From 16fc57bcc4fb2cec17af716abd70de76f82e1f64 Mon Sep 17 00:00:00 2001 From: gabor-mezei-arm Date: Mon, 27 Sep 2021 11:58:31 +0200 Subject: [PATCH] Move mbedtls_cf_size_mask_ge function to the constant-time module Signed-off-by: gabor-mezei-arm --- library/constant_time.c | 16 ++++++++++++++++ library/constant_time.h | 2 ++ library/ssl_msg.c | 16 ---------------- 3 files changed, 18 insertions(+), 16 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 928b9b7fe..b53d06ba6 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -161,3 +161,19 @@ size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ) return( mask ); } + +/* + * Constant-flow mask generation for "greater or equal" comparison: + * - if x >= y, return all bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * This function is implemented without using comparison operators, as those + * might be translated to branches by some compilers on some platforms. + */ +size_t mbedtls_cf_size_mask_ge( size_t x, size_t y ) +{ + return( ~mbedtls_cf_size_mask_lt( x, y ) ); +} diff --git a/library/constant_time.h b/library/constant_time.h index 0b759000a..8e8992d6f 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -35,3 +35,5 @@ unsigned mbedtls_cf_uint_mask( unsigned value ); size_t mbedtls_cf_size_mask( size_t bit ); size_t mbedtls_cf_size_mask_lt( size_t x, size_t y ); + +size_t mbedtls_cf_size_mask_ge( size_t x, size_t y ); diff --git a/library/ssl_msg.c b/library/ssl_msg.c index 94f263d00..fedaab78e 100644 --- a/library/ssl_msg.c +++ b/library/ssl_msg.c @@ -939,22 +939,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl, } #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC) -/* - * Constant-flow mask generation for "greater or equal" comparison: - * - if x >= y, return all bits 1, that is (size_t) -1 - * - otherwise, return all bits 0, that is 0 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * This function is implemented without using comparison operators, as those - * might be translated to branches by some compilers on some platforms. - */ -static size_t mbedtls_cf_size_mask_ge( size_t x, size_t y ) -{ - return( ~mbedtls_cf_size_mask_lt( x, y ) ); -} - /* * Constant-flow boolean "equal" comparison: * return x == y