Make _optionally_safe functions internal
The complexity of having functions whose security properties depend on a
runtime argument can be dangerous. Limit misuse by making any such
functions local.
Signed-off-by: Janos Follath <janos.follath@arm.com>
diff --git a/library/bignum_core.h b/library/bignum_core.h
index c63cdee..d208daf 100644
--- a/library/bignum_core.h
+++ b/library/bignum_core.h
@@ -608,6 +608,8 @@
* \brief Perform a modular exponentiation with public or secret exponent:
* X = A^E mod N, where \p A is already in Montgomery form.
*
+ * \warning This function is not constant time with respect to \p E (the exponent).
+ *
* \p X may be aliased to \p A, but not to \p RR or \p E, even if \p E_limbs ==
* \p AN_limbs.
*
@@ -630,17 +632,13 @@
* It is up to the caller to zeroize \p T when it is no
* longer needed, and before freeing it if it was dynamically
* allocated.
- * \param[in] E_public Set to MBEDTLS_MPI_IS_PUBLIC to gain some performance
- * when the value of E is public.
- * Set to MBEDTLS_MPI_IS_SECRET when the value of E is secret.
*/
-void mbedtls_mpi_core_exp_mod_optionally_safe(mbedtls_mpi_uint *X,
- const mbedtls_mpi_uint *A,
- const mbedtls_mpi_uint *N, size_t AN_limbs,
- const mbedtls_mpi_uint *E, size_t E_limbs,
- const mbedtls_mpi_uint *RR,
- mbedtls_mpi_uint *T,
- int E_public);
+void mbedtls_mpi_core_exp_mod_unsafe(mbedtls_mpi_uint *X,
+ const mbedtls_mpi_uint *A,
+ const mbedtls_mpi_uint *N, size_t AN_limbs,
+ const mbedtls_mpi_uint *E, size_t E_limbs,
+ const mbedtls_mpi_uint *RR,
+ mbedtls_mpi_uint *T);
/**
* \brief Perform a modular exponentiation with secret exponent: