Move mbedtls_cf_size_mask_ge function to the constant-time module

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>

library/constant_time.c

@@ -161,3 +161,19 @@ size_t mbedtls_cf_size_mask_lt( size_t x, size_t y )
 
     return( mask );
 }
+
+/*
+ * Constant-flow mask generation for "greater or equal" comparison:
+ * - if x >= y, return all bits 1, that is (size_t) -1
+ * - otherwise, return all bits 0, that is 0
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
+{
+    return( ~mbedtls_cf_size_mask_lt( x, y ) );
+}

library/constant_time.h

@@ -35,3 +35,5 @@ unsigned mbedtls_cf_uint_mask( unsigned value );
 size_t mbedtls_cf_size_mask( size_t bit );
 
 size_t mbedtls_cf_size_mask_lt( size_t x, size_t y );
+
+size_t mbedtls_cf_size_mask_ge( size_t x, size_t y );

library/ssl_msg.c

@@ -939,22 +939,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 }
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-/*
- * Constant-flow mask generation for "greater or equal" comparison:
- * - if x >= y, return all bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * This function is implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-static size_t mbedtls_cf_size_mask_ge( size_t x, size_t y )
-{
-    return( ~mbedtls_cf_size_mask_lt( x, y ) );
-}
-
 /*
  * Constant-flow boolean "equal" comparison:
  * return x == y