diff --git a/library/bignum.c b/library/bignum.c
index 6ac041eef9..b1f9c1bf0f 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1615,8 +1615,8 @@ int mbedtls_mpi_mod_int(mbedtls_mpi_uint *r, const mbedtls_mpi *A, mbedtls_mpi_s
  * this function is not constant time with respect to the exponent (parameter E).
  */
 static int mbedtls_mpi_exp_mod_optionally_safe(mbedtls_mpi *X, const mbedtls_mpi *A,
-                                               const mbedtls_mpi *E, const mbedtls_mpi *N,
-                                               mbedtls_mpi *prec_RR, int E_public)
+                                               const mbedtls_mpi *E, int E_public,
+                                               const mbedtls_mpi *N, mbedtls_mpi *prec_RR)
 {
     int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
 
@@ -1732,14 +1732,14 @@ int mbedtls_mpi_exp_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
                         const mbedtls_mpi *E, const mbedtls_mpi *N,
                         mbedtls_mpi *prec_RR)
 {
-    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, N, prec_RR, MBEDTLS_MPI_IS_SECRET);
+    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_SECRET, N, prec_RR);
 }
 
 int mbedtls_mpi_exp_mod_unsafe(mbedtls_mpi *X, const mbedtls_mpi *A,
                                const mbedtls_mpi *E, const mbedtls_mpi *N,
                                mbedtls_mpi *prec_RR)
 {
-    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, N, prec_RR, MBEDTLS_MPI_IS_PUBLIC);
+    return mbedtls_mpi_exp_mod_optionally_safe(X, A, E, MBEDTLS_MPI_IS_PUBLIC, N, prec_RR);
 }
 
 /*
diff --git a/library/bignum_core.c b/library/bignum_core.c
index 460a115d99..33d66323f4 100644
--- a/library/bignum_core.c
+++ b/library/bignum_core.c
@@ -817,9 +817,9 @@ static void mbedtls_mpi_core_exp_mod_optionally_safe(mbedtls_mpi_uint *X,
                                                      size_t AN_limbs,
                                                      const mbedtls_mpi_uint *E,
                                                      size_t E_limbs,
+                                                     int E_public,
                                                      const mbedtls_mpi_uint *RR,
-                                                     mbedtls_mpi_uint *T,
-                                                     int E_public)
+                                                     mbedtls_mpi_uint *T)
 {
     const size_t wsize = exp_mod_get_window_size(E_limbs * biL);
     const size_t welem = ((size_t) 1) << wsize;
@@ -910,9 +910,9 @@ void mbedtls_mpi_core_exp_mod(mbedtls_mpi_uint *X,
                                              AN_limbs,
                                              E,
                                              E_limbs,
+                                             MBEDTLS_MPI_IS_SECRET,
                                              RR,
-                                             T,
-                                             MBEDTLS_MPI_IS_SECRET);
+                                             T);
 }
 
 void mbedtls_mpi_core_exp_mod_unsafe(mbedtls_mpi_uint *X,
@@ -928,9 +928,9 @@ void mbedtls_mpi_core_exp_mod_unsafe(mbedtls_mpi_uint *X,
                                              AN_limbs,
                                              E,
                                              E_limbs,
+                                             MBEDTLS_MPI_IS_PUBLIC,
                                              RR,
-                                             T,
-                                             MBEDTLS_MPI_IS_PUBLIC);
+                                             T);
 }
 
 mbedtls_mpi_uint mbedtls_mpi_core_sub_int(mbedtls_mpi_uint *X,