When the application message payload is encrypted with any variant
of DES, the length of the ciphertext has to be a multiple of 8 bytes
- hence if the plaintext length is not a multiple of 8 bytes, the
plaintext needs to be padded.
If the ciphertext is already aligned, the current logic would append
8 redundant padding octets. The resulting encrypted message should
be considered malformed per standard specs, but sysmoUSIM-SJS1 cards
are liberal in what they accept in this instance thus the bug went
unnoticed. The newer sysmoISIM-SJA2 cards do not accept such
malformed messages with invalid padding.
This bug was discovered and reported by the Mother Mychaela, see:
https://lists.osmocom.org/pipermail/openbsc/2021-February/013414.html