commit ee06febbb45477f052f94ba1602507a50fda404d
author gabor-mezei-arm <gabor.mezei@arm.com> Mon Sep 27 13:34:25 2021 +0200
committer Gabor Mezei <gabor.mezei@arm.com> Thu Nov 11 10:59:04 2021 +0100
tree a80c31745e265a9a8842a4ec33ca240e9bb05d7e
parent 7b23c0b46d5367917aa3f100a24b22581fe8f60c

Move mbedtls_cf_memcpy_if_eq function to the constant-time module

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>

library/constant_time.c

diff --git a/library/constant_time.c b/library/constant_time.c
index 281df64..cbfc8e5 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -395,3 +395,26 @@
         buf[total-1] = mbedtls_cf_uint_if( no_op, buf[total-1], 0 );
     }
 }
+
+/*
+ * Constant-flow conditional memcpy:
+ *  - if c1 == c2, equivalent to memcpy(dst, src, len),
+ *  - otherwise, a no-op,
+ * but with execution flow independent of the values of c1 and c2.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
+                                     const unsigned char *src,
+                                     size_t len,
+                                     size_t c1, size_t c2 )
+{
+    /* mask = c1 == c2 ? 0xff : 0x00 */
+    const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
+    const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
+
+    /* dst[i] = c1 == c2 ? src[i] : dst[i] */
+    for( size_t i = 0; i < len; i++ )
+        dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
+}

library/constant_time.h

diff --git a/library/constant_time.h b/library/constant_time.h
index 5a932cc..ae491b8 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -69,3 +69,8 @@
 void mbedtls_cf_mem_move_to_left( void *start,
                                   size_t total,
                                   size_t offset );
+
+void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
+                              const unsigned char *src,
+                              size_t len,
+                              size_t c1, size_t c2 );

library/ssl_msg.c

diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index 020abf6..42579ea 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -1047,29 +1047,6 @@
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
 
 /*
- * Constant-flow conditional memcpy:
- *  - if c1 == c2, equivalent to memcpy(dst, src, len),
- *  - otherwise, a no-op,
- * but with execution flow independent of the values of c1 and c2.
- *
- * This function is implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-static void mbedtls_cf_memcpy_if_eq( unsigned char *dst,
-                                     const unsigned char *src,
-                                     size_t len,
-                                     size_t c1, size_t c2 )
-{
-    /* mask = c1 == c2 ? 0xff : 0x00 */
-    const size_t equal = mbedtls_cf_size_bool_eq( c1, c2 );
-    const unsigned char mask = (unsigned char) mbedtls_cf_size_mask( equal );
-
-    /* dst[i] = c1 == c2 ? src[i] : dst[i] */
-    for( size_t i = 0; i < len; i++ )
-        dst[i] = ( src[i] & mask ) | ( dst[i] & ~mask );
-}
-
-/*
  * Compute HMAC of variable-length data with constant flow.
  *
  * Only works with MD-5, SHA-1, SHA-256 and SHA-384.