sign( mbedtls_pk_context *ctx, mbedtls_md_type_t md_alg,
 *                  \c mbedtls_ecp_set_max_ops() to reduce blocking for ECC
 *                  operations. For RSA, same as \c mbedtls_pk_sign().
 *
 * \note            In order to ensure enough space for the signature, the
 *                  \p sig buffer size must be of at least
 *                  `max(MBEDTLS_ECDSA_MAX_LEN, MBEDTLS_MPI_MAX_SIZE)` bytes.
 *
 * \param ctx       The PK context to use. It must have been set up
 *                  with a private key.
 * \param md_alg    Hash algorithm used (see notes)
--- a/tools/sdk/include/mbedtls/mbedtls/platform_util.h
+++ b/tools/sdk/include/mbedtls/mbedtls/platform_util.h
@ -43,6 +43,12 @@ extern "C" {
 #if defined(MBEDTLS_CHECK_PARAMS)
 #if defined(MBEDTLS_CHECK_PARAMS_ASSERT)
 /* Allow the user to define MBEDTLS_PARAM_FAILED to something like assert
 * (which is what our config.h suggests). */
 #include <assert.h>
 #endif /* MBEDTLS_CHECK_PARAMS_ASSERT */
 #if defined(MBEDTLS_PARAM_FAILED)
 /** An alternative definition of MBEDTLS_PARAM_FAILED has been set in config.h.
 *
@ -50,6 +56,11 @@ extern "C" {
 * MBEDTLS_PARAM_FAILED() will expand to a call to mbedtls_param_failed().
 */
 #define MBEDTLS_PARAM_FAILED_ALT
 #elif defined(MBEDTLS_CHECK_PARAMS_ASSERT)
 #define MBEDTLS_PARAM_FAILED( cond ) assert( cond )
 #define MBEDTLS_PARAM_FAILED_ALT
 #else /* MBEDTLS_PARAM_FAILED */
 #define MBEDTLS_PARAM_FAILED( cond ) \
    mbedtls_param_failed( #cond, __FILE__, __LINE__ )
--- a/tools/sdk/include/mbedtls/mbedtls/rsa.h
+++ b/tools/sdk/include/mbedtls/mbedtls/rsa.h
@ -150,13 +150,13 @@ mbedtls_rsa_context;
 * \note           The choice of padding mode is strictly enforced for private key
 *                 operations, since there might be security concerns in
 *                 mixing padding modes. For public key operations it is
- *                 a default value, which can be overriden by calling specific
+ *                 a default value, which can be overridden by calling specific
 *                 \c rsa_rsaes_xxx or \c rsa_rsassa_xxx functions.
 *
 * \note           The hash selected in \p hash_id is always used for OEAP
 *                 encryption. For PSS signatures, it is always used for
- *                 making signatures, but can be overriden for verifying them.
+ *                 making signatures, but can be overridden for verifying them.
- *                 If set to #MBEDTLS_MD_NONE, it is always overriden.
+ *                 If set to #MBEDTLS_MD_NONE, it is always overridden.
 *
 * \param ctx      The RSA context to initialize. This must not be \c NULL.
 * \param padding  The padding mode to use. This must be either
@ -904,7 +904,8 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
+ *                 for an 2048-bit RSA modulus. A buffer length of
 *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -951,7 +952,8 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
+ *                 for an 2048-bit RSA modulus. A buffer length of
 *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@ -1012,7 +1014,8 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
 *                 the size of the hash corresponding to \p md_alg.
 * \param sig      The buffer to hold the signature. This must be a writable
 *                 buffer of length \c ctx->len Bytes. For example, \c 256 Bytes
- *                 for an 2048-bit RSA modulus.
+ *                 for an 2048-bit RSA modulus. A buffer length of
 *                 #MBEDTLS_MPI_MAX_SIZE is always safe.
 *
 * \return         \c 0 if the signing operation was successful.
 * \return         An \c MBEDTLS_ERR_RSA_XXX error code on failure.
--- a/tools/sdk/include/mbedtls/mbedtls/ssl.h
+++ b/tools/sdk/include/mbedtls/mbedtls/ssl.h
@ -2033,7 +2033,7 @@ void mbedtls_ssl_conf_ca_chain( mbedtls_ssl_config *conf,
 *                 provision more than one cert/key pair (eg one ECDSA, one
 *                 RSA with SHA-256, one RSA with SHA-1). An adequate
 *                 certificate will be selected according to the client's
- *                 advertised capabilities. In case mutliple certificates are
+ *                 advertised capabilities. In case multiple certificates are
 *                 adequate, preference is given to the one set by the first
 *                 call to this function, then second, etc.
 *
@ -3206,7 +3206,7 @@ void mbedtls_ssl_free( mbedtls_ssl_context *ssl );
 *                 mbedtls_ssl_config_defaults() or mbedtls_ssl_config_free().
