diff --git a/library/constant_time.c b/library/constant_time.c
index 604859f0f..928b9b7fe 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -136,3 +136,28 @@ size_t mbedtls_cf_size_mask( size_t bit )
 #pragma warning( pop )
 #endif
 }
+
+/*
+ * Constant-flow mask generation for "less than" comparison:
+ * - if x < y,  return all bits 1, that is (size_t) -1
+ * - otherwise, return all bits 0, that is 0
+ *
+ * This function can be used to write constant-time code by replacing branches
+ * with bit operations using masks.
+ *
+ * This function is implemented without using comparison operators, as those
+ * might be translated to branches by some compilers on some platforms.
+ */
+size_t mbedtls_cf_size_mask_lt( size_t x, size_t y )
+{
+    /* This has the most significant bit set if and only if x < y */
+    const size_t sub = x - y;
+
+    /* sub1 = (x < y) ? 1 : 0 */
+    const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
+
+    /* mask = (x < y) ? 0xff... : 0x00... */
+    const size_t mask = mbedtls_cf_size_mask( sub1 );
+
+    return( mask );
+}
diff --git a/library/constant_time.h b/library/constant_time.h
index 3cbabe1d3..0b759000a 100644
--- a/library/constant_time.h
+++ b/library/constant_time.h
@@ -33,3 +33,5 @@ int mbedtls_safer_memcmp( const void *a, const void *b, size_t n );
 unsigned mbedtls_cf_uint_mask( unsigned value );
 
 size_t mbedtls_cf_size_mask( size_t bit );
+
+size_t mbedtls_cf_size_mask_lt( size_t x, size_t y );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index df57cb0ca..94f263d00 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -939,31 +939,6 @@ int mbedtls_ssl_encrypt_buf( mbedtls_ssl_context *ssl,
 }
 
 #if defined(MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC)
-/*
- * Constant-flow mask generation for "less than" comparison:
- * - if x < y,  return all bits 1, that is (size_t) -1
- * - otherwise, return all bits 0, that is 0
- *
- * This function can be used to write constant-time code by replacing branches
- * with bit operations using masks.
- *
- * This function is implemented without using comparison operators, as those
- * might be translated to branches by some compilers on some platforms.
- */
-static size_t mbedtls_cf_size_mask_lt( size_t x, size_t y )
-{
-    /* This has the most significant bit set if and only if x < y */
-    const size_t sub = x - y;
-
-    /* sub1 = (x < y) ? 1 : 0 */
-    const size_t sub1 = sub >> ( sizeof( sub ) * 8 - 1 );
-
-    /* mask = (x < y) ? 0xff... : 0x00... */
-    const size_t mask = mbedtls_cf_size_mask( sub1 );
-
-    return( mask );
-}
-
 /*
  * Constant-flow mask generation for "greater or equal" comparison:
  * - if x >= y, return all bits 1, that is (size_t) -1