From 814d096420b3db3fec651911c4973065a1f5b912 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Tue, 19 Sep 2023 19:45:54 +0100
Subject: [PATCH] Fix error in handling of return value from
 mbedtls_nist_kw_unwrap

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/nist_kw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/library/nist_kw.c b/library/nist_kw.c
index 3de1b6ade..d73e82fe4 100644
--- a/library/nist_kw.c
+++ b/library/nist_kw.c
@@ -421,8 +421,8 @@ int mbedtls_nist_kw_unwrap(mbedtls_nist_kw_context *ctx,
          * larger than 8, because of the type wrap around.
          */
         padlen = in_len - KW_SEMIBLOCK_LENGTH - Plen;
-        ret = -((int) mbedtls_ct_uint_if_else_0(mbedtls_ct_uint_gt(padlen, 7),
-                                                -MBEDTLS_ERR_CIPHER_AUTH_FAILED));
+        ret = -((int) mbedtls_ct_uint_if(mbedtls_ct_uint_gt(padlen, 7),
+                                         -MBEDTLS_ERR_CIPHER_AUTH_FAILED, -ret));
         padlen &= 7;
 
         /* Check padding in "constant-time" */