From dee0fd33f10804f6af3b6f818545f2d26e3da731 Mon Sep 17 00:00:00 2001
From: gabor-mezei-arm <gabor.mezei@arm.com>
Date: Mon, 27 Sep 2021 13:34:25 +0200
Subject: [PATCH] Move mbedtls_cf_memcpy_if_eq function to the constant-time
 module

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
---
 library/constant_time.c | 23 +++++++++++++++++++++++
 library/constant_time.h |  5 +++++
 library/ssl_msg.c       | 23 -----------------------
 3 files changed, 28 insertions(+), 23 deletions(-)

diff --git a/library/constant_time.c b/library/constant_time.c
index 281df6400..cbfc8e59a 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -395,3 +395,26 @@ void mbedtls_cf_mem_move_to_left( void *start,
         buf[total-1] = mbedtls_cf_uint_if( no_op, buf[total-1], 0 );
     }
 }
+
+/*
+ * Constant-flow conditional memcpy:
+ *  - if c1 == c2, equivalent to memcpy(dst, src, len),
+ *  - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
+                                     const unsigned char *src,
+                                     size_t len,
+                                     size_t c1, size_t c2 )
+{
+    /* mask = c1 == c2 ? 0xff : 0x00 */
+    const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
+    const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
+
+    /* dst[i] = c1 == c2 ? src[i] : dst[i] */
+    for( size_t i = 0; i < len; i++ )
+        dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
+}
diff --git a/library/constant_time.h b/library/constant_time.h
index 5a932cc6f..ae491b892 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -69,3 +69,8 @@ void mbedtls_cf_mpi_uint_cond_assign( size_t n,
 void mbedtls_cf_mem_move_to_left( void *start,
                                   size_t total,
                                   size_t offset );
+
+void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
+                              const unsigned char *src,
+                              size_t len,
+                              size_t c1, size_t c2 );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 301e50e34..bc4f9d191 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -940,29 +940,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
 
-/*
- * Constant-flow conditional memcpy:
- *  - if c1 == c2, equivalent to memcpy(dst, src, len),
- *  - otherwise, a no-op,
- * but with execution flow independent of the values of c1 and c2.
- *
- * This function is implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-static void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
-                                     const unsigned char *src,
-                                     size_t len,
-                                     size_t c1, size_t c2 )
-{
-    /* mask = c1 == c2 ? 0xff : 0x00 */
-    const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
-    const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
-
-    /* dst[i] = c1 == c2 ? src[i] : dst[i] */
-    for( size_t i = 0; i < len; i++ )
-        dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
-}
-
 /*
  * Compute HMAC of variable-length data with constant flow.
  *