Improve return value handling

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

library/cipher.c

@@ -759,7 +759,7 @@ static int get_pkcs_padding(unsigned char *input, size_t input_len,
         size_t mask = mbedtls_ct_size_mask_ge(i, pad_idx);
         bad |= (input[i] ^ padding_len) & mask;
     }
-    return (int) mbedtls_ct_uint_if(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
+    return -mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_PKCS7 */
 
@@ -804,7 +804,7 @@ static int get_one_and_zeros_padding(unsigned char *input, size_t input_len,
         in_padding = in_padding & ~is_nonzero;
     }
 
-    return (int) mbedtls_ct_uint_if(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
+    return -mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ONE_AND_ZEROS */
 
@@ -848,7 +848,7 @@ static int get_zeros_and_len_padding(unsigned char *input, size_t input_len,
         bad |= input[i] & mask;
     }
 
-    return (int) mbedtls_ct_uint_if(bad, MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
+    return -mbedtls_ct_uint_if(bad, -MBEDTLS_ERR_CIPHER_INVALID_PADDING, 0);
 }
 #endif /* MBEDTLS_CIPHER_PADDING_ZEROS_AND_LEN */
 

library/nist_kw.c

@@ -421,7 +421,7 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
          * larger than 8, because of the type wrap around.
          */
         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        ret = (int) mbedtls_ct_uint_if(padlen & ~7, MBEDTLS_ERR_CIPHER_AUTH_FAILED, ret);
+        ret = -mbedtls_ct_uint_if(padlen & ~7, -MBEDTLS_ERR_CIPHER_AUTH_FAILED, -ret);
         padlen &= 7;
 
         /* Check padding in "constant-time" */