commit 7ad37e40a6ed9e63975f6168fb9b61d46fcda5f0
author Dave Rodgman <dave.rodgman@arm.com> Thu Sep 21 21:53:31 2023 +0100
committer Dave Rodgman <dave.rodgman@arm.com> Thu Sep 21 21:53:31 2023 +0100
tree 939ee11f7c8ed73fb9b64ebea51607ac9adc9430
parent 530c3da698c9f8194ca8a711fd106dc14170f486

Remove use of mbedtls_ct_int_if

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/cipher.c

diff --git a/library/cipher.c b/library/cipher.c
index a53fb43..f521fc2 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -870,7 +870,7 @@
         bad = mbedtls_ct_bool_or(bad, mbedtls_ct_bool_and(in_padding, different));
     }
 
-    return mbedtls_ct_int_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
+    return -(int) mbedtls_ct_uint_if_else_0(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
 
@@ -914,7 +914,7 @@
         in_padding = mbedtls_ct_bool_and(in_padding, mbedtls_ct_bool_not(is_nonzero));
     }
 
-    return mbedtls_ct_int_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
+    return -(int) mbedtls_ct_uint_if_else_0(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
 
@@ -961,7 +961,7 @@
         bad = mbedtls_ct_bool_or(bad, nonzero_pad_byte);
     }
 
-    return mbedtls_ct_int_if_else_0(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING);
+    return -(int) mbedtls_ct_uint_if_else_0(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
 

library/nist_kw.c

diff --git a/library/nist_kw.c b/library/nist_kw.c
index 1b4078e..d5b2e27 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -421,8 +421,8 @@
          * larger than 8, because of the type wrap around.
          */
         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        ret = mbedtls_ct_int_if(mbedtls_ct_uint_gt(padlen, 7),
-                                MBEDTLS_ERR_CIPHER_AUTH_FAILED, ret);
+        ret = -(int) mbedtls_ct_uint_if(mbedtls_ct_uint_gt(padlen, 7),
+                                        -MBEDTLS_ERR_CIPHER_AUTH_FAILED, -ret);
         padlen &= 7;
 
         /* Check padding in "constant-time" */

library/rsa.c

diff --git a/library/rsa.c b/library/rsa.c
index a233a8e..0f16a31 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -158,10 +158,12 @@
      * - OUTPUT_TOO_LARGE if the padding is good but the decrypted
      *   plaintext does not fit in the output buffer.
      * - 0 if the padding is correct. */
-    ret = mbedtls_ct_int_if(
+    ret = -(int) mbedtls_ct_uint_if(
         bad,
-        MBEDTLS_ERR_RSA_INVALID_PADDING,
-        mbedtls_ct_int_if_else_0(output_too_large, MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE)
+        (unsigned) (-(MBEDTLS_ERR_RSA_INVALID_PADDING)),
+        mbedtls_ct_uint_if_else_0(
+            output_too_large,
+            (unsigned) (-(MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE)))
         );
 
     /* If the padding is bad or the plaintext is too large, zero the