| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 1 | /** | 
|  | 2 | *  Constant-time functions | 
|  | 3 | * | 
|  | 4 | *  For readability, the static inline definitions are here, and | 
|  | 5 | *  constant_time_internal.h has only the declarations. | 
|  | 6 | * | 
|  | 7 | *  This results in duplicate declarations of the form: | 
|  | 8 | *      static inline void f() { ... } | 
|  | 9 | *      static inline void f(); | 
|  | 10 | *  when constant_time_internal.h is included. This appears to behave | 
|  | 11 | *  exactly as if the declaration-without-definition was not present. | 
|  | 12 | * | 
|  | 13 | *  Copyright The Mbed TLS Contributors | 
|  | 14 | *  SPDX-License-Identifier: Apache-2.0 | 
|  | 15 | * | 
|  | 16 | *  Licensed under the Apache License, Version 2.0 (the "License"); you may | 
|  | 17 | *  not use this file except in compliance with the License. | 
|  | 18 | *  You may obtain a copy of the License at | 
|  | 19 | * | 
|  | 20 | *  http://www.apache.org/licenses/LICENSE-2.0 | 
|  | 21 | * | 
|  | 22 | *  Unless required by applicable law or agreed to in writing, software | 
|  | 23 | *  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT | 
|  | 24 | *  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | 
|  | 25 | *  See the License for the specific language governing permissions and | 
|  | 26 | *  limitations under the License. | 
|  | 27 | */ | 
|  | 28 |  | 
|  | 29 | #ifndef MBEDTLS_CONSTANT_TIME_IMPL_H | 
|  | 30 | #define MBEDTLS_CONSTANT_TIME_IMPL_H | 
|  | 31 |  | 
|  | 32 | #include <stddef.h> | 
|  | 33 |  | 
|  | 34 | #include "common.h" | 
|  | 35 |  | 
|  | 36 | #if defined(MBEDTLS_BIGNUM_C) | 
|  | 37 | #include "mbedtls/bignum.h" | 
|  | 38 | #endif | 
|  | 39 |  | 
| Dave Rodgman | 205295c | 2023-08-01 14:10:56 +0100 | [diff] [blame] | 40 | /* constant_time_impl.h contains all the static inline implementations, | 
|  | 41 | * so that constant_time_internal.h is more readable. | 
|  | 42 | * | 
|  | 43 | * gcc generates warnings about duplicate declarations, so disable this | 
|  | 44 | * warning. | 
|  | 45 | */ | 
|  | 46 | #ifdef __GNUC__ | 
|  | 47 | #pragma GCC diagnostic push | 
|  | 48 | #pragma GCC diagnostic ignored "-Wredundant-decls" | 
|  | 49 | #endif | 
|  | 50 |  | 
| Dave Rodgman | 3d574da | 2023-07-31 16:54:00 +0100 | [diff] [blame] | 51 | /* Disable asm under Memsan because it confuses Memsan and generates false errors */ | 
|  | 52 | #if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN) | 
|  | 53 | #define MBEDTLS_CT_NO_ASM | 
|  | 54 | #elif defined(__has_feature) | 
|  | 55 | #if __has_feature(memory_sanitizer) | 
|  | 56 | #define MBEDTLS_CT_NO_ASM | 
|  | 57 | #endif | 
|  | 58 | #endif | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 59 |  | 
|  | 60 | /* armcc5 --gnu defines __GNUC__ but doesn't support GNU's extended asm */ | 
|  | 61 | #if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && (!defined(__ARMCC_VERSION) || \ | 
| Dave Rodgman | 3d574da | 2023-07-31 16:54:00 +0100 | [diff] [blame] | 62 | __ARMCC_VERSION >= 6000000) && !defined(MBEDTLS_CT_NO_ASM) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 63 | #define MBEDTLS_CT_ASM | 
|  | 64 | #if (defined(__arm__) || defined(__thumb__) || defined(__thumb2__)) | 
|  | 65 | #define MBEDTLS_CT_ARM_ASM | 
|  | 66 | #elif defined(__aarch64__) | 
|  | 67 | #define MBEDTLS_CT_AARCH64_ASM | 
|  | 68 | #endif | 
|  | 69 | #endif | 
|  | 70 |  | 