 *
 * \note           You need to call mbedtls_ssl_config_defaults() unless you
- *                 manually set all of the relevent fields yourself.
+ *                 manually set all of the relevant fields yourself.
 *
 * \param conf     SSL configuration context
 */
--- a/tools/sdk/include/mbedtls/mbedtls/ssl_ticket.h
+++ b/tools/sdk/include/mbedtls/mbedtls/ssl_ticket.h
@ -117,14 +117,14 @@ int mbedtls_ssl_ticket_setup( mbedtls_ssl_ticket_context *ctx,
 /**
 * \brief           Implementation of the ticket write callback
 *
- * \note            See \c mbedlts_ssl_ticket_write_t for description
+ * \note            See \c mbedtls_ssl_ticket_write_t for description
 */
 mbedtls_ssl_ticket_write_t mbedtls_ssl_ticket_write;
 /**
 * \brief           Implementation of the ticket parse callback
 *
- * \note            See \c mbedlts_ssl_ticket_parse_t for description
+ * \note            See \c mbedtls_ssl_ticket_parse_t for description
 */
 mbedtls_ssl_ticket_parse_t mbedtls_ssl_ticket_parse;
--- a/tools/sdk/include/mbedtls/mbedtls/version.h
+++ b/tools/sdk/include/mbedtls/mbedtls/version.h
@ -40,16 +40,16 @@
 */
 #define MBEDTLS_VERSION_MAJOR  2
 #define MBEDTLS_VERSION_MINOR  16
-#define MBEDTLS_VERSION_PATCH  2
+#define MBEDTLS_VERSION_PATCH  5
 /**
 * The single version number has the following structure:
 *    MMNNPP00
 *    Major version | Minor version | Patch version
 */
-#define MBEDTLS_VERSION_NUMBER         0x02100200
+#define MBEDTLS_VERSION_NUMBER         0x02100500
-#define MBEDTLS_VERSION_STRING         "2.16.2"
+#define MBEDTLS_VERSION_STRING         "2.16.5"
-#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.2"
+#define MBEDTLS_VERSION_STRING_FULL    "mbed TLS 2.16.5"
 #if defined(MBEDTLS_VERSION_C)
--- a/tools/sdk/include/mbedtls/mbedtls/x509.h
+++ b/tools/sdk/include/mbedtls/mbedtls/x509.h
@ -77,7 +77,7 @@
 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
-#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occurred, eg the chain is too long or the vrfy callback failed. */
 /* \} name */
 /**
@ -250,7 +250,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
 *
 * \param to       mbedtls_x509_time to check
 *
- * \return         1 if the given time is in the past or an error occured,
+ * \return         1 if the given time is in the past or an error occurred,
 *                 0 otherwise.
 */
 int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
@ -264,7 +264,7 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
 *
 * \param from     mbedtls_x509_time to check
 *
- * \return         1 if the given time is in the future or an error occured,
+ * \return         1 if the given time is in the future or an error occurred,
 *                 0 otherwise.
 */
 int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
--- a/tools/sdk/include/mbedtls/mbedtls/x509_crl.h
+++ b/tools/sdk/include/mbedtls/mbedtls/x509_crl.h
@ -111,7 +111,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
 /**
 * \brief          Parse one or more CRLs and append them to the chained list
 *
- * \note           Mutliple CRLs are accepted only if using PEM format
+ * \note           Multiple CRLs are accepted only if using PEM format
 *
 * \param chain    points to the start of the chain
 * \param buf      buffer holding the CRL data in PEM or DER format
@ -126,7 +126,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
 /**
 * \brief          Load one or more CRLs and append them to the chained list
 *
- * \note           Mutliple CRLs are accepted only if using PEM format
+ * \note           Multiple CRLs are accepted only if using PEM format
 *
 * \param chain    points to the start of the chain
 * \param path     filename to read the CRLs from (in PEM or DER encoding)
--- a/tools/sdk/include/spi_flash/esp_flash.h
+++ b/tools/sdk/include/spi_flash/esp_flash.h
@ -230,8 +230,7 @@ esp_err_t esp_flash_set_protected_region(esp_flash_t *chip, const esp_flash_regi
 *
 * @return
 *      - ESP_OK: success
- *      - ESP_ERR_NO_MEM: the buffer is not valid, however failed to malloc on
+ *      - ESP_ERR_NO_MEM: Buffer is in external PSRAM which cannot be concurrently accessed, and a temporary internal buffer could not be allocated.
 *        the heap.
 *      - or a flash error code if operation failed.
