diff --git a/components/mbedtls/port/esp_bignum.c b/components/mbedtls/port/esp_bignum.c
index 2133e7cae6..68fd8bec98 100644
--- a/components/mbedtls/port/esp_bignum.c
+++ b/components/mbedtls/port/esp_bignum.c
@@ -26,7 +26,6 @@
 #include <limits.h>
 #include <assert.h>
 #include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
 #include "rom/bigint.h"
 #include "soc/hwcrypto_reg.h"
 #include "esp_system.h"
@@ -38,9 +37,7 @@
 #include "freertos/task.h"
 #include "freertos/semphr.h"
 
-#if defined(MBEDTLS_MPI_MUL_MPI_ALT) || defined(MBEDTLS_MPI_EXP_MOD_ALT)
-
-static const char *TAG = "bignum";
+static const __attribute__((unused)) char *TAG = "bignum";
 
 #if defined(CONFIG_MBEDTLS_MPI_USE_INTERRUPT)
 static SemaphoreHandle_t op_complete_sem;
@@ -70,10 +67,7 @@ static void rsa_isr_initialise()
 
 static _lock_t mpi_lock;
 
-/* At the moment these hardware locking functions aren't exposed publically
-   for MPI. If you want to use the ROM bigint functions and co-exist with mbedTLS, please raise a feature request.
-*/
-static void esp_mpi_acquire_hardware( void )
+void esp_mpi_acquire_hardware( void )
 {
     /* newlib locks lazy initialize on ESP-IDF */
     _lock_acquire(&mpi_lock);
@@ -83,7 +77,7 @@ static void esp_mpi_acquire_hardware( void )
 #endif
 }
 
-static void esp_mpi_release_hardware( void )
+void esp_mpi_release_hardware( void )
 {
     ets_bigint_disable();
     _lock_release(&mpi_lock);
@@ -546,5 +540,3 @@ static int mpi_mult_mpi_failover_mod_mult(mbedtls_mpi *Z, const mbedtls_mpi *X,
 
 #endif /* MBEDTLS_MPI_MUL_MPI_ALT */
 
-#endif /* MBEDTLS_MPI_MUL_MPI_ALT || MBEDTLS_MPI_EXP_MOD_ALT */
-
diff --git a/components/mbedtls/port/include/aes_alt.h b/components/mbedtls/port/include/aes_alt.h
index 7161b282c2..d4da6ca878 100644
--- a/components/mbedtls/port/include/aes_alt.h
+++ b/components/mbedtls/port/include/aes_alt.h
@@ -20,7 +20,6 @@
  *
  *
  */
-
 #ifndef AES_ALT_H
 #define AES_ALT_H
 