|  | 71 | #define MBEDTLS_CT_SIZE (sizeof(mbedtls_ct_uint_t) * 8) | 
|  | 72 |  | 
|  | 73 |  | 
|  | 74 | /* ============================================================================ | 
|  | 75 | * Core const-time primitives | 
|  | 76 | */ | 
|  | 77 |  | 
| Dave Rodgman | 2894d00 | 2023-06-08 17:52:21 +0100 | [diff] [blame] | 78 | /* Ensure that the compiler cannot know the value of x (i.e., cannot optimise | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 79 | * based on its value) after this function is called. | 
|  | 80 | * | 
|  | 81 | * If we are not using assembly, this will be fairly inefficient, so its use | 
|  | 82 | * should be minimised. | 
|  | 83 | */ | 
| Dave Rodgman | 2894d00 | 2023-06-08 17:52:21 +0100 | [diff] [blame] | 84 |  | 
|  | 85 | #if !defined(MBEDTLS_CT_ASM) | 
| Dave Rodgman | 58c80f4 | 2023-06-12 18:19:46 +0100 | [diff] [blame] | 86 | extern volatile mbedtls_ct_uint_t mbedtls_ct_zero; | 
| Dave Rodgman | 2894d00 | 2023-06-08 17:52:21 +0100 | [diff] [blame] | 87 | #endif | 
|  | 88 |  | 
| Dave Rodgman | 93cec45 | 2023-07-31 12:30:26 +0100 | [diff] [blame] | 89 | /** | 
|  | 90 | * \brief   Ensure that a value cannot be known at compile time. | 
|  | 91 | * | 
|  | 92 | * \param x        The value to hide from the compiler. | 
|  | 93 | * \return         The same value that was passed in, such that the compiler | 
|  | 94 | *                 cannot prove its value (even for calls of the form | 
|  | 95 | *                 x = mbedtls_ct_compiler_opaque(1), x will be unknown). | 
|  | 96 | * | 
|  | 97 | * \note           This is mainly used in constructing mbedtls_ct_condition_t | 
|  | 98 | *                 values and performing operations over them, to ensure that | 
|  | 99 | *                 there is no way for the compiler to ever know anything about | 
|  | 100 | *                 the value of an mbedtls_ct_condition_t. | 
|  | 101 | */ | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 102 | static inline mbedtls_ct_uint_t mbedtls_ct_compiler_opaque(mbedtls_ct_uint_t x) | 
|  | 103 | { | 
|  | 104 | #if defined(MBEDTLS_CT_ASM) | 
|  | 105 | asm volatile ("" : [x] "+r" (x) :); | 
|  | 106 | return x; | 
|  | 107 | #else | 
| Dave Rodgman | 2894d00 | 2023-06-08 17:52:21 +0100 | [diff] [blame] | 108 | return x ^ mbedtls_ct_zero; | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 109 | #endif | 
|  | 110 | } | 
|  | 111 |  | 
|  | 112 | /* Convert a number into a condition in constant time. */ | 
|  | 113 | static inline mbedtls_ct_condition_t mbedtls_ct_bool(mbedtls_ct_uint_t x) | 
|  | 114 | { | 
|  | 115 | /* | 
|  | 116 | * Define mask-generation code that, as far as possible, will not use branches or conditional instructions. | 
|  | 117 | * | 
|  | 118 | * For some platforms / type sizes, we define assembly to assure this. | 
|  | 119 | * | 
|  | 120 | * Otherwise, we define a plain C fallback which (in May 2023) does not get optimised into | 
|  | 121 | * conditional instructions or branches by trunk clang, gcc, or MSVC v19. | 
|  | 122 | */ | 
|  | 123 | const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); | 
|  | 124 | #if defined(_MSC_VER) | 
|  | 125 | /* MSVC has a warning about unary minus on unsigned, but this is | 
|  | 126 | * well-defined and precisely what we want to do here */ | 
|  | 127 | #pragma warning( push ) | 
|  | 128 | #pragma warning( disable : 4146 ) | 
|  | 129 | #endif | 
