Merge pull request #4164 from chris-jones-arm/move-internal-headers

Unify internal headers in library/
2021-03-29 11:18:54 +02:00 · 2021-03-29 11:18:54 +02:00 · 4dfb83c0d7
commit 4dfb83c0d7
parent 569789393c 8d2bc90b4e
61 changed files with 186 additions and 184 deletions
--- a/ChangeLog.d/move_alt_helpers.txt
+++ b/ChangeLog.d/move_alt_helpers.txt
@ -0,0 +1,7 @@
+API changes
+   * Move alt helpers and definitions.
+     Various helpers and definitions available for use in alt implementations
+     have been moved out of the include/ directory and into the library/
+     directory. The files concerned are ecp_internal.h and rsa_internal.h
+     which have also been renamed to ecp_alt.h and rsa_alt_helpers.h
+     respectively.
--- a/ChangeLog.d/move_internal_headers.txt
+++ b/ChangeLog.d/move_internal_headers.txt
@ -0,0 +1,6 @@
+API changes
+   * Move internal headers.
+     Header files that were only meant for the library's internal use and
+     were not meant to be used in application code have been moved out of
+     the include/ directory. The headers concerned are bn_mul.h, aesni.h,
+     padlock.h, entropy_poll.h and *_internal.h.
--- a/configs/config-psa-crypto.h
+++ b/configs/config-psa-crypto.h
@ -48,7 +48,7 @@
 * Used in:
 *      library/aria.c
 *      library/timing.c
- *      include/mbedtls/bn_mul.h
+ *      library/bn_mul.h
 *
 * Required by:
 *      MBEDTLS_AESNI_C
@ -1955,7 +1955,7 @@
 *          library/ecp.c
 *          library/ecdsa.c
 *          library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.h
 *          library/ssl_tls.c
 *
 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@ -2710,7 +2710,7 @@
 * Enable the RSA public-key cryptosystem.
 *
 * Module:  library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.h
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@ -229,13 +229,13 @@ enum {
 /** Maximum length of any IV, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
 * This should be kept in sync with MBEDTLS_SSL_MAX_IV_LENGTH defined
- * in ssl_internal.h. */
+ * in library/ssl_misc.h. */
 #define MBEDTLS_MAX_IV_LENGTH      16

 /** Maximum block size of any cipher, in Bytes. */
 /* This should ideally be derived automatically from list of ciphers.
 * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h. */
+ * in library/ssl_misc.h. */
 #define MBEDTLS_MAX_BLOCK_LENGTH   16

 /** Maximum key length, in Bytes. */
@ -243,7 +243,7 @@ enum {
 * For now, only check whether XTS is enabled which uses 64 Byte keys,
 * and use 32 Bytes as an upper bound for the maximum key length otherwise.
 * This should be kept in sync with MBEDTLS_SSL_MAX_BLOCK_LENGTH defined
- * in ssl_internal.h, which however deliberately ignores the case of XTS
+ * in library/ssl_misc.h, which however deliberately ignores the case of XTS
 * since the latter isn't used in SSL/TLS. */
 #if defined(MBEDTLS_CIPHER_MODE_XTS)
 #define MBEDTLS_MAX_KEY_LENGTH     64
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@ -48,7 +48,7 @@
 * Used in:
 *      library/aria.c
 *      library/timing.c
- *      include/mbedtls/bn_mul.h
+ *      library/bn_mul.h
 *
 * Required by:
 *      MBEDTLS_AESNI_C
@ -547,7 +547,8 @@
 * hardware entropy collector.
 *
 * Your function must be called \c mbedtls_hardware_poll(), have the same
- * prototype as declared in entropy_poll.h, and accept NULL as first argument.
+ * prototype as declared in library/entropy_poll.h, and accept NULL as first
+ * argument.
 *
 * Uncomment to use your own hardware entropy collector.
 */
@ -2400,7 +2401,7 @@
 *          library/ecp.c
 *          library/ecdsa.c
 *          library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.c
 *          library/ssl_tls.c
 *
 * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support.
@ -3186,7 +3187,7 @@
 * Enable the RSA public-key cryptosystem.
 *
 * Module:  library/rsa.c
- *          library/rsa_internal.c
+ *          library/rsa_alt_helpers.c
 * Caller:  library/ssl_cli.c
 *          library/ssl_srv.c
 *          library/ssl_tls.c
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@ -134,6 +134,14 @@ typedef struct mbedtls_entropy_context
 }
 mbedtls_entropy_context;

