diff --git a/lrzip.c b/lrzip.c
index d491dcd..9d49d0d 100644
--- a/lrzip.c
+++ b/lrzip.c
@@ -837,8 +837,7 @@ next_chunk:
 		} while (last_head);
 		++stream;
 	}
-	if (ENCRYPT && c_len % CBC_LEN)
-		c_len += CBC_LEN - (c_len % CBC_LEN);
+	c_len = CBC_PADDED(c_len);
 	if (unlikely((ofs = lseek(fd_in, c_len, SEEK_CUR)) == -1))
 		fatal("Failed to lseek c_len in get_fileinfo\n");
 	/* Chunk byte entry */
diff --git a/lrzip_private.h b/lrzip_private.h
index 080d8a7..aeb6f8f 100644
--- a/lrzip_private.h
+++ b/lrzip_private.h
@@ -141,6 +141,9 @@ typedef struct md5_ctx md5_ctx;
 #define SALT_LEN 16
 #define CBC_LEN 16
 
+#define CBC_PAD(LEN)	((LEN % CBC_LEN) ? (CBC_LEN - (LEN % CBC_LEN)) : 0)
+#define CBC_PADDED(LEN)	(ENCRYPT ? (LEN) + CBC_PAD(LEN) : (LEN))
+
 /* Needs to be less than 31 bits and page aligned on 32 bits */
 #define two_gig ((1ull << 31) - 4096)
 
diff --git a/stream.c b/stream.c
index 41e5840..5b8ce10 100644
--- a/stream.c
+++ b/stream.c
@@ -58,8 +58,6 @@
 
 #define STREAM_BUFSIZE (1024 * 1024 * 10)
 
-#define CBC_PAD(LEN)	((LEN % CBC_LEN) ? (CBC_LEN - (LEN % CBC_LEN)) : 0)
-
 static struct compress_thread{
 	uchar *s_buf;	/* Uncompressed buffer -> Compressed buffer */
 	uchar c_type;	/* Compression type */
@@ -1299,7 +1297,7 @@ static void clear_buffer(rzip_control *control, struct stream_info *sinfo, int s
 		/* The stream buffer has been given to the thread, allocate a
 		 * new one. Allocate slightly more in case we need padding for
 		 * encryption */
-		sinfo->s[streamno].buf = malloc(sinfo->bufsize + CBC_PAD(sinfo->bufsize));
+		sinfo->s[streamno].buf = malloc(CBC_PADDED(sinfo->bufsize));
 		if (unlikely(!sinfo->s[streamno].buf))
 			fatal("Unable to malloc buffer of size %lld in flush_buffer\n", sinfo->bufsize);
 		sinfo->s[streamno].buflen = 0;
@@ -1424,17 +1422,14 @@ fill_another:
 
 	fsync(control->fd_out);
 
-	s_buf = malloc(c_len + CBC_PAD(c_len));
+	s_buf = malloc(CBC_PADDED(c_len));
 	if (unlikely(c_len && !s_buf))
 		fatal("Unable to malloc buffer of size %lld in fill_buffer\n", c_len);
 	sinfo->ram_alloced += c_len;
 
 	/* If the data was encrypted, we need to read the padded data
-	* at the end and then discard it once it's decrypted */
-	if (ENCRYPT)
-		padded_len = c_len +  CBC_PAD(c_len);
-	else
-		padded_len = c_len;
+	 * at the end and then discard it once it's decrypted */
+	padded_len = CBC_PADDED(c_len);
 
 	if (unlikely(read_buf(control, sinfo->fd, s_buf, padded_len)))
 		return -1;