1 files changed, 3 insertions, 13 deletions

diff --git a/lib/ncrypto_local.c b/lib/ncrypto_local.c
index 1e88d2a..da1ccab 100644
--- a/lib/ncrypto_local.c
+++ b/lib/ncrypto_local.c
@@ -466,7 +466,6 @@ struct ncr_symm_cipher_session
 {
   EVP_CIPHER_CTX ctx;
   CK_MECHANISM_TYPE mech;
-  size_t padding_size;		/* Additional space to reserve for padding */
   bool encrypting;
   /* Debugging only */
   enum { NSCS_NEW, NSCS_INITIALIZED, NSCS_UPDATED, NSCS_FINISHED } state;
@@ -508,7 +507,6 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt,
 		  size_t param_size)
 {
   const EVP_CIPHER *type;
-  bool padding;
 
   g_return_val_if_fail (sess != NULL, CKR_SESSION_HANDLE_INVALID);
   g_return_val_if_fail (sess->state == NSCS_NEW || sess->state == NSCS_FINISHED,
@@ -536,15 +534,12 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt,
       g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT);
       g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID);
       AES_SWITCH (ecb);
-      padding = false;
       break;
 
     case CKM_AES_CBC:
-    case CKM_AES_CBC_PAD:
       g_return_val_if_fail (key->type == CKK_AES, CKR_KEY_TYPE_INCONSISTENT);
       g_return_val_if_fail (param_size == 16, CKR_MECHANISM_PARAM_INVALID);
       AES_SWITCH (cbc);
-      padding = sess->mech == CKM_AES_CBC_PAD;
       break;
 #undef AES_ENTRY
 
@@ -553,16 +548,13 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt,
       g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE);
       g_return_val_if_fail (param_size == 0, CKR_MECHANISM_PARAM_INVALID);
       type = EVP_des_ede3 ();
-      padding = false;
       break;
 
     case CKM_DES3_CBC:
-    case CKM_DES3_CBC_PAD:
       g_return_val_if_fail (key->type == CKK_DES3, CKR_KEY_TYPE_INCONSISTENT);
       g_return_val_if_fail (key->size == 24, CKR_KEY_SIZE_RANGE);
       g_return_val_if_fail (param_size == 8, CKR_MECHANISM_PARAM_INVALID);
       type = EVP_des_ede3_cbc ();
-      padding = sess->mech == CKM_DES3_CBC_PAD;
       break;
 
     default:
@@ -572,10 +564,9 @@ symm_cipher_init (struct ncr_symm_cipher_session *sess, bool encrypt,
   if (EVP_CipherInit_ex (&sess->ctx, type, NULL, key->value,
 			 param_size != 0 ? param : NULL, encrypt ? 1 : 0) == 0)
     return ckr_openssl ();
-  if (!padding && EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0)
+  if (EVP_CIPHER_CTX_set_padding (&sess->ctx, 0) == 0)
     return ckr_openssl ();
 
-  sess->padding_size = padding ? EVP_CIPHER_block_size (type) : 0;
   sess->encrypting = encrypt;
   sess->state = NSCS_INITIALIZED;
   return CKR_OK;
@@ -598,7 +589,7 @@ symm_cipher_update (struct ncr_symm_cipher_session *sess, bool encrypt,
 
   if (dest == NULL)
     {
-      *dest_size_ptr = src_size + sess->padding_size;
+      *dest_size_ptr = src_size;
       return CKR_OK;
     }
   if (*dest_size_ptr < src_size) /* FIXME? this does not handle partial data */
@@ -634,10 +625,9 @@ do_symm_cipher_update_final (struct ncr_symm_cipher_session *sess,
 
   if (dest == NULL)
     {
-      *dest_size_ptr = src_size + sess->padding_size;
+      *dest_size_ptr = src_size;
       return CKR_OK;
     }
-  /* FIXME? this does not handle partial data or padding. */
   if (*dest_size_ptr < src_size)
     {
       *dest_size_ptr = src_size;