+#if !defined(MBEDTLS_NO_PLATFORM_ENTROPY)
+/**
+ * \brief           Platform-specific entropy poll callback
+ */
+int mbedtls_platform_entropy_poll( void *data,
+                           unsigned char *output, size_t len, size_t *olen );
+#endif
+
 /**
 * \brief           Initialize the context
 *
--- a/include/mbedtls/md.h
+++ b/include/mbedtls/md.h
@ -79,8 +79,15 @@ typedef enum {
 #endif

 /**
- * Opaque struct defined in md_internal.h.
+ * Opaque struct.
+ *
+ * Constructed using either #mbedtls_md_info_from_string or
+ * #mbedtls_md_info_from_type.
+ *
+ * Fields can be accessed with #mbedtls_md_get_size,
+ * #mbedtls_md_get_type and #mbedtls_md_get_name.
 */
+/* Defined internally in library/md_wrap.h. */
 typedef struct mbedtls_md_info_t mbedtls_md_info_t;

 /**
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@ -118,7 +118,7 @@ typedef struct mbedtls_pk_rsassa_pss_options
 /* For RSA, the signature can be as large as the bignum module allows.
 * For RSA_ALT, the signature size is not necessarily tied to what the
 * bignum module can do, but in the absence of any specific setting,
- * we use that (rsa_alt_sign_wrap in pk_wrap will check). */
+ * we use that (rsa_alt_sign_wrap in library/pk_wrap.h will check). */
 #undef MBEDTLS_PK_SIGNATURE_MAX_SIZE
 #define MBEDTLS_PK_SIGNATURE_MAX_SIZE MBEDTLS_MPI_MAX_SIZE
 #endif
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@ -619,7 +619,7 @@ typedef struct mbedtls_ssl_session mbedtls_ssl_session;
 typedef struct mbedtls_ssl_context mbedtls_ssl_context;
 typedef struct mbedtls_ssl_config  mbedtls_ssl_config;

-/* Defined in ssl_internal.h */
+/* Defined in library/ssl_misc.h */
 typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
 typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
 typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@ -297,8 +297,10 @@ void mbedtls_psa_get_stats( mbedtls_psa_stats_t *stats );
 * \param[in] seed          Buffer containing the seed value to inject.
 * \param[in] seed_size     Size of the \p seed buffer.
 *                          The size of the seed in bytes must be greater
- *                          or equal to both #MBEDTLS_ENTROPY_MIN_PLATFORM
- *                          and #MBEDTLS_ENTROPY_BLOCK_SIZE.
+ *                          or equal to both #MBEDTLS_ENTROPY_BLOCK_SIZE
+ *                          and the value of \c MBEDTLS_ENTROPY_MIN_PLATFORM
+ *                          in `library/entropy_poll.h` in the Mbed TLS source
+ *                          code.
 *                          It must be less or equal to
 *                          #MBEDTLS_ENTROPY_MAX_SEED_SIZE.
 *
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@ -67,7 +67,7 @@ set(src_crypto
    psa_its_file.c
    ripemd160.c
    rsa.c
-    rsa_internal.c
+    rsa_alt_helpers.c
    sha1.c
    sha256.c
    sha512.c
--- a/library/Makefile
+++ b/library/Makefile
@ -124,7 +124,7 @@ OBJS_CRYPTO= \
 	     psa_its_file.o \
 	     ripemd160.o \
 	     rsa.o \
-	     rsa_internal.o \
+	     rsa_alt_helpers.o \
 	     sha1.o \
 	     sha256.o \
 	     sha512.o \
--- a/library/aes.c
+++ b/library/aes.c
@ -34,10 +34,10 @@
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
+#include "padlock.h"
 #endif
 #if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
+#include "aesni.h"
 #endif

 #if defined(MBEDTLS_SELF_TEST)
--- a/library/aesni.c
+++ b/library/aesni.c
@ -32,7 +32,7 @@
 #endif
 #endif

-#include "mbedtls/aesni.h"
+#include "aesni.h"

 #include <string.h>

--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
--- a/library/bignum.c
+++ b/library/bignum.c
@ -38,7 +38,7 @@
 #if defined(MBEDTLS_BIGNUM_C)

 #include "mbedtls/bignum.h"
-#include "mbedtls/bn_mul.h"
+#include "bn_mul.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
--- a/library/cipher.c
+++ b/library/cipher.c
@ -26,7 +26,7 @@
 #if defined(MBEDTLS_CIPHER_C)

 #include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
+#include "cipher_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@ -25,7 +25,7 @@