 */
 esp_err_t esp_flash_read(esp_flash_t *chip, void *buffer, uint32_t address, uint32_t length);
--- a/tools/sdk/include/tcp_transport/esp_transport_ws.h
+++ b/tools/sdk/include/tcp_transport/esp_transport_ws.h
@ -14,6 +14,7 @@ extern "C" {
 #endif
 typedef enum ws_transport_opcodes {
    WS_TRANSPORT_OPCODES_CONT =  0x00,
    WS_TRANSPORT_OPCODES_TEXT =  0x01,
    WS_TRANSPORT_OPCODES_BINARY = 0x02,
    WS_TRANSPORT_OPCODES_CLOSE = 0x08,
@ -81,6 +82,16 @@ int esp_transport_ws_send_raw(esp_transport_handle_t t, ws_transport_opcodes_t o
 */
 ws_transport_opcodes_t esp_transport_ws_get_read_opcode(esp_transport_handle_t t);
 /**
 * @brief               Returns payload length of the last received data
 *
 * @param t             websocket transport handle
 *
 * @return
 *      - Number of bytes in the payload
 */
 int esp_transport_ws_get_read_payload_len(esp_transport_handle_t t);
 #ifdef __cplusplus
 }
--- a/tools/sdk/include/tcpip_adapter/tcpip_adapter.h
+++ b/tools/sdk/include/tcpip_adapter/tcpip_adapter.h
@ -439,6 +439,21 @@ esp_err_t tcpip_adapter_create_ip6_linklocal(tcpip_adapter_if_t tcpip_if);
 */
 esp_err_t tcpip_adapter_get_ip6_linklocal(tcpip_adapter_if_t tcpip_if, ip6_addr_t *if_ip6);
 /**
 * @brief  Get interface global IPv6 address
 *
 * If the specified interface is up and a preferred global IPv6 address
 * has been created for the interface, return a copy of it.
 *
 * @param[in]  tcpip_if Interface to get global IPv6 address
 * @param[out] if_ip6 IPv6 information will be returned in this argument if successful.
 *
 * @return
 *      - ESP_OK
 *      - ESP_FAIL If interface is down, does not have a global IPv6 address, or the global IPv6 address is not a preferred address.
 */
 esp_err_t tcpip_adapter_get_ip6_global(tcpip_adapter_if_t tcpip_if, ip6_addr_t *if_ip6);
 #if 0
 esp_err_t tcpip_adapter_get_mac(tcpip_adapter_if_t tcpip_if, uint8_t *mac);
--- a/tools/sdk/ld/esp32.project.ld
+++ b/tools/sdk/ld/esp32.project.ld
--- a/tools/sdk/ld/esp32.rom.ld
+++ b/tools/sdk/ld/esp32.rom.ld
@ -654,6 +654,7 @@ PROVIDE ( ld_acl_rx_sync = 0x4002fbec );
 PROVIDE ( ld_acl_rx_sync2 = 0x4002fd8c );
 PROVIDE ( ld_acl_rx_no_sync = 0x4002fe78 );
 PROVIDE ( ld_acl_clk_isr = 0x40030cf8 );
 PROVIDE ( ld_acl_rsw_frm_cbk = 0x40033bb0 );
 PROVIDE ( ld_sco_modify = 0x40031778 );
 PROVIDE ( lm_cmd_cmp_send = 0x40051838 );
 PROVIDE ( ld_sco_frm_cbk = 0x400349dc );
@ -1354,6 +1355,10 @@ PROVIDE ( esp_rom_spiflash_attach = 0x40062a6c );
 PROVIDE ( esp_rom_spiflash_config_clk = 0x40062bc8 );
 PROVIDE ( g_rom_spiflash_chip = 0x3ffae270 );
 PROVIDE ( hci_le_rd_rem_used_feats_cmd_handler = 0x400417b4 );
 PROVIDE ( llcp_length_req_handler = 0x40043808 );
 PROVIDE ( llcp_unknown_rsp_handler = 0x40043ba8 );
 /*
 These functions are xtos-related (or call xtos-related functions) and do not play well
 with multicore FreeRTOS. Where needed, we provide alternatives that are multicore
--- a/tools/sdk/lib/libapp_trace.a
+++ b/tools/sdk/lib/libapp_trace.a
--- a/tools/sdk/lib/libapp_update.a
+++ b/tools/sdk/lib/libapp_update.a
--- a/tools/sdk/lib/libasio.a
+++ b/tools/sdk/lib/libasio.a
