commit e74b42832e4af11606ef8aae2c9404b4acaa2c6d
author Gilles Peskine <Gilles.Peskine@arm.com> Sun Jul 27 21:29:40 2025 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Mon Sep 08 12:22:39 2025 +0200
tree 33355a7f84d1e7322ba65b1e1727c5a2a73c3f2f
parent d179dc80a5b13189c79fe4531eacb28698a7a0e9

Return PSA_ERROR_INVALID_PADDING in constant time

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

library/psa_crypto_cipher.c

diff --git a/library/psa_crypto_cipher.c b/library/psa_crypto_cipher.c
index 4443d73..6d0378b 100644
--- a/library/psa_crypto_cipher.c
+++ b/library/psa_crypto_cipher.c
@@ -13,6 +13,7 @@
 #include "psa_crypto_cipher.h"
 #include "psa_crypto_core.h"
 #include "psa_crypto_random_impl.h"
+#include "constant_time_internal.h"
 
 #include "mbedtls/cipher.h"
 #include "mbedtls/error.h"
@@ -583,8 +584,9 @@
     mbedtls_platform_zeroize(temp_output_buffer,
                              sizeof(temp_output_buffer));
 
-    if (status == PSA_SUCCESS && invalid_padding) {
-        status = PSA_ERROR_INVALID_PADDING;
+    if (status == PSA_SUCCESS) {
+        status = mbedtls_ct_size_if_else_0(invalid_padding,
+                                           PSA_ERROR_INVALID_PADDING);
     }
     return status;
 }