 #if defined(MBEDTLS_CIPHER_C)

-#include "mbedtls/cipher_internal.h"
+#include "cipher_wrap.h"
 #include "mbedtls/error.h"

 #if defined(MBEDTLS_CHACHAPOLY_C)
--- a/include/mbedtls/cipher_internal.h
+++ b/include/mbedtls/cipher_internal.h
@ -1,5 +1,5 @@
 /**
- * \file cipher_internal.h
+ * \file cipher_wrap.h
 *
 * \brief Cipher wrappers.
 *
--- a/library/ecp.c
+++ b/library/ecp.c
@ -97,7 +97,7 @@
 #define mbedtls_free       free
 #endif

-#include "mbedtls/ecp_internal.h"
+#include "ecp_alt.h"

 #if !defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
 #if defined(MBEDTLS_HMAC_DRBG_C)
--- a/include/mbedtls/ecp_internal.h
+++ b/include/mbedtls/ecp_internal.h
@ -1,5 +1,5 @@
 /**
- * \file ecp_internal.h
+ * \file ecp_alt.h
 *
 * \brief Function declarations for alternative implementation of elliptic curve
 * point arithmetic.
@ -293,5 +293,5 @@ int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,

 #endif /* MBEDTLS_ECP_INTERNAL_ALT */

-#endif /* ecp_internal.h */
+#endif /* ecp_alt.h */

--- a/library/entropy.c
+++ b/library/entropy.c
@ -28,7 +28,7 @@
 #endif

 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

--- a/library/entropy_poll.c
+++ b/library/entropy_poll.c
@ -29,7 +29,7 @@
 #if defined(MBEDTLS_ENTROPY_C)

 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 #include "mbedtls/error.h"

 #if defined(MBEDTLS_TIMING_C)
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
--- a/library/error.c
+++ b/library/error.c
@ -146,10 +146,6 @@
 #include "mbedtls/oid.h"
 #endif

-#if defined(MBEDTLS_PADLOCK_C)
-#include "mbedtls/padlock.h"
-#endif
-
 #if defined(MBEDTLS_PEM_PARSE_C) || defined(MBEDTLS_PEM_WRITE_C)
 #include "mbedtls/pem.h"
 #endif
@ -822,11 +818,6 @@ const char * mbedtls_low_level_strerr( int error_code )
            return( "OID - output buffer is too small" );
 #endif /* MBEDTLS_OID_C */

-#if defined(MBEDTLS_PADLOCK_C)
-        case -(MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED):
-            return( "PADLOCK - Input data should be aligned" );
-#endif /* MBEDTLS_PADLOCK_C */
-
 #if defined(MBEDTLS_PLATFORM_C)
        case -(MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED):
            return( "PLATFORM - Hardware accelerator failed" );
--- a/library/gcm.c
+++ b/library/gcm.c
@ -38,7 +38,7 @@
 #include <string.h>

 #if defined(MBEDTLS_AESNI_C)
-#include "mbedtls/aesni.h"
+#include "aesni.h"
 #endif

 #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C)
--- a/library/md.c
+++ b/library/md.c
@ -26,7 +26,7 @@
 #if defined(MBEDTLS_MD_C)

 #include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
+#include "md_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"

--- a/include/mbedtls/md_internal.h
+++ b/include/mbedtls/md_internal.h
@ -1,5 +1,5 @@
 /**
- * \file md_internal.h
+ * \file md_wrap.h
 *
 * \brief Message digest wrappers.
 *
--- a/library/padlock.c
+++ b/library/padlock.c
@ -27,7 +27,7 @@

 #if defined(MBEDTLS_PADLOCK_C)

-#include "mbedtls/padlock.h"
+#include "padlock.h"

 #include <string.h>

--- a/include/mbedtls/padlock.h
+++ b/include/mbedtls/padlock.h
--- a/library/pk.c
+++ b/library/pk.c
@ -21,7 +21,7 @@

 #if defined(MBEDTLS_PK_C)
 #include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"

 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@ -20,7 +20,7 @@
 #include "common.h"

 #if defined(MBEDTLS_PK_C)
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"
 #include "mbedtls/error.h"

 /* Even if RSA not activated, for the sake of RSA-alt */
--- a/include/mbedtls/pk_internal.h
+++ b/include/mbedtls/pk_internal.h
@ -1,5 +1,5 @@
 /**
- * \file pk_internal.h
+ * \file pk_wrap.h
 *
 * \brief Public Key abstraction layer: wrapper functions
 */
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -73,9 +73,9 @@
 #include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
 #include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
+#include "md_wrap.h"
 #include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
+#include "pk_wrap.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
 #include "mbedtls/ripemd160.h"
@ -6482,7 +6482,7 @@ int mbedtls_psa_get_random( void *p_rng,
 #endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */

