diff --git a/include/polarssl/cipher.h b/include/polarssl/cipher.h
index 8aa8cb090..48fe97dab 100644
--- a/include/polarssl/cipher.h
+++ b/include/polarssl/cipher.h
@@ -104,6 +104,10 @@ typedef enum {
     POLARSSL_MODE_STREAM,
 } cipher_mode_t;
 
+typedef enum {
+    POLARSSL_PADDING_PKCS7 = 0,     /**< PKCS7 padding (default) */
+} cipher_padding_t;
+
 typedef enum {
     POLARSSL_OPERATION_NONE = -1,
     POLARSSL_DECRYPT = 0,
@@ -398,6 +402,18 @@ static inline operation_t cipher_get_operation( const cipher_context_t *ctx )
 int cipher_setkey( cipher_context_t *ctx, const unsigned char *key, int key_length,
         const operation_t operation );
 
+/**
+ * \brief               Set padding mode, for cipher modes that use padding.
+ *                      (Default: PKCS7 padding.)
+ *
+ * \param ctx           generic cipher context
+ * \param mode          padding mode
+ *
+ * \returns             0 on success, POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+ *                      if parameters verification fails.
+ */
+int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode );
+
 /**
  * \brief               Reset the given context, setting the IV to iv
  *
diff --git a/library/cipher.c b/library/cipher.c
index 2a2d78299..d2c8ab373 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -368,6 +368,18 @@ int cipher_setkey( cipher_context_t *ctx, const unsigned char *key,
     return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
 }
 
+int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
+{
+    if( NULL == ctx ||
+        POLARSSL_MODE_CBC != ctx->cipher_info->mode ||
+        POLARSSL_PADDING_PKCS7 != mode )
+    {
+        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+    }
+
+    return 0;
+}
+
 int cipher_reset( cipher_context_t *ctx, const unsigned char *iv )
 {
     if( NULL == ctx || NULL == ctx->cipher_info || NULL == iv )
diff --git a/tests/.gitignore b/tests/.gitignore
index 084f664cc..0d59058dc 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -1,2 +1,2 @@
-test_suite*
+/test_suite*
 data_files/mpi_write
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 7c01f392c..17d31e951 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -44,6 +44,7 @@ add_test_suite(cipher cipher.blowfish)
 add_test_suite(cipher cipher.camellia)
 add_test_suite(cipher cipher.des)
 add_test_suite(cipher cipher.null)
+add_test_suite(cipher cipher.padding)
 add_test_suite(ctr_drbg)
 add_test_suite(debug)
 add_test_suite(des)
diff --git a/tests/Makefile b/tests/Makefile
index 243563487..b78062c55 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -30,6 +30,7 @@ APPS =	test_suite_aes.ecb		test_suite_aes.cbc		\
 		test_suite_cipher.blowfish						\
 		test_suite_cipher.camellia						\
 		test_suite_cipher.des	test_suite_cipher.null	\
+		test_suite_cipher.padding						\
 		test_suite_ctr_drbg		test_suite_debug		\
 		test_suite_des			test_suite_dhm			\
 		test_suite_ecdh			test_suite_ecdsa		\
@@ -89,6 +90,10 @@ test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_c
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null
 
+test_suite_cipher.padding.c : suites/test_suite_cipher.function suites/test_suite_cipher.padding.data scripts/generate_code.pl suites/helpers.function
+	echo   "  Generate	$@"
+	scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.padding
+
 test_suite_gcm.decrypt_128.c : suites/test_suite_gcm.function suites/test_suite_gcm.decrypt_128.data scripts/generate_code.pl suites/helpers.function
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.decrypt_128
@@ -169,6 +174,10 @@ test_suite_cipher.null: test_suite_cipher.null.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
 
+test_suite_cipher.padding: test_suite_cipher.padding.c ../library/libpolarssl.a
+	echo   "  CC    	$@.c"
+	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
+
 test_suite_ctr_drbg: test_suite_ctr_drbg.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index b7115d977..3024623dc 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -252,6 +252,19 @@ enc_dec_buf_multipart:cipher_id:key_len:first_length:second_length:
     TEST_ASSERT( 0 == cipher_free_ctx( &ctx_enc ) );
 END_CASE
 
