Fix expected pad size for decrypt operations

src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java

@@ -415,7 +415,12 @@ else if (paddingType == PaddingType.WC_PKCS5) {
                     if (buffered != null && buffered.length > 0) {
                         outSize += buffered.length;
                     }
-                    outSize += Aes.getPKCS7PadSize(outSize, Aes.BLOCK_SIZE);
+                    /* Only add padding size when encrypting. When decrypting,
+                     * the output size should not include padding bytes since
+                     * they will be stripped off during decryption. */
+                    if (this.direction == OpMode.WC_ENCRYPT) {
+                        outSize += Aes.getPKCS7PadSize(outSize, Aes.BLOCK_SIZE);
+                    }
                 }
                 else {
                     throw new IllegalStateException(
@@ -435,7 +440,13 @@ else if (paddingType == PaddingType.WC_PKCS5) {
                     if (buffered != null && buffered.length > 0) {
                         outSize += buffered.length;
                     }
-                    outSize += Des3.getPKCS7PadSize(outSize, Des3.BLOCK_SIZE);
+                    /* Only add padding size when encrypting. When decrypting,
+                     * the output size should not include padding bytes since
+                     * they will be stripped off during decryption. */
+                    if (this.direction == OpMode.WC_ENCRYPT) {
+                        outSize += Des3.getPKCS7PadSize(outSize,
+                            Des3.BLOCK_SIZE);
+                    }
                 }
                 else {
                     throw new IllegalStateException(

src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java

@@ -2421,6 +2421,55 @@ public void testAesGcmGetOutputSize() throws Exception {
         }
     }
 
+    /**
+     * Verify that getOutputSize() in DECRYPT mode does not add pad bytes.
+     */
+    @Test
+    public void testAesEcbPkcs5GetOutputSizeRegression() throws Exception {
+
+        if (!enabledJCEAlgos.contains("AES/ECB/PKCS5Padding")) {
+            /* skip if AES-ECB-PKCS5 is not enabled */
+            return;
+        }
+
+        /* 16-byte AES key */
+        byte[] key = new byte[] {
+            (byte)0x30, (byte)0x31, (byte)0x32, (byte)0x33,
+            (byte)0x34, (byte)0x35, (byte)0x36, (byte)0x37,
+            (byte)0x38, (byte)0x39, (byte)0x61, (byte)0x62,
+            (byte)0x63, (byte)0x64, (byte)0x65, (byte)0x66
+        };
+
+        SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
+        Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", jceProvider);
+
+        /* Test ENCRYPT mode - should add padding bytes to output size */
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec);
+
+        /* For 16-byte input with PKCS5 padding, output should be 32 bytes
+         * (16 bytes input + 16 bytes padding) */
+        assertEquals("ENCRYPT mode output size should include padding bytes",
+            32, cipher.getOutputSize(16));
+
+        /* For 17-byte input with PKCS5 padding, output should be 32 bytes
+         * (17 bytes input + 15 bytes padding) */
+        assertEquals("ENCRYPT mode output size should include padding bytes",
+            32, cipher.getOutputSize(17));
+
+        /* Test DECRYPT mode - should NOT add padding bytes to output size */
+        cipher.init(Cipher.DECRYPT_MODE, keySpec);
+
+        /* For 16-byte input in DECRYPT mode, output should be 16 bytes
+         * (padding will be stripped off) */
+        assertEquals("DECRYPT mode output size shouldn't include padding bytes",
+            16, cipher.getOutputSize(16));
+
+        /* For 32-byte input in DECRYPT mode, output should be 32 bytes
+         * (padding will be stripped off) */
+        assertEquals("DECRYPT mode output size shouldn't include padding bytes",
+            32, cipher.getOutputSize(32));
+    }
+
     /**
      * AES-GCM decrypt failure should throw AEADBadTagException instead
      * of generic exception.