 #if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"

 psa_status_t mbedtls_psa_inject_entropy( const uint8_t *seed,
                                         size_t seed_size )
--- a/library/rsa.c
+++ b/library/rsa.c
@ -40,7 +40,7 @@
 #if defined(MBEDTLS_RSA_C)

 #include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
+#include "rsa_alt_helpers.h"
 #include "mbedtls/oid.h"
 #include "mbedtls/platform_util.h"
 #include "mbedtls/error.h"
--- a/library/rsa_alt_helpers.c
+++ b/library/rsa_alt_helpers.c
@ -24,7 +24,7 @@

 #include "mbedtls/rsa.h"
 #include "mbedtls/bignum.h"
-#include "mbedtls/rsa_internal.h"
+#include "rsa_alt_helpers.h"

 /*
 * Compute RSA prime factors from public and private exponents
@ -237,90 +237,36 @@ cleanup:
    return( ret );
 }

-/*
- * Check that RSA CRT parameters are in accordance with core parameters.
- */
-int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
-                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
-                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
+int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
+                            const mbedtls_mpi *D, mbedtls_mpi *DP,
+                            mbedtls_mpi *DQ, mbedtls_mpi *QP )
 {
    int ret = 0;
-
-    mbedtls_mpi K, L;
+    mbedtls_mpi K;
    mbedtls_mpi_init( &K );
-    mbedtls_mpi_init( &L );

-    /* Check that DP - D == 0 mod P - 1 */
+    /* DP = D mod P-1 */
    if( DP != NULL )
    {
-        if( P == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1  ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
    }

-    /* Check that DQ - D == 0 mod Q - 1 */
+    /* DQ = D mod Q-1 */
    if( DQ != NULL )
    {
-        if( Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
-
-        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1  ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
    }

-    /* Check that QP * Q - 1 == 0 mod P */
+    /* QP = Q^{-1} mod P */
    if( QP != NULL )
    {
-        if( P == NULL || Q == NULL )
-        {
-            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
-            goto cleanup;
-        }
-
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
-        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
-        {
-            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-            goto cleanup;
-        }
+        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
    }

 cleanup:
-
-    /* Wrap MPI error codes by RSA check failure error code */
-    if( ret != 0 &&
-        ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
-        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
-    {
-        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
-    }
-
    mbedtls_mpi_free( &K );
-    mbedtls_mpi_free( &L );

    return( ret );
 }
@ -449,36 +395,90 @@ cleanup:
    return( ret );
 }

-int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q,
-                            const mbedtls_mpi *D, mbedtls_mpi *DP,
-                            mbedtls_mpi *DQ, mbedtls_mpi *QP )
+/*
+ * Check that RSA CRT parameters are in accordance with core parameters.
+ */
+int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
+                              const mbedtls_mpi *D,  const mbedtls_mpi *DP,
+                              const mbedtls_mpi *DQ, const mbedtls_mpi *QP )
 {
    int ret = 0;
-    mbedtls_mpi K;
-    mbedtls_mpi_init( &K );

-    /* DP = D mod P-1 */
+    mbedtls_mpi K, L;
+    mbedtls_mpi_init( &K );
+    mbedtls_mpi_init( &L );
+
+    /* Check that DP - D == 0 mod P - 1 */
    if( DP != NULL )
    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) );
+        if( P == NULL )
+        {
+            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+            goto cleanup;
+        }
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+
+        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
+        {
+            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+            goto cleanup;
+        }
    }

-    /* DQ = D mod Q-1 */
+    /* Check that DQ - D == 0 mod Q - 1 */
    if( DQ != NULL )
    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1  ) );
-        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) );
+        if( Q == NULL )
+        {
+            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+            goto cleanup;
+        }
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) );
+
+        if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 )
+        {
+            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+            goto cleanup;
+        }
    }

