Move mbedtls_cf_size_mask_ge function to the constant-time module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
diff --git a/library/constant_time.c b/library/constant_time.c
index 928b9b7..b53d06b 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -161,3 +161,19 @@
return( mask );
}
+
+/*
+ * Constant-flow mask generation for "greater or equal" comparison:
+ * - if x >= y, return all bits 1, that is (size_t) -1
+ * - otherwise, return all bits 0, that is 0
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
+{
+ return( ~mbedtls_cf_size_mask_lt( x, y ) );
+}
diff --git a/library/constant_time.h b/library/constant_time.h
index 0b75900..8e8992d 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -35,3 +35,5 @@
size_t mbedtls_cf_size_mask( size_t bit );
size_t mbedtls_cf_size_mask_lt( size_t x, size_t y );
+
+size_t mbedtls_cf_size_mask_ge( size_t x, size_t y );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index de350eb..1ea7c5f 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1046,22 +1046,6 @@
#if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
/*
- * Constant-flow mask generation for "greater or equal" comparison:
- * - if x >= y, return all bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * This function is implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-static size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
-{
- return( ~mbedtls_cf_size_mask_lt( x, y ) );
-}
-
-/*
* Constant-flow boolean "equal" comparison:
* return x == y
*