diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index ee3d093c93..738440398c 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -11,7 +11,9 @@ #define MBEDTLS_ERROR_H #include "mbedtls/build_info.h" -#include "mbedtls/private/error_common.h" +#include "mbedtls/private/error_common.h" // for MBEDTLS_ERROR_ADD + see below +// MBEDTLS_ERR_PLATFORM_HW_ACCEL_FAILED +// MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED #include diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 02e527cdf5..6c86c57345 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -14,9 +14,6 @@ #include "mbedtls/build_info.h" -#include "mbedtls/private/bignum.h" -#include "mbedtls/private/ecp.h" - #include "mbedtls/ssl_ciphersuites.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) @@ -26,10 +23,6 @@ #include "mbedtls/md.h" -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_ECDH_OR_ECDHE_ANY_ENABLED) -#include "mbedtls/private/ecdh.h" -#endif - #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" #endif diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index dfd369416b..9af1e5a668 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -14,7 +14,6 @@ #include "mbedtls/build_info.h" #include "mbedtls/pk.h" -#include "mbedtls/private/cipher.h" #include "mbedtls/md.h" #ifdef __cplusplus diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 3352e3824a..9e607ad29a 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -15,7 +15,6 @@ #include "mbedtls/x509.h" #include "mbedtls/x509_crl.h" -#include "mbedtls/private/bignum.h" /** * \addtogroup x509_module diff --git a/library/ssl_ciphersuites_internal.h b/library/ssl_ciphersuites_internal.h index 9a9b42b998..864e6bf6b7 100644 --- a/library/ssl_ciphersuites_internal.h +++ b/library/ssl_ciphersuites_internal.h @@ -11,9 +11,6 @@ #define MBEDTLS_SSL_CIPHERSUITES_INTERNAL_H #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #if defined(MBEDTLS_PK_C) mbedtls_pk_sigalg_t mbedtls_ssl_get_ciphersuite_sig_pk_alg(const mbedtls_ssl_ciphersuite_t *info); diff --git a/library/ssl_misc.h b/library/ssl_misc.h index 083a5adc31..f8c03dfa2f 100644 --- a/library/ssl_misc.h +++ b/library/ssl_misc.h @@ -19,35 +19,13 @@ #include "mbedtls/debug.h" #include "debug_internal.h" -#include "mbedtls/private/cipher.h" - #include "psa/crypto.h" -#include "psa_util_internal.h" +#include "psa_util_internal.h" // for mbedtls_error_pair_t, psa_status_to_mbedtls extern const mbedtls_error_pair_t psa_to_ssl_errors[7]; -#if defined(PSA_WANT_ALG_MD5) -#include "mbedtls/private/md5.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_1) -#include "mbedtls/private/sha1.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_256) -#include "mbedtls/private/sha256.h" -#endif - -#if defined(PSA_WANT_ALG_SHA_512) -#include "mbedtls/private/sha512.h" -#endif - #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "ssl_ciphersuites_internal.h" #include "x509_internal.h" -#include "pk_internal.h" /* Shorthand for restartable ECC */ #if defined(MBEDTLS_ECP_RESTARTABLE) && \ diff --git a/library/ssl_msg.c b/library/ssl_msg.c index e1198fa627..d4b915aa74 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -21,12 +21,11 @@ #include "mbedtls/error.h" #include "mbedtls/platform_util.h" #include "mbedtls/version.h" -#include "constant_time_internal.h" +#include "constant_time_internal.h" // for internal mbedtls_ct_xxx functions #include "mbedtls/constant_time.h" #include -#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 550f79de29..36c6bf9586 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -29,8 +29,7 @@ #include #include "mbedtls/psa_util.h" -#include "md_psa.h" -#include "psa_util_internal.h" +#include "md_psa.h" // for mbedtls_md_error_from_psa() #include "psa/crypto.h" #if defined(MBEDTLS_X509_CRT_PARSE_C) diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c index 4024c0014b..c4f75b63de 100644 --- a/library/ssl_tls12_client.c +++ b/library/ssl_tls12_client.c @@ -17,7 +17,6 @@ #include "mbedtls/error.h" #include "mbedtls/constant_time.h" -#include "psa_util_internal.h" #include "psa/crypto.h" #if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/ssl_tls12_server.c b/library/ssl_tls12_server.c index 6b37a954d4..1f4ac3ea79 100644 --- a/library/ssl_tls12_server.c +++ b/library/ssl_tls12_server.c @@ -15,7 +15,6 @@ #include "debug_internal.h" #include "mbedtls/error.h" #include "mbedtls/platform_util.h" -#include "constant_time_internal.h" #include "mbedtls/constant_time.h" #include @@ -32,10 +31,6 @@ static int local_err_translation(psa_status_t status) #define PSA_TO_MBEDTLS_ERR(status) local_err_translation(status) #endif -#if defined(MBEDTLS_ECP_C) -#include "mbedtls/private/ecp.h" -#endif - #if defined(MBEDTLS_HAVE_TIME) #include "mbedtls/platform_time.h" #endif diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c index f8aca908c4..c7d3d48561 100644 --- a/library/ssl_tls13_generic.c +++ b/library/ssl_tls13_generic.c @@ -24,7 +24,6 @@ #include "ssl_debug_helpers.h" #include "psa/crypto.h" -#include "psa_util_internal.h" #if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) /* Define a local translating function to save code size by not using too many diff --git a/library/x509_crt.c b/library/x509_crt.c index e6b9252859..e18dbe777e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -35,9 +35,7 @@ #endif #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" -#include "pk_internal.h" #include "mbedtls/platform.h" diff --git a/library/x509_internal.h b/library/x509_internal.h index 5505b9778c..ea3aeb6351 100644 --- a/library/x509_internal.h +++ b/library/x509_internal.h @@ -16,11 +16,8 @@ #include "mbedtls/x509.h" #include "mbedtls/asn1.h" -#include "pk_internal.h" -#if defined(MBEDTLS_RSA_C) -#include "mbedtls/private/rsa.h" -#endif +#include "pk_internal.h" // for a lot of things, including in SSL int mbedtls_x509_get_name(unsigned char **p, const unsigned char *end, mbedtls_x509_name *cur); diff --git a/library/x509_oid.h b/library/x509_oid.h index 0752953aac..5721d8586c 100644 --- a/library/x509_oid.h +++ b/library/x509_oid.h @@ -13,9 +13,6 @@ #include "mbedtls/asn1.h" #include "mbedtls/pk.h" -#if defined(MBEDTLS_PK_HAVE_PRIVATE_HEADER) -#include -#endif /* MBEDTLS_PK_HAVE_PRIVATE_HEADER */ #include "mbedtls/x509.h" #include diff --git a/library/x509write.c b/library/x509write.c index 0906a5a9d1..c038bdfcda 100644 --- a/library/x509write.c +++ b/library/x509write.c @@ -24,7 +24,6 @@ #include "psa/crypto.h" #include "mbedtls/psa_util.h" -#include "md_psa.h" #define CHECK_OVERFLOW_ADD(a, b) \ do \ diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e4cdd5064b..399c923097 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -32,7 +32,6 @@ #endif /* MBEDTLS_PEM_WRITE_C */ #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" void mbedtls_x509write_crt_init(mbedtls_x509write_cert *ctx) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 0fac775106..8a81f7ee56 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -22,7 +22,6 @@ #include "mbedtls/platform_util.h" #include "psa/crypto.h" -#include "psa_util_internal.h" #include "mbedtls/psa_util.h" #include