-    /* QP = Q^{-1} mod P */
+    /* Check that QP * Q - 1 == 0 mod P */
    if( QP != NULL )
    {
-        MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) );
+        if( P == NULL || Q == NULL )
+        {
+            ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA;
+            goto cleanup;
+        }
+
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) );
+        MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) );
+        if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 )
+        {
+            ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+            goto cleanup;
+        }
    }

 cleanup:
+
+    /* Wrap MPI error codes by RSA check failure error code */
+    if( ret != 0 &&
+        ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED &&
+        ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA )
+    {
+        ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED;
+    }
+
    mbedtls_mpi_free( &K );
+    mbedtls_mpi_free( &L );

    return( ret );
 }
--- a/include/mbedtls/rsa_internal.h
+++ b/include/mbedtls/rsa_internal.h
@ -1,5 +1,5 @@
 /**
- * \file rsa_internal.h
+ * \file rsa_alt_helpers.h
 *
 * \brief Context-independent RSA helper functions
 *
@ -221,4 +221,4 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P,  const mbedtls_mpi *Q,
 }
 #endif

-#endif /* rsa_internal.h */
+#endif /* rsa_alt_helpers.h */
--- a/library/ssl_cache.c
+++ b/library/ssl_cache.c
@ -34,7 +34,7 @@
 #endif

 #include "mbedtls/ssl_cache.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"

 #include <string.h>

--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@ -30,7 +30,7 @@
 #endif

 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"

--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@ -33,7 +33,7 @@
 #endif

 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"

--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@ -1,5 +1,5 @@
 /**
- * \file ssl_internal.h
+ * \file ssl_misc.h
 *
 * \brief Internal functions shared by the SSL modules
 */
@ -19,8 +19,8 @@
 *  See the License for the specific language governing permissions and
 *  limitations under the License.
 */
-#ifndef MBEDTLS_SSL_INTERNAL_H
-#define MBEDTLS_SSL_INTERNAL_H
+#ifndef MBEDTLS_SSL_MISC_H
+#define MBEDTLS_SSL_MISC_H

 #if !defined(MBEDTLS_CONFIG_FILE)
 #include "mbedtls/config.h"
@ -1306,4 +1306,4 @@ void mbedtls_ssl_buffering_free( mbedtls_ssl_context *ssl );
 void mbedtls_ssl_flight_free( mbedtls_ssl_flight_item *flight );
 #endif /* MBEDTLS_SSL_PROTO_DTLS */

-#endif /* ssl_internal.h */
+#endif /* ssl_misc.h */
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@ -39,7 +39,7 @@
 #endif

 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@ -30,7 +30,7 @@
 #endif

 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
--- a/library/ssl_ticket.c
+++ b/library/ssl_ticket.c
@ -29,7 +29,7 @@
 #define mbedtls_free      free
 #endif

-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -38,7 +38,7 @@
 #endif

 #include "mbedtls/ssl.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "mbedtls/debug.h"
 #include "mbedtls/error.h"
 #include "mbedtls/platform_util.h"
--- a/library/ssl_tls13_keys.c
+++ b/library/ssl_tls13_keys.c
@ -22,7 +22,7 @@
 #if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)

 #include "mbedtls/hkdf.h"
-#include "mbedtls/ssl_internal.h"
+#include "ssl_misc.h"
 #include "ssl_tls13_keys.h"

 #include <stdint.h>
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@ -48,7 +48,6 @@ int main( void )
 #include "mbedtls/error.h"
 #include "mbedtls/base64.h"
 #include "mbedtls/md.h"
-#include "mbedtls/md_internal.h"
 #include "mbedtls/x509_crt.h"
 #include "mbedtls/ssl_ciphersuites.h"

@ -638,7 +637,7 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len,
        }
        else
        {
-            printf( "\tMessage-Digest : %s\n", md_info->name );
+            printf( "\tMessage-Digest : %s\n", mbedtls_md_get_name( md_info ) );
        }
    }

--- a/programs/test/cpp_dummy_build.cpp
+++ b/programs/test/cpp_dummy_build.cpp
@ -25,7 +25,6 @@
 #endif

