diff --git a/ChangeLog b/ChangeLog
index a25b7b5b94366331d51534925c5dc417bec16afb..acda5f047e71bd87813ab9007ba9936e871fba01 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2023-11-23  Niels Möller  <nisse@lysator.liu.se>
+
+	* nettle-internal.h: Keep only declarations actually used
+	internally in the library.
+	* non-nettle.h: New file, contents extracted from
+	nettle-internal.h, for use in test and benchmark code.
+	* non-nettle.c: New file, renamed from ...
+	* nettle-internal.c: ... old name, deleted.
+	* Makefile.in (internal_SOURCES, DISTFILES): Updated accordingly.
+
 2023-11-22  Niels Möller  <nisse@lysator.liu.se>
 
 	Revert part of the 2023-08-05 change.
diff --git a/Makefile.in b/Makefile.in
index 2d38ae8579ce632516eeb5f915b3bc79e582b9ae..779b8922f060f7d246ffea22c2d9a2d74e04574b 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -32,7 +32,7 @@ SHLIBTARGETS = @IF_SHARED@ $(LIBNETTLE_FORLINK) @IF_HOGWEED@ $(LIBHOGWEED_FORLIN
 getopt_SOURCES = getopt.c getopt1.c
 getopt_TARGETS = $(getopt_SOURCES:.c=.$(OBJEXT))
 
-internal_SOURCES = nettle-internal.c
+internal_SOURCES = non-nettle.c
 internal_TARGETS = $(internal_SOURCES:.c=.$(OBJEXT))
 
 TARGETS = $(getopt_TARGETS) $(internal_TARGETS) \
@@ -270,7 +270,7 @@ DISTFILES = $(SOURCES) $(HEADERS) getopt.h getopt_int.h \
 	ghash-internal.h gost28147-internal.h poly1305-internal.h \
 	serpent-internal.h cast128_sboxes.h desinfo.h desCode.h \
 	ripemd160-internal.h md-internal.h sha2-internal.h \
-	memxor-internal.h nettle-internal.h nettle-write.h \
+	memxor-internal.h nettle-internal.h non-nettle.h nettle-write.h \
 	ctr-internal.h chacha-internal.h sha3-internal.h \
 	salsa20-internal.h umac-internal.h hogweed-internal.h \
 	rsa-internal.h pkcs1-internal.h dsa-internal.h eddsa-internal.h \
diff --git a/examples/nettle-benchmark.c b/examples/nettle-benchmark.c
index 04c3e0f29eb5af239c44dc2c65e56ca9b0b66e3c..1b72d838dbf51c4b263674970529140a24d2a1f2 100644
--- a/examples/nettle-benchmark.c
+++ b/examples/nettle-benchmark.c
@@ -73,6 +73,7 @@
 
 #include "nettle-meta.h"
 #include "nettle-internal.h"
+#include "non-nettle.h"
 
 #include "getopt.h"
 
diff --git a/examples/nettle-openssl.c b/examples/nettle-openssl.c
index d1aaf64b371ded939035acab9cebf5e16d955869..31905f0803adf2fabfd4433436f576a1aec8336d 100644
--- a/examples/nettle-openssl.c
+++ b/examples/nettle-openssl.c
@@ -53,7 +53,7 @@
 #include <openssl/md5.h>
 #include <openssl/sha.h>
 
-#include "nettle-internal.h"
+#include "non-nettle.h"
 
 /* We use Openssl's EVP api for all openssl ciphers. This API selects
    platform-specific implementations if appropriate, e.g., using x86
diff --git a/nettle-internal.h b/nettle-internal.h
index 2b7dc8164e00c1da8b37a161d9acc143fe4b8cac..81d06e80e68bb131b1e63794b619cc5d141820bd 100644
--- a/nettle-internal.h
+++ b/nettle-internal.h
@@ -1,7 +1,6 @@
 /* nettle-internal.h
 
-   Things that are used only by the testsuite and benchmark, and
-   not included in the library.
+   Misc internal definitions.
 
    Copyright (C) 2002, 2014 Niels Möller
 
@@ -39,10 +38,6 @@
 /* Needed for alloca on bsd systems. */
 #include <stdlib.h>
 
-#include "nettle-meta.h"
-#include "ocb.h"
-#include "aes.h"
-
 /* For definition of NETTLE_MAX_HASH_CONTEXT_SIZE. */
 #include "sha3.h"
 
@@ -88,62 +83,6 @@
    branch free code on all compilers. Requires that x is at most 31 bits. */
 #define IS_ZERO_SMALL(x) (((uint32_t) (x) - 1U) >> 31)
 
