mirror of
https://github.com/espressif/mbedtls.git
synced 2025-07-15 02:16:03 +08:00
652ea21737
Previously, we were checking if the last padding byte was in the range 1-16 and returning early if not. This was to prevent an integer overflow in the output length. Instead, do the checks in constant-time and conditionally set the output length based on whether the padding is correct or not, preventing both the side-channel and the integer overflow. Signed-off-by: David Horstmann <david.horstmann@arm.com>