|  | 130 | return (mbedtls_ct_condition_t) (((mbedtls_ct_int_t) ((-xo) | -(xo >> 1))) >> | 
|  | 131 | (MBEDTLS_CT_SIZE - 1)); | 
|  | 132 | #if defined(_MSC_VER) | 
|  | 133 | #pragma warning( pop ) | 
|  | 134 | #endif | 
|  | 135 | } | 
|  | 136 |  | 
|  | 137 | static inline mbedtls_ct_uint_t mbedtls_ct_if(mbedtls_ct_condition_t condition, | 
|  | 138 | mbedtls_ct_uint_t if1, | 
|  | 139 | mbedtls_ct_uint_t if0) | 
|  | 140 | { | 
| Dave Rodgman | 1c4eaa1 | 2023-05-17 12:22:59 +0100 | [diff] [blame] | 141 | mbedtls_ct_condition_t not_cond = | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 142 | (mbedtls_ct_condition_t) (~mbedtls_ct_compiler_opaque(condition)); | 
| Dave Rodgman | 1c4eaa1 | 2023-05-17 12:22:59 +0100 | [diff] [blame] | 143 | return (mbedtls_ct_uint_t) ((condition & if1) | (not_cond & if0)); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 144 | } | 
|  | 145 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 146 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_lt(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 147 | { | 
|  | 148 | /* Ensure that the compiler cannot optimise the following operations over x and y, | 
|  | 149 | * even if it knows the value of x and y. | 
|  | 150 | */ | 
| Dave Rodgman | 74e18eb | 2023-05-17 12:21:32 +0100 | [diff] [blame] | 151 | const mbedtls_ct_uint_t xo = mbedtls_ct_compiler_opaque(x); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 152 | const mbedtls_ct_uint_t yo = mbedtls_ct_compiler_opaque(y); | 
|  | 153 | /* | 
|  | 154 | * Check if the most significant bits (MSB) of the operands are different. | 
|  | 155 | * cond is true iff the MSBs differ. | 
|  | 156 | */ | 
| Dave Rodgman | 74e18eb | 2023-05-17 12:21:32 +0100 | [diff] [blame] | 157 | mbedtls_ct_condition_t cond = mbedtls_ct_bool((xo ^ yo) >> (MBEDTLS_CT_SIZE - 1)); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 158 |  | 
|  | 159 | /* | 
|  | 160 | * If the MSB are the same then the difference x-y will be negative (and | 
|  | 161 | * have its MSB set to 1 during conversion to unsigned) if and only if x<y. | 
|  | 162 | * | 
|  | 163 | * If the MSB are different, then the operand with the MSB of 1 is the | 
|  | 164 | * bigger. (That is if y has MSB of 1, then x<y is true and it is false if | 
|  | 165 | * the MSB of y is 0.) | 
|  | 166 | */ | 
|  | 167 |  | 
|  | 168 | // Select either y, or x - y | 
| Dave Rodgman | 74e18eb | 2023-05-17 12:21:32 +0100 | [diff] [blame] | 169 | mbedtls_ct_uint_t ret = mbedtls_ct_if(cond, yo, (mbedtls_ct_uint_t) (xo - yo)); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 170 |  | 
|  | 171 | // Extract only the MSB of ret | 
|  | 172 | ret = ret >> (MBEDTLS_CT_SIZE - 1); | 
|  | 173 |  | 
|  | 174 | // Convert to a condition (i.e., all bits set iff non-zero) | 
|  | 175 | return mbedtls_ct_bool(ret); | 
|  | 176 | } | 
|  | 177 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 178 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_ne(mbedtls_ct_uint_t x, mbedtls_ct_uint_t y) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 179 | { | 
|  | 180 | /* diff = 0 if x == y, non-zero otherwise */ | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 181 | const mbedtls_ct_uint_t diff = mbedtls_ct_compiler_opaque(x) ^ mbedtls_ct_compiler_opaque(y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 182 |  | 
|  | 183 | /* all ones if x != y, 0 otherwise */ | 
|  | 184 | return mbedtls_ct_bool(diff); | 
|  | 185 | } | 
|  | 186 |  | 
