mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2026-03-20 19:21:09 +01:00
155de2ab77
New function `mbedtls_cipher_finish_padded()`, similar to `mbedtls_cipher_finish()`, but reporting padding errors through a separate output parameter. This makes it easier to avoid leaking the presence of a padding error, especially through timing. Thus the new function is recommended to defend against padding oracle attacks. In this commit, implement this function naively, with timing that depends on whether an error happened. A subsequent commit will make this function constant-time. Copy the test decrypt_test_vec and decrypt_test_vec_cf test cases into variants that call `mbedtls_cipher_finish_padded()`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>