Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 5116, "An Interface and Algorithms for Authenticated Encryption", January 2008

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec

---

Errata ID: 5219
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Brian Smith
Date Reported: 2017-12-28

Section 5.1, 5.2 says:

P_MAX is 2^36 - 31 octets

It should say:

P_MAX is 2^36 - 32 octets

Notes:

There is an off-by-one error in the specification of the maximum input size for AES-GCM.

NIST SP-800-38D [1] Section 5.2.1.1 says:

len(P) ≤ 2^39-256


(2^39-256) / 8 = 2^36 - 32

See also RFC 7539 Errata 4858.

[1] http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf

Report New Errata