-/* Doesn't quite fit with the other algorithms, because of the weak
- * keys. Weak keys are not reported, the functions will simply crash
- * if you try to use a weak key. */
-
-extern const struct nettle_cipher nettle_des;
-extern const struct nettle_cipher nettle_des3;
-
-extern const struct nettle_cipher nettle_blowfish128;
-
-extern const struct nettle_cipher nettle_unified_aes128;
-extern const struct nettle_cipher nettle_unified_aes192;
-extern const struct nettle_cipher nettle_unified_aes256;
-
-/* Stream ciphers treated as aead algorithms with no authentication. */
-extern const struct nettle_aead nettle_arcfour128;
-extern const struct nettle_aead nettle_chacha;
-extern const struct nettle_aead nettle_salsa20;
-extern const struct nettle_aead nettle_salsa20r12;
-
-/* All-in-one CBC encrypt functinos treated as AEAD with no
-   authentication and no decrypt method. */
-extern const struct nettle_aead nettle_cbc_aes128;
-extern const struct nettle_aead nettle_cbc_aes192;
-extern const struct nettle_aead nettle_cbc_aes256;
-
-extern const struct nettle_aead nettle_openssl_gcm_aes128;
-extern const struct nettle_aead nettle_openssl_gcm_aes192;
-extern const struct nettle_aead nettle_openssl_gcm_aes256;
-
-
-/* Glue to openssl, for comparative benchmarking. Code in
- * examples/nettle-openssl.c. */
-extern void nettle_openssl_init(void);
-extern const struct nettle_cipher nettle_openssl_aes128;
-extern const struct nettle_cipher nettle_openssl_aes192;
-extern const struct nettle_cipher nettle_openssl_aes256;
-extern const struct nettle_cipher nettle_openssl_blowfish128;
-extern const struct nettle_cipher nettle_openssl_des;
-extern const struct nettle_cipher nettle_openssl_cast128;
-
-extern const struct nettle_hash nettle_openssl_md5;
-extern const struct nettle_hash nettle_openssl_sha1;
-
 extern const struct nettle_hash * const _nettle_hashes[];
 
-/* OCB-declarations to be moved to a public header file, once it's
-   settled which nonce and tag sizes to use. */
-#define OCB_NONCE_SIZE 12
-
-struct ocb_aes128_ctx
-{
-  struct ocb_ctx ocb;
-  struct ocb_aes128_encrypt_key key;
-  struct aes128_ctx decrypt;
-};
-
-extern const struct nettle_aead nettle_ocb_aes128;
-
 #endif /* NETTLE_INTERNAL_H_INCLUDED */
diff --git a/nettle-internal.c b/non-nettle.c
similarity index 99%
rename from nettle-internal.c
rename to non-nettle.c
index c68e4728c7c971284ad9552cbfb6d8361f35fd0c..ba2d2977a2fd4a16b1fcbcccf8f4dc7941064d66 100644
--- a/nettle-internal.c
+++ b/non-nettle.c
@@ -1,4 +1,4 @@
-/* nettle-internal.c
+/* non-nettle.c
 
    Things that are used only by the testsuite and benchmark, and
    not included in the library.
@@ -40,7 +40,7 @@
 #include <stdlib.h>
 #include <string.h>
 
-#include "nettle-internal.h"
+#include "non-nettle.h"
 #include "arcfour.h"
 #include "blowfish.h"
 #include "cbc.h"
@@ -107,7 +107,7 @@ nettle_arcfour128 = {
   NULL, NULL,
   (nettle_crypt_func *) arcfour_crypt,
   (nettle_crypt_func *) arcfour_crypt,
-  NULL,  
+  NULL,
 };
 