--- a/tools/sdk/lib/libbootloader_support.a
+++ b/tools/sdk/lib/libbootloader_support.a
--- a/tools/sdk/lib/libbt.a
+++ b/tools/sdk/lib/libbt.a
--- a/tools/sdk/lib/libbtdm_app.a
+++ b/tools/sdk/lib/libbtdm_app.a
--- a/tools/sdk/lib/libcoap.a
+++ b/tools/sdk/lib/libcoap.a
--- a/tools/sdk/lib/libcoexist.a
+++ b/tools/sdk/lib/libcoexist.a
--- a/tools/sdk/lib/libconsole.a
+++ b/tools/sdk/lib/libconsole.a
--- a/tools/sdk/lib/libcore.a
+++ b/tools/sdk/lib/libcore.a
--- a/tools/sdk/lib/libcxx.a
+++ b/tools/sdk/lib/libcxx.a
--- a/tools/sdk/lib/libdl.a
+++ b/tools/sdk/lib/libdl.a
--- a/tools/sdk/lib/libdl_lib.a
+++ b/tools/sdk/lib/libdl_lib.a
--- a/tools/sdk/lib/libdriver.a
+++ b/tools/sdk/lib/libdriver.a
--- a/tools/sdk/lib/libefuse.a
+++ b/tools/sdk/lib/libefuse.a
--- a/tools/sdk/lib/libesp-tls.a
+++ b/tools/sdk/lib/libesp-tls.a
--- a/tools/sdk/lib/libesp32-camera.a
+++ b/tools/sdk/lib/libesp32-camera.a
--- a/tools/sdk/lib/libesp32.a
+++ b/tools/sdk/lib/libesp32.a
--- a/tools/sdk/lib/libesp_adc_cal.a
+++ b/tools/sdk/lib/libesp_adc_cal.a
--- a/tools/sdk/lib/libesp_common.a
+++ b/tools/sdk/lib/libesp_common.a
--- a/tools/sdk/lib/libesp_eth.a
+++ b/tools/sdk/lib/libesp_eth.a
--- a/tools/sdk/lib/libesp_event.a
+++ b/tools/sdk/lib/libesp_event.a
--- a/tools/sdk/lib/libesp_gdbstub.a
+++ b/tools/sdk/lib/libesp_gdbstub.a
--- a/tools/sdk/lib/libesp_http_client.a
+++ b/tools/sdk/lib/libesp_http_client.a
--- a/tools/sdk/lib/libesp_http_server.a
+++ b/tools/sdk/lib/libesp_http_server.a
--- a/tools/sdk/lib/libesp_https_ota.a
+++ b/tools/sdk/lib/libesp_https_ota.a
--- a/tools/sdk/lib/libesp_local_ctrl.a
+++ b/tools/sdk/lib/libesp_local_ctrl.a
--- a/tools/sdk/lib/libesp_ringbuf.a
+++ b/tools/sdk/lib/libesp_ringbuf.a
--- a/tools/sdk/lib/libesp_rom.a
+++ b/tools/sdk/lib/libesp_rom.a
--- a/tools/sdk/lib/libesp_websocket_client.a
+++ b/tools/sdk/lib/libesp_websocket_client.a
--- a/tools/sdk/lib/libesp_wifi.a
+++ b/tools/sdk/lib/libesp_wifi.a
--- a/tools/sdk/lib/libespcoredump.a
+++ b/tools/sdk/lib/libespcoredump.a
--- a/tools/sdk/lib/libespnow.a
+++ b/tools/sdk/lib/libespnow.a
--- a/tools/sdk/lib/libexpat.a
+++ b/tools/sdk/lib/libexpat.a
--- a/tools/sdk/lib/libface_detection.a
+++ b/tools/sdk/lib/libface_detection.a
--- a/tools/sdk/lib/libface_recognition.a
+++ b/tools/sdk/lib/libface_recognition.a
--- a/tools/sdk/lib/libfatfs.a
+++ b/tools/sdk/lib/libfatfs.a
--- a/tools/sdk/lib/libfb_gfx.a
+++ b/tools/sdk/lib/libfb_gfx.a
--- a/tools/sdk/lib/libfd.a
+++ b/tools/sdk/lib/libfd.a
--- a/tools/sdk/lib/libfr.a
+++ b/tools/sdk/lib/libfr.a
--- a/tools/sdk/lib/libfreemodbus.a
+++ b/tools/sdk/lib/libfreemodbus.a
--- a/tools/sdk/lib/libfreertos.a
+++ b/tools/sdk/lib/libfreertos.a
--- a/tools/sdk/lib/libheap.a
+++ b/tools/sdk/lib/libheap.a
--- a/tools/sdk/lib/libimage_util.a
+++ b/tools/sdk/lib/libimage_util.a
--- a/tools/sdk/lib/libjsmn.a
+++ b/tools/sdk/lib/libjsmn.a
--- a/tools/sdk/lib/libjson.a
+++ b/tools/sdk/lib/libjson.a
--- a/tools/sdk/lib/liblibsodium.a
+++ b/tools/sdk/lib/liblibsodium.a
--- a/tools/sdk/lib/liblog.a
+++ b/tools/sdk/lib/liblog.a
--- a/Show More
+++ b/Show More