 #include "mbedtls/aes.h"
-#include "mbedtls/aesni.h"
 #include "mbedtls/arc4.h"
 #include "mbedtls/aria.h"
 #include "mbedtls/asn1.h"
@ -33,14 +32,12 @@
 #include "mbedtls/base64.h"
 #include "mbedtls/bignum.h"
 #include "mbedtls/blowfish.h"
-#include "mbedtls/bn_mul.h"
 #include "mbedtls/camellia.h"
 #include "mbedtls/ccm.h"
 #include "mbedtls/chacha20.h"
 #include "mbedtls/chachapoly.h"
 #include "mbedtls/check_config.h"
 #include "mbedtls/cipher.h"
-#include "mbedtls/cipher_internal.h"
 #include "mbedtls/cmac.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/debug.h"
@ -50,9 +47,7 @@
 #include "mbedtls/ecdsa.h"
 #include "mbedtls/ecjpake.h"
 #include "mbedtls/ecp.h"
-#include "mbedtls/ecp_internal.h"
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/error.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/hkdf.h"
@ -61,15 +56,12 @@
 #include "mbedtls/md2.h"
 #include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
-#include "mbedtls/md_internal.h"
 #include "mbedtls/net.h"
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/nist_kw.h"
 #include "mbedtls/oid.h"
-#include "mbedtls/padlock.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/pk.h"
-#include "mbedtls/pk_internal.h"
 #include "mbedtls/pkcs11.h"
 #include "mbedtls/pkcs12.h"
 #include "mbedtls/pkcs5.h"
@ -79,7 +71,6 @@
 #include "mbedtls/psa_util.h"
 #include "mbedtls/ripemd160.h"
 #include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
 #include "mbedtls/sha1.h"
 #include "mbedtls/sha256.h"
 #include "mbedtls/sha512.h"
@ -87,7 +78,6 @@
 #include "mbedtls/ssl_cache.h"
 #include "mbedtls/ssl_ciphersuites.h"
 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/threading.h"
 #include "mbedtls/timing.h"
@ -108,7 +98,6 @@

 #include "psa/crypto.h"
 #include "psa/crypto_se_driver.h"
-#include "../library/psa_crypto_its.h"

 int main()
 {
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@ -37,7 +37,6 @@
 * default value when that configuration is not set in the config.h.
 */
 #include "mbedtls/aes.h"
-#include "mbedtls/aesni.h"
 #include "mbedtls/arc4.h"
 #include "mbedtls/aria.h"
 #include "mbedtls/asn1.h"
@ -60,7 +59,6 @@
 #include "mbedtls/ecjpake.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/error.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/hkdf.h"
@ -73,7 +71,6 @@
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/nist_kw.h"
 #include "mbedtls/oid.h"
-#include "mbedtls/padlock.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/pkcs11.h"
@ -91,7 +88,6 @@
 #include "mbedtls/ssl_cache.h"
 #include "mbedtls/ssl_ciphersuites.h"
 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/threading.h"
 #include "mbedtls/timing.h"
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@ -24,7 +24,6 @@
 #endif

 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/hmac_drbg.h"
 #include "mbedtls/ctr_drbg.h"
 #include "mbedtls/dhm.h"
--- a/scripts/data_files/query_config.fmt
+++ b/scripts/data_files/query_config.fmt
@ -37,7 +37,6 @@
 * default value when that configuration is not set in the config.h.
 */
 #include "mbedtls/aes.h"
-#include "mbedtls/aesni.h"
 #include "mbedtls/arc4.h"
 #include "mbedtls/aria.h"
 #include "mbedtls/asn1.h"
@ -60,7 +59,6 @@
 #include "mbedtls/ecjpake.h"
 #include "mbedtls/ecp.h"
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
 #include "mbedtls/error.h"
 #include "mbedtls/gcm.h"
 #include "mbedtls/hkdf.h"
@ -73,7 +71,6 @@
 #include "mbedtls/net_sockets.h"
 #include "mbedtls/nist_kw.h"
 #include "mbedtls/oid.h"
-#include "mbedtls/padlock.h"
 #include "mbedtls/pem.h"
 #include "mbedtls/pk.h"
 #include "mbedtls/pkcs11.h"
@ -91,7 +88,6 @@
 #include "mbedtls/ssl_cache.h"
 #include "mbedtls/ssl_ciphersuites.h"
 #include "mbedtls/ssl_cookie.h"
-#include "mbedtls/ssl_internal.h"
 #include "mbedtls/ssl_ticket.h"
 #include "mbedtls/threading.h"
 #include "mbedtls/timing.h"
--- a/tests/scripts/list-enum-consts.pl
+++ b/tests/scripts/list-enum-consts.pl
@ -24,6 +24,7 @@ use open qw(:std utf8);
 -d 'include/mbedtls' or die "$0: must be run from root\n";

@ARGV = <include/mbedtls/*.h>;
+push @ARGV, <library/*.h>;
 push @ARGV, "3rdparty/everest/include/everest/everest.h";
 push @ARGV, "3rdparty/everest/include/everest/x25519.h";

