diff --git a/ChangeLog b/ChangeLog
index 623c60bb3cfe1b2d6305dd52355e329cc167500f..a25b7b5b94366331d51534925c5dc417bec16afb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2023-11-22  Niels Möller  <nisse@lysator.liu.se>
+
+	Revert part of the 2023-08-05 change.
+	* rsa-sec-decrypt.c (rsa_sec_decrypt): Merge with
+	_rsa_sec_decrypt, including input range check.
+	(_rsa_sec_decrypt): Deleted.
+	* rsa-internal.h (_rsa_sec_decrypt): Delete declaration.
+	* testsuite/rsa-sec-decrypt-test.c (rsa_decrypt_for_test): Always
+	call rsa_sec_decrypt, but don't annotate the ciphertext input as
+	undefined/secret.
+
 2023-11-15  Niels Möller  <nisse@lysator.liu.se>
 
 	* ecc-mod-arith.c (ecc_mod_addmul_1): Use assert_maybe.
diff --git a/rsa-internal.h b/rsa-internal.h
index ed4ebe887397e0588b772bd982884fb61b810369..f66a7df049b675ac471d345d56000a2180fc31f6 100644
--- a/rsa-internal.h
+++ b/rsa-internal.h
@@ -44,7 +44,6 @@
 #define _rsa_sec_compute_root_itch _nettle_rsa_sec_compute_root_itch
 #define _rsa_sec_compute_root _nettle_rsa_sec_compute_root
 #define _rsa_sec_compute_root_tr _nettle_rsa_sec_compute_root_tr
-#define _rsa_sec_decrypt _nettle_rsa_sec_decrypt
 
 /* Internal functions. */
 int
@@ -86,13 +85,4 @@ _rsa_sec_compute_root_tr(const struct rsa_public_key *pub,
 			 void *random_ctx, nettle_random_func *random,
 			 mp_limb_t *x, const mp_limb_t *m);
 
-/* Variant without range check of the input, to ease testing for
-   side-channel silence. */
-int
-_rsa_sec_decrypt (const struct rsa_public_key *pub,
-		  const struct rsa_private_key *key,
-		  void *random_ctx, nettle_random_func *random,
-		  size_t length, uint8_t *message,
-		  const mpz_t gibberish);
-
 #endif /* NETTLE_RSA_INTERNAL_H_INCLUDED */
diff --git a/rsa-sec-decrypt.c b/rsa-sec-decrypt.c
index e2f953e280f5ff3178876b142e073c4b43a309ea..4c98958dd52863dfc2682dfa60532bd4980f44d8 100644
--- a/rsa-sec-decrypt.c
+++ b/rsa-sec-decrypt.c
@@ -44,19 +44,21 @@
 
 #include "gmp-glue.h"
 
-/* Variant without range check of the input, to ease testing for
-   side-channel silence. */
 int
-_rsa_sec_decrypt (const struct rsa_public_key *pub,
-		  const struct rsa_private_key *key,
-		  void *random_ctx, nettle_random_func *random,
-		  size_t length, uint8_t *message,
-		  const mpz_t gibberish)
+rsa_sec_decrypt(const struct rsa_public_key *pub,
+	        const struct rsa_private_key *key,
+	        void *random_ctx, nettle_random_func *random,
+	        size_t length, uint8_t *message,
+	        const mpz_t gibberish)
 {
   TMP_GMP_DECL (m, mp_limb_t);
   TMP_GMP_DECL (em, uint8_t);
   int res;
 
+  /* First check that input is in range. */
+  if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0)
+    return 0;
+
   TMP_GMP_ALLOC (m, mpz_size(pub->n));
   TMP_GMP_ALLOC (em, key->size);
 
@@ -76,16 +78,3 @@ _rsa_sec_decrypt (const struct rsa_public_key *pub,
   return res;
 }
 
-int
-rsa_sec_decrypt (const struct rsa_public_key *pub,
-		 const struct rsa_private_key *key,
-		 void *random_ctx, nettle_random_func *random,
-		 size_t length, uint8_t *message,
-		 const mpz_t gibberish)
-{
-  /* First check that input is in range. */
-  if (mpz_sgn (gibberish) < 0 || mpz_cmp (gibberish, pub->n) >= 0)
-    return 0;
-
-  return _rsa_sec_decrypt (pub, key, random_ctx, random, length, message, gibberish);
-}
diff --git a/testsuite/rsa-sec-decrypt-test.c b/testsuite/rsa-sec-decrypt-test.c
index cc5d49aa74b48e3340e4347632517e82ccdc291a..0b4c7845d13a0503f46539ecc01a6d7f82c690cd 100644
--- a/testsuite/rsa-sec-decrypt-test.c
+++ b/testsuite/rsa-sec-decrypt-test.c
@@ -1,7 +1,6 @@
 #include "testutils.h"
 
 #include "rsa.h"
-#include "rsa-internal.h"
 #include "knuth-lfib.h"
 
 #define MARK_MPZ_LIMBS_UNDEFINED(x) \
@@ -18,8 +17,6 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub,
                      const mpz_t gibberish)
 {
   int ret;
-  if (!test_side_channel)
-    return rsa_sec_decrypt (pub, key, random_ctx, random, length, message, gibberish);
 
   /* Makes valgrind trigger on any branches depending on the input
      data. Except that (i) we have to allow rsa_sec_compute_root_tr to
@@ -29,7 +26,6 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub,
      mpn_sec_powm may leak information about the least significant
      bits of p and q, due to table lookup in binvert_limb. */
   mark_bytes_undefined (length, message);
-  MARK_MPZ_LIMBS_UNDEFINED(gibberish);
   MARK_MPZ_LIMBS_UNDEFINED(key->a);
   MARK_MPZ_LIMBS_UNDEFINED(key->b);
   MARK_MPZ_LIMBS_UNDEFINED(key->c);
@@ -38,12 +34,10 @@ rsa_decrypt_for_test(const struct rsa_public_key *pub,
   mark_bytes_undefined((mpz_size (key->q) - 3) * sizeof(mp_limb_t), 
 		       mpz_limbs_read (key->q) + 1);
 
-  /* Call variant not checking that 0 <= gibberish < n. */
-  ret = _rsa_sec_decrypt (pub, key, random_ctx, random, length, message, gibberish);
+  ret = rsa_sec_decrypt (pub, key, random_ctx, random, length, message, gibberish);
 
   mark_bytes_defined (length, message);
   mark_bytes_defined (sizeof(ret), &ret);
-  MARK_MPZ_LIMBS_DEFINED(gibberish);
   MARK_MPZ_LIMBS_DEFINED(key->a);
   MARK_MPZ_LIMBS_DEFINED(key->b);
   MARK_MPZ_LIMBS_DEFINED(key->c);