@@ -56,4 +55,4 @@ typedef esp_aes_context mbedtls_aes_context;
 }
 #endif
 
-#endif /* aes.h */
+#endif
diff --git a/components/mbedtls/port/include/mbedtls/bignum.h b/components/mbedtls/port/include/mbedtls/bignum.h
new file mode 100644
index 0000000000..23cd56348a
--- /dev/null
+++ b/components/mbedtls/port/include/mbedtls/bignum.h
@@ -0,0 +1,78 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#ifndef __ESP_MBEDTLS_BIGNUM_H__
+#define __ESP_MBEDTLS_BIGNUM_H__
+
+#include_next "mbedtls/bignum.h"
+
+/**
+ * This is a wrapper for the main mbedtls/bignum.h. This wrapper
+ * provides a few additional ESP32-only functions.
+ *
+ * This is because we don't set MBEDTLS_BIGNUM_ALT in the same way we
+ * do for AES, SHA, etc. Because we still use most of the bignum.h
+ * implementation and just replace a few hardware accelerated
+ * functions (see MBEDTLS_MPI_EXP_MOD_ALT & MBEDTLS_MPI_MUL_MPI_ALT in
+ * esp_config.h).
+ *
+ * @note Unlike the other hardware accelerator support functions in esp32/hwcrypto, there is no
+ * generic "hwcrypto/bignum.h" header for using these functions without mbedTLS. The reason for this
+ * is that all of the function implementations depend strongly upon the mbedTLS MPI implementation.
+ */
+
+/**
+ * @brief Lock access to RSA Accelerator (MPI/bignum operations)
+ *
+ * RSA Accelerator hardware unit can only be used by one
+ * consumer at a time.
+ *
+ * @note This function is non-recursive (do not call it twice from the
+ * same task.)
+ *
+ * @note You do not need to call this if you are using the mbedTLS bignum.h
+ * API or esp_mpi_xxx functions. This function is only needed if you
+ * want to call ROM RSA functions or access the registers directly.
+ *
+ */
+void esp_mpi_acquire_hardware(void);
+
+/**
+ * @brief Unlock access to RSA Accelerator (MPI/bignum operations)
+ *
+ * Has to be called once for each call to esp_mpi_acquire_hardware().
+ *
+ * @note You do not need to call this if you are using the mbedTLS bignum.h
+ * API or esp_mpi_xxx functions. This function is only needed if you
+ * want to call ROM RSA functions or access the registers directly.
+ */
+void esp_mpi_release_hardware(void);
+
+/* @brief MPI modular mupltiplication function
+ *
+ * Calculates Z = (X * Y) mod M using MPI hardware acceleration.
+ *
+ * This is not part of the standard mbedTLS bignum API.
+ *
+ * @note All of X, Y & Z should be less than 4096 bit long or an error is returned.
+ *
+ * @param Z Result bignum, should be pre-initialised with mbedtls_mpi_init().
+ * @param X First multiplication argument.
+ * @param Y Second multiplication argument.
+ * @param M Modulus value for result.
+ *
+ * @return 0 on success, mbedTLS MPI error codes on failure.
+ */
+int esp_mpi_mul_mpi_mod(mbedtls_mpi *Z, const mbedtls_mpi *X, const mbedtls_mpi *Y, const mbedtls_mpi *M);
+
+#endif
diff --git a/components/mbedtls/port/include/sha1_alt.h b/components/mbedtls/port/include/sha1_alt.h
index 60297b9fbf..f5e69b3f95 100644
--- a/components/mbedtls/port/include/sha1_alt.h
+++ b/components/mbedtls/port/include/sha1_alt.h
@@ -1,7 +1,16 @@
-/*
- * copyright (c) 2010 - 2012 Espressif System
- *
- */
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #ifndef _SHA1_ALT_H_
 #define _SHA1_ALT_H_
 
diff --git a/components/mbedtls/port/include/sha256_alt.h b/components/mbedtls/port/include/sha256_alt.h
index 6d9986b3a1..143d8c75e1 100644
--- a/components/mbedtls/port/include/sha256_alt.h
+++ b/components/mbedtls/port/include/sha256_alt.h
@@ -1,8 +1,16 @@
-/*
- * copyright (c) 2010 - 2012 Espressif System
- *
- */
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
 
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #ifndef _SHA256_ALT_H_
 #define _SHA256_ALT_H_
 
@@ -30,4 +38,4 @@ typedef esp_sha_context mbedtls_sha256_context;
 }
 #endif
 
-#endif /* sha256.h */
+#endif
diff --git a/components/mbedtls/port/include/sha512_alt.h b/components/mbedtls/port/include/sha512_alt.h
index 241f2be3b3..8044b42754 100644
--- a/components/mbedtls/port/include/sha512_alt.h
+++ b/components/mbedtls/port/include/sha512_alt.h
@@ -1,9 +1,16 @@
-/*
- * copyright (c) 2010 - 2012 Espressif System
- *
- * esf Link List Descriptor
- */
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
 
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 #ifndef _SHA512_ALT_H_
 #define _SHA512_ALT_H_
 
@@ -30,4 +37,4 @@ typedef esp_sha_context  mbedtls_sha512_context;
 }
 #endif
 
-#endif /* sha512.h */
+#endif