diff --git a/tests/suites/test_suite_constant_time.data b/tests/suites/test_suite_constant_time.data
new file mode 100644
index 0000000000..4504aa4d67
--- /dev/null
+++ b/tests/suites/test_suite_constant_time.data
@@ -0,0 +1,11 @@
+# these are the numbers we'd get with an empty plaintext and truncated HMAC
+Constant-flow memcpy from offset: small
+ssl_cf_memcpy_offset:0:5:10
+
+# we could get this with 255-bytes plaintext and untruncated SHA-256
+Constant-flow memcpy from offset: medium
+ssl_cf_memcpy_offset:0:255:32
+
+# we could get this with 255-bytes plaintext and untruncated SHA-384
+Constant-flow memcpy from offset: large
+ssl_cf_memcpy_offset:100:339:48
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
new file mode 100644
index 0000000000..a3673b7179
--- /dev/null
+++ b/tests/suites/test_suite_constant_time.function
@@ -0,0 +1,49 @@
+/* BEGIN_HEADER */
+/** \file test_suite_constant_time.function
+ *
+ * Functional testing of functions in the constant_time module.
+ *
+ * The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC
+ * (see tests/include/test/constant_flow.h) so that running the tests
+ * under MSan or Valgrind will detect a non-constant-time implementation.
+ */
+
+#include <mbedtls/constant_time.h>
+#include <constant_time_internal.h>
+#include <constant_time_invasive.h>
+
+#include <test/constant_flow.h>
+/* END_HEADER */
+
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
+void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
+{
+    unsigned char *dst = NULL;
+    unsigned char *src = NULL;
+    size_t src_len = offset_max + len;
+    size_t secret;
+
+    ASSERT_ALLOC( dst, len );
+    ASSERT_ALLOC( src, src_len );
+
+    /* Fill src in a way that we can detect if we copied the right bytes */
+    mbedtls_test_rnd_std_rand( NULL, src, src_len );
+
+    for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
+    {
+        mbedtls_test_set_step( (int) secret );
+
+        TEST_CF_SECRET( &secret, sizeof( secret ) );
+        mbedtls_ct_memcpy_offset( dst, src, secret,
+                                  offset_min, offset_max, len );
+        TEST_CF_PUBLIC( &secret, sizeof( secret ) );
+        TEST_CF_PUBLIC( dst, len );
+
+        ASSERT_COMPARE( dst, len, src + secret, len );
+    }
+
+exit:
+    mbedtls_free( dst );
+    mbedtls_free( src );
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 5bd856bb2b..bc2edd120e 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -3378,18 +3378,6 @@ TLS 1.3: SRV: Session serialization, load buffer size
 depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_SSL_SRV_C
 ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSION_TLS1_3
 
-# these are the numbers we'd get with an empty plaintext and truncated HMAC
-Constant-flow memcpy from offset: small
-ssl_cf_memcpy_offset:0:5:10
-
-# we could get this with 255-bytes plaintext and untruncated SHA-256
-Constant-flow memcpy from offset: medium
-ssl_cf_memcpy_offset:0:255:32
-
-# we could get this with 255-bytes plaintext and untruncated SHA-384
-Constant-flow memcpy from offset: large
-ssl_cf_memcpy_offset:100:339:48
-
 Test configuration of groups for DHE through mbedtls_ssl_conf_curves()
 conf_curve:
 
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 39774c64de..e33b38979a 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -5438,39 +5438,6 @@ void resize_buffers_renegotiate_mfl( int mfl, int legacy_renegotiation,
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC:MBEDTLS_TEST_HOOKS */
-void ssl_cf_memcpy_offset( int offset_min, int offset_max, int len )
-{
-    unsigned char *dst = NULL;
-    unsigned char *src = NULL;
-    size_t src_len = offset_max + len;
-    size_t secret;
-
-    ASSERT_ALLOC( dst, len );
-    ASSERT_ALLOC( src, src_len );
-
-    /* Fill src in a way that we can detect if we copied the right bytes */
-    mbedtls_test_rnd_std_rand( NULL, src, src_len );
-
-    for( secret = offset_min; secret <= (size_t) offset_max; secret++ )
-    {
-        mbedtls_test_set_step( (int) secret );
-
-        TEST_CF_SECRET( &secret, sizeof( secret ) );
-        mbedtls_ct_memcpy_offset( dst, src, secret,
-                                  offset_min, offset_max, len );
-        TEST_CF_PUBLIC( &secret, sizeof( secret ) );
-        TEST_CF_PUBLIC( dst, len );
-
-        ASSERT_COMPARE( dst, len, src + secret, len );
-    }
-
-exit:
-    mbedtls_free( dst );
-    mbedtls_free( src );
-}
-/* END_CASE */
-
 /* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED */
 void test_multiple_psks()
 {