From c1a17f5458d283aea82aef5f5e2353bc37eed060 Mon Sep 17 00:00:00 2001
From: Dave Rodgman <dave.rodgman@arm.com>
Date: Wed, 20 Sep 2023 14:54:29 +0100
Subject: [PATCH] CT fix for get_zeros_padding

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
---
 library/cipher.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/library/cipher.c b/library/cipher.c
index 6853fb82b2..5470dcfac0 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -879,7 +879,8 @@ static int get_zeros_padding(unsigned char *input, size_t input_len,
     for (i = input_len; i > 0; i--) {
         prev_done = done;
         done |= (input[i-1] != 0);
-        *data_len |= i * (done != prev_done);
+        size_t mask = mbedtls_ct_size_mask(done ^ prev_done);
+        *data_len |= i & mask;
     }
 
     return 0;