+BEGIN_CASE
+set_padding:cipher_id:pad_mode:ret:
+    const cipher_info_t *cipher_info;
+    cipher_context_t ctx;
+
+    cipher_info = cipher_info_from_type( {cipher_id} );
+    TEST_ASSERT( NULL != cipher_info );
+    TEST_ASSERT( 0 == cipher_init_ctx( &ctx, cipher_info ) );
+
+    TEST_ASSERT( {ret} == cipher_set_padding_mode( &ctx, {pad_mode} ) );
+
+    TEST_ASSERT( 0 == cipher_free_ctx( &ctx ) );
+END_CASE
 
 BEGIN_CASE
 cipher_selftest:
diff --git a/tests/suites/test_suite_cipher.padding.data b/tests/suites/test_suite_cipher.padding.data
new file mode 100644
index 000000000..3ed6adefa
--- /dev/null
+++ b/tests/suites/test_suite_cipher.padding.data
@@ -0,0 +1,59 @@
+Set padding with AES-CBC
+depends_on:POLARSSL_AES_C
+set_padding:POLARSSL_CIPHER_AES_128_CBC:POLARSSL_PADDING_PKCS7:0
+
+Set padding with AES-CFB
+depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CFB
+set_padding:POLARSSL_CIPHER_AES_128_CFB128:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with AES-CTR
+depends_on:POLARSSL_AES_C:POLARSSL_CIPHER_MODE_CTR
+set_padding:POLARSSL_CIPHER_AES_128_CTR:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with CAMELLIA-CBC
+depends_on:POLARSSL_CAMELLIA_C
+set_padding:POLARSSL_CIPHER_CAMELLIA_128_CBC:POLARSSL_PADDING_PKCS7:0
+
+Set padding with CAMELLIA-CFB
+depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CIPHER_MODE_CFB
+set_padding:POLARSSL_CIPHER_CAMELLIA_128_CFB128:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with CAMELLIA-CTR
+depends_on:POLARSSL_CAMELLIA_C:POLARSSL_CIPHER_MODE_CTR
+set_padding:POLARSSL_CIPHER_CAMELLIA_128_CTR:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with DES-CBC
+depends_on:POLARSSL_DES_C
+set_padding:POLARSSL_CIPHER_DES_CBC:POLARSSL_PADDING_PKCS7:0
+
+Set padding with BLOWFISH-CBC
+depends_on:POLARSSL_BLOWFISH_C
+set_padding:POLARSSL_CIPHER_BLOWFISH_CBC:POLARSSL_PADDING_PKCS7:0
+
+Set padding with BLOWFISH-CFB
+depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CFB
+set_padding:POLARSSL_CIPHER_BLOWFISH_CFB64:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with BLOWFISH-CTR
+depends_on:POLARSSL_BLOWFISH_C:POLARSSL_CIPHER_MODE_CTR
+set_padding:POLARSSL_CIPHER_BLOWFISH_CTR:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set padding with NULL
+depends_on:POLARSSL_CIPHER_NULL_CIPHER
+set_padding:POLARSSL_CIPHER_NULL:POLARSSL_PADDING_PKCS7:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set non-existent padding with AES-CBC
+depends_on:POLARSSL_AES_C
+set_padding:POLARSSL_CIPHER_AES_128_CBC:-1:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set non-existent padding with CAMELLIA-CBC
+depends_on:POLARSSL_CAMELLIA_C
+set_padding:POLARSSL_CIPHER_CAMELLIA_128_CBC:-1:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set non-existent padding with DES-CBC
+depends_on:POLARSSL_DES_C
+set_padding:POLARSSL_CIPHER_DES_CBC:-1:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA
+
+Set non-existent padding with BLOWFISH-CBC
+depends_on:POLARSSL_BLOWFISH_C
+set_padding:POLARSSL_CIPHER_BLOWFISH_CBC:-1:POLARSSL_ERR_CIPHER_BAD_INPUT_DATA