 const struct nettle_aead
diff --git a/non-nettle.h b/non-nettle.h
new file mode 100644
index 0000000000000000000000000000000000000000..ecf8c536681bed16ea852abc5b62118ea88bdc6c
--- /dev/null
+++ b/non-nettle.h
@@ -0,0 +1,99 @@
+/* non-nettle.h
+
+   Things that are used only by the testsuite and benchmark, and
+   not included in the library.
+
+   Copyright (C) 2002, 2014 Niels Möller
+
+   This file is part of GNU Nettle.
+
+   GNU Nettle is free software: you can redistribute it and/or
+   modify it under the terms of either:
+
+     * the GNU Lesser General Public License as published by the Free
+       Software Foundation; either version 3 of the License, or (at your
+       option) any later version.
+
+   or
+
+     * the GNU General Public License as published by the Free
+       Software Foundation; either version 2 of the License, or (at your
+       option) any later version.
+
+   or both in parallel, as here.
+
+   GNU Nettle is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   General Public License for more details.
+
+   You should have received copies of the GNU General Public License and
+   the GNU Lesser General Public License along with this program.  If
+   not, see http://www.gnu.org/licenses/.
+*/
+
+#ifndef NETTLE_NON_NETTLE_H_INCLUDED
+#define NETTLE_INTERNAL_H_INCLUDED
+
+#include "nettle-meta.h"
+#include "ocb.h"
+#include "aes.h"
+
+/* Doesn't quite fit with the other algorithms, because of the weak
+ * keys. Weak keys are not reported, the functions will simply crash
+ * if you try to use a weak key. */
+
+extern const struct nettle_cipher nettle_des;
+extern const struct nettle_cipher nettle_des3;
+
+extern const struct nettle_cipher nettle_blowfish128;
+
+extern const struct nettle_cipher nettle_unified_aes128;
+extern const struct nettle_cipher nettle_unified_aes192;
+extern const struct nettle_cipher nettle_unified_aes256;
+
+/* Stream ciphers treated as aead algorithms with no authentication. */
+extern const struct nettle_aead nettle_arcfour128;
+extern const struct nettle_aead nettle_chacha;
+extern const struct nettle_aead nettle_salsa20;
+extern const struct nettle_aead nettle_salsa20r12;
+
+/* All-in-one CBC encrypt functinos treated as AEAD with no
+   authentication and no decrypt method. */
+extern const struct nettle_aead nettle_cbc_aes128;
+extern const struct nettle_aead nettle_cbc_aes192;
+extern const struct nettle_aead nettle_cbc_aes256;
+
+extern const struct nettle_aead nettle_openssl_gcm_aes128;
+extern const struct nettle_aead nettle_openssl_gcm_aes192;
+extern const struct nettle_aead nettle_openssl_gcm_aes256;
+
+
+/* Glue to openssl, for comparative benchmarking. Code in
+ * examples/nettle-openssl.c. */
+extern void nettle_openssl_init(void);
+extern const struct nettle_cipher nettle_openssl_aes128;
+extern const struct nettle_cipher nettle_openssl_aes192;
+extern const struct nettle_cipher nettle_openssl_aes256;
+extern const struct nettle_cipher nettle_openssl_blowfish128;
+extern const struct nettle_cipher nettle_openssl_des;
+extern const struct nettle_cipher nettle_openssl_cast128;
+
+extern const struct nettle_hash nettle_openssl_md5;
+extern const struct nettle_hash nettle_openssl_sha1;
+
+/* OCB-declarations to be moved to a public header file, once it's
+   settled which nonce and tag sizes to use. */
+#define OCB_NONCE_SIZE 12
+
+struct ocb_aes128_ctx
+{
+  struct ocb_ctx ocb;
+  struct ocb_aes128_encrypt_key key;
+  struct aes128_ctx decrypt;
+};
+
+extern const struct nettle_aead nettle_ocb_aes128;
+
+
+#endif /* NETTLE_INTERNAL_H_INCLUDED */
diff --git a/testsuite/cbc-test.c b/testsuite/cbc-test.c
index d83b108b923bde59bce392c6bc243d8b1cffdda3..1d7b1fd59b69f068d625da851dc6379fde15a4a5 100644
--- a/testsuite/cbc-test.c
+++ b/testsuite/cbc-test.c
@@ -2,7 +2,7 @@
 #include "aes.h"
 #include "cbc.h"
 #include "knuth-lfib.h"
-#include "nettle-internal.h"
+#include "non-nettle.h"
 
 /* Test with more data and inplace decryption, to check that the
  * cbc_decrypt buffering works. */
diff --git a/testsuite/ctr-test.c b/testsuite/ctr-test.c
index 28f9c38d58407ed4cf07499341b7b49d787cf307..a289cb78abdd3888f740c199864d072949daa184 100644
--- a/testsuite/ctr-test.c
+++ b/testsuite/ctr-test.c
@@ -1,5 +1,5 @@
 #include "testutils.h"
-#include "nettle-internal.h"
+#include "non-nettle.h"
 
 void
 test_main(void)
diff --git a/testsuite/des3-test.c b/testsuite/des3-test.c
index f0437ff4d8411ffa99a2abb31176f09b84fa80c9..dd899782714393b01092e9f5bbc8e9dd66d4d741 100644
--- a/testsuite/des3-test.c
+++ b/testsuite/des3-test.c
@@ -1,5 +1,5 @@
 #include "testutils.h"
-#include "nettle-internal.h"
+#include "non-nettle.h"
 #include "des.h"
 
 void
diff --git a/testsuite/ocb-test.c b/testsuite/ocb-test.c
index 37d0d7acba21d78fabb3f8e341e46b8c37018755..dd476eee69666b3a4d717b900d10cb00cb3aa869 100644
--- a/testsuite/ocb-test.c
+++ b/testsuite/ocb-test.c
@@ -1,5 +1,5 @@
 #include "testutils.h"
-#include "nettle-internal.h"
+#include "non-nettle.h"
 
 struct ocb_aes128_message_key
 {
@@ -56,7 +56,7 @@ ocb_aes128_message = {
 static void
 set_nonce_tag96 (struct ocb_aes128_ctx *ctx, size_t length, const uint8_t *nonce)
 {
-  assert (length == OCB_NONCE_SIZE);
+  ASSERT (length == OCB_NONCE_SIZE);
   ocb_aes128_set_nonce (&ctx->ocb, &ctx->key,
 			12, OCB_NONCE_SIZE, nonce);
 }