diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 5742fe59be..6cabebb2fe 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -193,6 +193,21 @@
 #define POLARSSL_CIPHER_NULL_CIPHER
  */
 
+/**
+ * \def POLARSSL_CIPHER_PADDING_XXX
+ *
+ * Uncomment or comment macros to add support for specific padding modes
+ * in the cipher layer with cipher modes that support padding (e.g. CBC)
+ *
+ * If you disable all padding modes, only full blocks can be used with CBC.
+ *
+ * Enable padding modes in the cipher layer.
+ */
+#define POLARSSL_CIPHER_PADDING_PKCS7
+#define POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS
+#define POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN
+#define POLARSSL_CIPHER_PADDING_ZEROS
+
 /**
  * \def POLARSSL_ENABLE_WEAK_CIPHERSUITES
  *
diff --git a/library/cipher.c b/library/cipher.c
index f023364d59..826d8fcd2e 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -326,7 +326,11 @@ int cipher_init_ctx( cipher_context_t *ctx, const cipher_info_t *cipher_info )
     /*
      * Ignore possible errors caused by a cipher mode that doesn't use padding
      */
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
     (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_PKCS7 );
+#else
+    (void) cipher_set_padding_mode( ctx, POLARSSL_PADDING_NONE );
+#endif
 
     return 0;
 }
@@ -526,6 +530,7 @@ int cipher_update( cipher_context_t *ctx, const unsigned char *input, size_t ile
     return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
 }
 
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
 /*
  * PKCS7 (and PKCS5) padding: fill with ll bytes, with ll = padding_len
  */
@@ -560,7 +565,9 @@ static int get_pkcs_padding( unsigned char *input, size_t input_len,
 
     return 0;
 }
+#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
 
+#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
 /*
  * One and zeros padding: fill with 80 00 ... 00
  */
@@ -593,7 +600,9 @@ static int get_one_and_zeros_padding( unsigned char *input, size_t input_len,
 
     return 0;
 }
+#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
 
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
 /*
  * Zeros and len padding: fill with 00 ... 00 ll, where ll is padding length
  */
@@ -629,7 +638,9 @@ static int get_zeros_and_len_padding( unsigned char *input, size_t input_len,
 
     return 0;
 }
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
 
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
 /*
  * Zero padding: fill with 00 ... 00
  */
@@ -656,6 +667,7 @@ static int get_zeros_padding( unsigned char *input, size_t input_len,
 
     return 0;
 }
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
 
 /*
  * No padding: don't pad :)
@@ -749,33 +761,37 @@ int cipher_set_padding_mode( cipher_context_t *ctx, cipher_padding_t mode )
 
     switch( mode )
     {
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
     case POLARSSL_PADDING_PKCS7:
         ctx->add_padding = add_pkcs_padding;
         ctx->get_padding = get_pkcs_padding;
         break;
-
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
     case POLARSSL_PADDING_ONE_AND_ZEROS:
         ctx->add_padding = add_one_and_zeros_padding;
         ctx->get_padding = get_one_and_zeros_padding;
         break;
-
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
     case POLARSSL_PADDING_ZEROS_AND_LEN:
         ctx->add_padding = add_zeros_and_len_padding;
         ctx->get_padding = get_zeros_and_len_padding;
         break;
-
+#endif
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
     case POLARSSL_PADDING_ZEROS:
         ctx->add_padding = add_zeros_padding;
         ctx->get_padding = get_zeros_padding;
         break;
-
+#endif
     case POLARSSL_PADDING_NONE:
         ctx->add_padding = NULL;
         ctx->get_padding = get_no_padding;
         break;
 
     default:
-        return POLARSSL_ERR_CIPHER_BAD_INPUT_DATA;
+        return POLARSSL_ERR_CIPHER_FEATURE_UNAVAILABLE;
     }
 
     return 0;