--- a/tests/scripts/list-identifiers.sh
+++ b/tests/scripts/list-identifiers.sh
@ -47,9 +47,9 @@ done

 if [ $INTERNAL ]
 then
-    HEADERS=$( ls include/mbedtls/*_internal.h library/*.h | egrep -v 'bn_mul' )
+    HEADERS=$( ls library/*.h )
 else
-    HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h | egrep -v 'bn_mul' )
+    HEADERS=$( ls include/mbedtls/*.h include/psa/*.h library/*.h )
    HEADERS="$HEADERS 3rdparty/everest/include/everest/everest.h 3rdparty/everest/include/everest/x25519.h"
 fi

--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@ -1,6 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"
 #include "mbedtls/md.h"
 #include "string.h"

--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@ -1,6 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/hkdf.h"
-#include "mbedtls/md_internal.h"
+#include "md_wrap.h"
 /* END_HEADER */

 /* BEGIN_DEPENDENCIES
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@ -5,7 +5,7 @@
 #include <psa/crypto.h>

 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"

 /* Calculating the minimum allowed entropy size in bytes */
 #define MBEDTLS_PSA_INJECT_ENTROPY_MIN_SIZE MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@ -5,7 +5,7 @@
 #include "psa_crypto_invasive.h"

 #include "mbedtls/entropy.h"
-#include "mbedtls/entropy_poll.h"
+#include "entropy_poll.h"

