From 51c15309f296570ebf931ebbdee7bc68c1f58ee6 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 19 Sep 2023 17:09:13 +0100
Subject: [PATCH] Make padlen check const-time

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/nist_kw.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/library/nist_kw.c b/library/nist_kw.c
index 15b5bc0f9d..3de1b6ade0 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -421,10 +421,9 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
          * larger than 8, because of the type wrap around.
          */
         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        if (padlen > 7) {
-            padlen &= 7;
-            ret = MBEDTLS_ERR_CIPHER_AUTH_FAILED;
-        }
+        ret = -((int) mbedtls_ct_uint_if_else_0(mbedtls_ct_uint_gt(padlen, 7),
+                                                -MBEDTLS_ERR_CIPHER_AUTH_FAILED));
+        padlen &= 7;
 
         /* Check padding in "constant-time" */
         const uint8_t zero[KW_SEMIBLOCK_LENGTH] = { 0 };