Make padlen check const-time
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
diff --git a/library/nist_kw.c b/library/nist_kw.c
index 15b5bc0..3de1b6a 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -421,10 +421,9 @@
* larger than 8, because of the type wrap around.
*/
padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
- if (padlen > 7) {
- padlen &= 7;
- ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
- }
+ ret = -((int) mbedtls_ct_uint_if_else_0(mbedtls_ct_uint_gt(padlen, 7),
+ -MBEDTLS_ERR_CIPHER_AUTH_FAILED));
+ padlen &= 7;
/* Check padding in "constant-time" */
const uint8_t zero[KW_SEMIBLOCK_LENGTH] = { 0 };