 #define ENTROPY_MIN_NV_SEED_SIZE                                        \
    MAX(MBEDTLS_ENTROPY_MIN_PLATFORM, MBEDTLS_ENTROPY_BLOCK_SIZE)
--- a/tests/suites/test_suite_rsa.function
+++ b/tests/suites/test_suite_rsa.function
@ -1,6 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/rsa.h"
-#include "mbedtls/rsa_internal.h"
+#include "rsa_alt_helpers.h"
 #include "mbedtls/md2.h"
 #include "mbedtls/md4.h"
 #include "mbedtls/md5.h"
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@ -1,6 +1,6 @@
 /* BEGIN_HEADER */
 #include <mbedtls/ssl.h>
-#include <mbedtls/ssl_internal.h>
+#include <ssl_misc.h>
 #include <mbedtls/ctr_drbg.h>
 #include <mbedtls/entropy.h>
 #include <mbedtls/timing.h>
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@ -142,7 +142,6 @@
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClInclude Include="..\..\include\mbedtls\aes.h" />
-    <ClInclude Include="..\..\include\mbedtls\aesni.h" />
    <ClInclude Include="..\..\include\mbedtls\arc4.h" />
    <ClInclude Include="..\..\include\mbedtls\aria.h" />
    <ClInclude Include="..\..\include\mbedtls\asn1.h" />
@ -150,14 +149,12 @@
    <ClInclude Include="..\..\include\mbedtls\base64.h" />
    <ClInclude Include="..\..\include\mbedtls\bignum.h" />
    <ClInclude Include="..\..\include\mbedtls\blowfish.h" />
-    <ClInclude Include="..\..\include\mbedtls\bn_mul.h" />
    <ClInclude Include="..\..\include\mbedtls\camellia.h" />
    <ClInclude Include="..\..\include\mbedtls\ccm.h" />
    <ClInclude Include="..\..\include\mbedtls\chacha20.h" />
    <ClInclude Include="..\..\include\mbedtls\chachapoly.h" />
    <ClInclude Include="..\..\include\mbedtls\check_config.h" />
    <ClInclude Include="..\..\include\mbedtls\cipher.h" />
-    <ClInclude Include="..\..\include\mbedtls\cipher_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\cmac.h" />
    <ClInclude Include="..\..\include\mbedtls\config.h" />
    <ClInclude Include="..\..\include\mbedtls\config_psa.h" />
@ -169,9 +166,7 @@
    <ClInclude Include="..\..\include\mbedtls\ecdsa.h" />
    <ClInclude Include="..\..\include\mbedtls\ecjpake.h" />
    <ClInclude Include="..\..\include\mbedtls\ecp.h" />
-    <ClInclude Include="..\..\include\mbedtls\ecp_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\entropy.h" />
-    <ClInclude Include="..\..\include\mbedtls\entropy_poll.h" />
    <ClInclude Include="..\..\include\mbedtls\error.h" />
    <ClInclude Include="..\..\include\mbedtls\gcm.h" />
    <ClInclude Include="..\..\include\mbedtls\hkdf.h" />
@ -180,16 +175,13 @@
    <ClInclude Include="..\..\include\mbedtls\md2.h" />
    <ClInclude Include="..\..\include\mbedtls\md4.h" />
    <ClInclude Include="..\..\include\mbedtls\md5.h" />
-    <ClInclude Include="..\..\include\mbedtls\md_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\memory_buffer_alloc.h" />
    <ClInclude Include="..\..\include\mbedtls\net.h" />
    <ClInclude Include="..\..\include\mbedtls\net_sockets.h" />
    <ClInclude Include="..\..\include\mbedtls\nist_kw.h" />
    <ClInclude Include="..\..\include\mbedtls\oid.h" />
-    <ClInclude Include="..\..\include\mbedtls\padlock.h" />
    <ClInclude Include="..\..\include\mbedtls\pem.h" />
    <ClInclude Include="..\..\include\mbedtls\pk.h" />
-    <ClInclude Include="..\..\include\mbedtls\pk_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\pkcs11.h" />
    <ClInclude Include="..\..\include\mbedtls\pkcs12.h" />
    <ClInclude Include="..\..\include\mbedtls\pkcs5.h" />
@ -200,7 +192,6 @@
    <ClInclude Include="..\..\include\mbedtls\psa_util.h" />
    <ClInclude Include="..\..\include\mbedtls\ripemd160.h" />
    <ClInclude Include="..\..\include\mbedtls\rsa.h" />
-    <ClInclude Include="..\..\include\mbedtls\rsa_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\sha1.h" />
    <ClInclude Include="..\..\include\mbedtls\sha256.h" />
    <ClInclude Include="..\..\include\mbedtls\sha512.h" />
@ -208,7 +199,6 @@
    <ClInclude Include="..\..\include\mbedtls\ssl_cache.h" />
    <ClInclude Include="..\..\include\mbedtls\ssl_ciphersuites.h" />
    <ClInclude Include="..\..\include\mbedtls\ssl_cookie.h" />
-    <ClInclude Include="..\..\include\mbedtls\ssl_internal.h" />
    <ClInclude Include="..\..\include\mbedtls\ssl_ticket.h" />
    <ClInclude Include="..\..\include\mbedtls\threading.h" />
    <ClInclude Include="..\..\include\mbedtls\timing.h" />
@ -241,8 +231,16 @@
    <ClInclude Include="..\..\tests\include\test\drivers\signature.h" />
    <ClInclude Include="..\..\tests\include\test\drivers\size.h" />
    <ClInclude Include="..\..\tests\include\test\drivers\test_driver.h" />
+    <ClInclude Include="..\..\library\aesni.h" />
+    <ClInclude Include="..\..\library\bn_mul.h" />
    <ClInclude Include="..\..\library\check_crypto_config.h" />
+    <ClInclude Include="..\..\library\cipher_wrap.h" />
    <ClInclude Include="..\..\library\common.h" />
+    <ClInclude Include="..\..\library\ecp_alt.h" />
+    <ClInclude Include="..\..\library\entropy_poll.h" />
+    <ClInclude Include="..\..\library\md_wrap.h" />
+    <ClInclude Include="..\..\library\padlock.h" />
+    <ClInclude Include="..\..\library\pk_wrap.h" />
    <ClInclude Include="..\..\library\psa_crypto_core.h" />
    <ClInclude Include="..\..\library\psa_crypto_driver_wrappers.h" />
    <ClInclude Include="..\..\library\psa_crypto_invasive.h" />
@ -252,7 +250,9 @@
    <ClInclude Include="..\..\library\psa_crypto_service_integration.h" />
    <ClInclude Include="..\..\library\psa_crypto_slot_management.h" />
    <ClInclude Include="..\..\library\psa_crypto_storage.h" />
+    <ClInclude Include="..\..\library\rsa_alt_helpers.h" />
    <ClInclude Include="..\..\library\ssl_invasive.h" />
+    <ClInclude Include="..\..\library\ssl_misc.h" />
    <ClInclude Include="..\..\library\ssl_tls13_keys.h" />
    <ClInclude Include="..\..\3rdparty\everest\include\everest\everest.h" />
    <ClInclude Include="..\..\3rdparty\everest\include\everest\Hacl_Curve25519.h" />
@ -319,7 +319,7 @@
    <ClCompile Include="..\..\library\psa_its_file.c" />
    <ClCompile Include="..\..\library\ripemd160.c" />
    <ClCompile Include="..\..\library\rsa.c" />
-    <ClCompile Include="..\..\library\rsa_internal.c" />
+    <ClCompile Include="..\..\library\rsa_alt_helpers.c" />
    <ClCompile Include="..\..\library\sha1.c" />
    <ClCompile Include="..\..\library\sha256.c" />
    <ClCompile Include="..\..\library\sha512.c" />