|  | 187 | static inline unsigned char mbedtls_ct_uchar_in_range_if(unsigned char low, | 
|  | 188 | unsigned char high, | 
|  | 189 | unsigned char c, | 
|  | 190 | unsigned char t) | 
|  | 191 | { | 
|  | 192 | const unsigned char co = (const unsigned char) mbedtls_ct_compiler_opaque(c); | 
|  | 193 | const unsigned char to = (const unsigned char) mbedtls_ct_compiler_opaque(t); | 
|  | 194 |  | 
|  | 195 | /* low_mask is: 0 if low <= c, 0x...ff if low > c */ | 
|  | 196 | unsigned low_mask = ((unsigned) co - low) >> 8; | 
|  | 197 | /* high_mask is: 0 if c <= high, 0x...ff if c > high */ | 
|  | 198 | unsigned high_mask = ((unsigned) high - co) >> 8; | 
|  | 199 |  | 
|  | 200 | return (unsigned char) (~(low_mask | high_mask)) & to; | 
|  | 201 | } | 
|  | 202 |  | 
|  | 203 |  | 
|  | 204 | /* ============================================================================ | 
|  | 205 | * Everything below here is trivial wrapper functions | 
|  | 206 | */ | 
|  | 207 |  | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 208 | static inline size_t mbedtls_ct_size_if(mbedtls_ct_condition_t condition, | 
|  | 209 | size_t if1, | 
|  | 210 | size_t if0) | 
|  | 211 | { | 
|  | 212 | return (size_t) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); | 
|  | 213 | } | 
|  | 214 |  | 
| Dave Rodgman | 2b4486a | 2023-05-17 15:51:59 +0100 | [diff] [blame] | 215 | static inline unsigned mbedtls_ct_uint_if(mbedtls_ct_condition_t condition, | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 216 | unsigned if1, | 
|  | 217 | unsigned if0) | 
|  | 218 | { | 
|  | 219 | return (unsigned) mbedtls_ct_if(condition, (mbedtls_ct_uint_t) if1, (mbedtls_ct_uint_t) if0); | 
|  | 220 | } | 
|  | 221 |  | 
|  | 222 | #if defined(MBEDTLS_BIGNUM_C) | 
|  | 223 |  | 
| Dave Rodgman | 585f7f7 | 2023-05-17 17:45:33 +0100 | [diff] [blame] | 224 | static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if(mbedtls_ct_condition_t condition, | 
|  | 225 | mbedtls_mpi_uint if1, | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 226 | mbedtls_mpi_uint if0) | 
|  | 227 | { | 
|  | 228 | return (mbedtls_mpi_uint) mbedtls_ct_if(condition, | 
|  | 229 | (mbedtls_ct_uint_t) if1, | 
|  | 230 | (mbedtls_ct_uint_t) if0); | 
|  | 231 | } | 
|  | 232 |  | 
|  | 233 | #endif | 
|  | 234 |  | 
| Dave Rodgman | 98ddc01 | 2023-08-10 12:11:31 +0100 | [diff] [blame] | 235 | static inline size_t mbedtls_ct_size_if_else_0(mbedtls_ct_condition_t condition, size_t if1) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 236 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 237 | return (size_t) (condition & if1); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 238 | } | 
|  | 239 |  | 
| Dave Rodgman | 98ddc01 | 2023-08-10 12:11:31 +0100 | [diff] [blame] | 240 | static inline unsigned mbedtls_ct_uint_if_else_0(mbedtls_ct_condition_t condition, unsigned if1) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 241 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 242 | return (unsigned) (condition & if1); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 243 | } | 
|  | 244 |  | 
|  | 245 | #if defined(MBEDTLS_BIGNUM_C) | 
|  | 246 |  | 
| Dave Rodgman | 98ddc01 | 2023-08-10 12:11:31 +0100 | [diff] [blame] | 247 | static inline mbedtls_mpi_uint mbedtls_ct_mpi_uint_if_else_0(mbedtls_ct_condition_t condition, | 
