Move bignum code path testing out of the library

Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS
doesn't change the functional behavior of the code.

Signed-off-by: Janos Follath <janos.follath@arm.com>

library/bignum_core.c

@@ -747,7 +747,8 @@ static void exp_mod_precompute_window(const mbedtls_mpi_uint *A,
 }
 
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-int mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_TEST;
+void (*mbedtls_safe_codepath_hook)(void) = NULL;
+void (*mbedtls_unsafe_codepath_hook)(void) = NULL;
 #endif
 
 /*
@@ -780,7 +781,8 @@ static inline void exp_mod_calc_first_bit_optionally_safe(const mbedtls_mpi_uint
         *E_bit_index = E_bits % biL;
 
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-        mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC;
+        if(mbedtls_unsafe_codepath_hook != NULL)
+            mbedtls_unsafe_codepath_hook();
 #endif
     } else {
         /*
@@ -790,10 +792,8 @@ static inline void exp_mod_calc_first_bit_optionally_safe(const mbedtls_mpi_uint
         *E_limb_index = E_limbs;
         *E_bit_index = 0;
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-        // Only mark the codepath safe if there wasn't an unsafe codepath before
-        if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) {
-            mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET;
-        }
+        if(mbedtls_safe_codepath_hook != NULL)
+            mbedtls_safe_codepath_hook();
 #endif
     }
 }
@@ -812,7 +812,8 @@ static inline void exp_mod_table_lookup_optionally_safe(mbedtls_mpi_uint *Wselec
     if (window_public == MBEDTLS_MPI_IS_PUBLIC) {
         memcpy(Wselect, Wtable + window * AN_limbs, AN_limbs * ciL);
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-        mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_PUBLIC;
+        if(mbedtls_unsafe_codepath_hook != NULL)
+            mbedtls_unsafe_codepath_hook();
 #endif
     } else {
         /* Select Wtable[window] without leaking window through
@@ -820,10 +821,8 @@ static inline void exp_mod_table_lookup_optionally_safe(mbedtls_mpi_uint *Wselec
         mbedtls_mpi_core_ct_uint_table_lookup(Wselect, Wtable,
                                               AN_limbs, welem, window);
 #if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-        // Only mark the codepath safe if there wasn't an unsafe codepath before
-        if (mbedtls_mpi_optionally_safe_codepath != MBEDTLS_MPI_IS_PUBLIC) {
-            mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_SECRET;
-        }
+        if(mbedtls_safe_codepath_hook != NULL)
+            mbedtls_safe_codepath_hook();
 #endif
     }
 }

library/bignum_core.h

@@ -824,16 +824,4 @@ void mbedtls_mpi_core_from_mont_rep(mbedtls_mpi_uint *X,
                                     mbedtls_mpi_uint mm,
                                     mbedtls_mpi_uint *T);
 
-/*
- * Can't define thread local variables with our abstraction layer: do nothing if threading is on.
- */
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-extern int mbedtls_mpi_optionally_safe_codepath;
-
-static inline void mbedtls_mpi_optionally_safe_codepath_reset(void)
-{
-    mbedtls_mpi_optionally_safe_codepath = MBEDTLS_MPI_IS_TEST;
-}
-#endif
-
 #endif /* MBEDTLS_BIGNUM_CORE_H */

library/bignum_core_invasive.h

@@ -0,0 +1,23 @@
+/**
+ * \file bignum_core_invasive.h
+ *
+ * \brief Function declarations for invasive functions of bignum core.
+ */
+/**
+ *  Copyright The Mbed TLS Contributors
+ *  SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#ifndef MBEDTLS_BIGNUM_CORE_INVASIVE_H
+#define MBEDTLS_BIGNUM_CORE_INVASIVE_H
+
+#include "bignum_core.h"
+
+#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
+
+extern void (*mbedtls_safe_codepath_hook)(void);
+extern void (*mbedtls_unsafe_codepath_hook)(void);
+
+#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
+
+#endif /* MBEDTLS_BIGNUM_CORE_INVASIVE_H */