From 2c5ed2244b37776d72ab35f5bf1d7d02872ce6c6 Mon Sep 17 00:00:00 2001 From: Gabor Mezei Date: Mon, 18 Oct 2021 16:05:50 +0200 Subject: [PATCH] Make mbedtls_cf_size_mask_lt function static The mbedtls_cf_size_mask_lt is solely used as an auxiliary function for mbedtls_cf_size_mask_ge. Signed-off-by: Gabor Mezei --- library/constant_time.c | 16 ++++++++++++++-- library/constant_time.h | 18 ------------------ 2 files changed, 14 insertions(+), 20 deletions(-) diff --git a/library/constant_time.c b/library/constant_time.c index 98f69db711..84d961cfa5 100644 --- a/library/constant_time.c +++ b/library/constant_time.c @@ -103,8 +103,20 @@ mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ) #endif /* MBEDTLS_BIGNUM_C */ -size_t mbedtls_cf_size_mask_lt( size_t x, - size_t y ) +/** Constant-flow mask generation for "less than" comparison: + * - if \p x < \p y, return all-bits 1, that is (size_t) -1 + * - otherwise, return all bits 0, that is 0 + * + * This function can be used to write constant-time code by replacing branches + * with bit operations using masks. + * + * \param x The first value to analyze. + * \param y The second value to analyze. + * + * \return All-bits-one if \p x is less than \p y, otherwise zero. + */ +static size_t mbedtls_cf_size_mask_lt( size_t x, + size_t y ) { /* This has the most significant bit set if and only if x < y */ const size_t sub = x - y; diff --git a/library/constant_time.h b/library/constant_time.h index 83329b175b..3877272d21 100644 --- a/library/constant_time.h +++ b/library/constant_time.h @@ -104,24 +104,6 @@ mbedtls_mpi_uint mbedtls_cf_mpi_uint_mask( mbedtls_mpi_uint value ); #endif /* MBEDTLS_BIGNUM_C */ -/** Constant-flow mask generation for "less than" comparison: - * - if \p x < \p y, return all-bits 1, that is (size_t) -1 - * - otherwise, return all bits 0, that is 0 - * - * This function can be used to write constant-time code by replacing branches - * with bit operations using masks. - * - * This function is implemented without using comparison operators, as those - * might be translated to branches by some compilers on some platforms. - * - * \param x The first value to analyze. - * \param y The second value to analyze. - * - * \return All-bits-one if \p x is less than \p y, otherwise zero. - */ -size_t mbedtls_cf_size_mask_lt( size_t x, - size_t y ); - /** Constant-flow mask generation for "greater or equal" comparison: * - if \p x >= \p y, return all-bits 1, that is (size_t) -1 * - otherwise, return all bits 0, that is 0