|  | 248 | mbedtls_mpi_uint if1) | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 249 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 250 | return (mbedtls_mpi_uint) (condition & if1); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 251 | } | 
|  | 252 |  | 
|  | 253 | #endif /* MBEDTLS_BIGNUM_C */ | 
|  | 254 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 255 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_eq(mbedtls_ct_uint_t x, | 
| Dave Rodgman | 585f7f7 | 2023-05-17 17:45:33 +0100 | [diff] [blame] | 256 | mbedtls_ct_uint_t y) | 
|  | 257 | { | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 258 | return ~mbedtls_ct_uint_ne(x, y); | 
| Dave Rodgman | 585f7f7 | 2023-05-17 17:45:33 +0100 | [diff] [blame] | 259 | } | 
|  | 260 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 261 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_gt(mbedtls_ct_uint_t x, | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 262 | mbedtls_ct_uint_t y) | 
|  | 263 | { | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 264 | return mbedtls_ct_uint_lt(y, x); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 265 | } | 
|  | 266 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 267 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_ge(mbedtls_ct_uint_t x, | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 268 | mbedtls_ct_uint_t y) | 
|  | 269 | { | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 270 | return ~mbedtls_ct_uint_lt(x, y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 271 | } | 
|  | 272 |  | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 273 | static inline mbedtls_ct_condition_t mbedtls_ct_uint_le(mbedtls_ct_uint_t x, | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 274 | mbedtls_ct_uint_t y) | 
|  | 275 | { | 
| Dave Rodgman | b7825ce | 2023-08-10 11:58:18 +0100 | [diff] [blame] | 276 | return ~mbedtls_ct_uint_gt(x, y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 277 | } | 
|  | 278 |  | 
|  | 279 | static inline mbedtls_ct_condition_t mbedtls_ct_bool_xor(mbedtls_ct_condition_t x, | 
|  | 280 | mbedtls_ct_condition_t y) | 
|  | 281 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 282 | return (mbedtls_ct_condition_t) (x ^ y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 283 | } | 
|  | 284 |  | 
|  | 285 | static inline mbedtls_ct_condition_t mbedtls_ct_bool_and(mbedtls_ct_condition_t x, | 
|  | 286 | mbedtls_ct_condition_t y) | 
|  | 287 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 288 | return (mbedtls_ct_condition_t) (x & y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 289 | } | 
|  | 290 |  | 
|  | 291 | static inline mbedtls_ct_condition_t mbedtls_ct_bool_or(mbedtls_ct_condition_t x, | 
|  | 292 | mbedtls_ct_condition_t y) | 
|  | 293 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 294 | return (mbedtls_ct_condition_t) (x | y); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 295 | } | 
|  | 296 |  | 
|  | 297 | static inline mbedtls_ct_condition_t mbedtls_ct_bool_not(mbedtls_ct_condition_t x) | 
|  | 298 | { | 
| Dave Rodgman | fe76af2 | 2023-05-17 17:45:17 +0100 | [diff] [blame] | 299 | return (mbedtls_ct_condition_t) (~x); | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 300 | } | 
|  | 301 |  | 
| Dave Rodgman | 205295c | 2023-08-01 14:10:56 +0100 | [diff] [blame] | 302 | #ifdef __GNUC__ | 
|  | 303 | #pragma GCC diagnostic pop | 
|  | 304 | #endif | 
|  | 305 |  | 
| Dave Rodgman | 40a41d0 | 2023-05-17 11:59:56 +0100 | [diff] [blame] | 306 | #endif /* MBEDTLS_CONSTANT_TIME_IMPL_H */ |