Switch legacy cipher to constant-time invalid padding reporting In internal `get_padding` functions, report whether the padding was invalid through a separate output parameter, rather than the return code. Take advantage of this to have `mbedtls_cipher_finish_padded()` be the easy path that just passes the `invalid_padding` through. Make `mbedtls_cipher_finish()` a wrapper around `mbedtls_cipher_finish_padded()` that converts the invalid-padding output into an error code. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

commit: 6cb9f35d8c84d6b3d92e2071a31fb6b183da949f [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Sun Jul 27 21:22:39 2025 +0200
committer: Gilles Peskine <Gilles.Peskine@arm.com> Fri Aug 08 15:14:47 2025 +0200
tree: e3f7edcf1e08b292bce4aa263a48a80589259d04
parent: 155de2ab775e77ab6fa81bf2b1e6e63768123bc1 [diff] [blame]
diff --git a/library/cipher_invasive.h b/library/cipher_invasive.h
index 702f8f7..e82a0a7 100644
--- a/library/cipher_invasive.h
+++ b/library/cipher_invasive.h

@@ -20,7 +20,8 @@
 
 MBEDTLS_STATIC_TESTABLE int mbedtls_get_pkcs_padding(unsigned char *input,
                                                      size_t input_len,
-                                                     size_t *data_len);
+                                                     size_t *data_len,
+                                                     size_t *invalid_padding);
 
 #endif
commit	6cb9f35d8c84d6b3d92e2071a31fb6b183da949f	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Sun Jul 27 21:22:39 2025 +0200
committer	Gilles Peskine <Gilles.Peskine@arm.com>	Fri Aug 08 15:14:47 2025 +0200
tree	e3f7edcf1e08b292bce4aa263a48a80589259d04
parent	155de2ab775e77ab6fa81bf2b1e6e63768123bc1 [diff] [blame]