RFC Errata
RFC 5116, "An Interface and Algorithms for Authenticated Encryption", January 2008
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 5219
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Brian Smith
Date Reported: 2017-12-28
Section 5.1, 5.2 says:
P_MAX is 2^36 - 31 octets
It should say:
P_MAX is 2^36 - 32 octets
Notes:
There is an off-by-one error in the specification of the maximum input size for AES-GCM.
NIST SP-800-38D [1] Section 5.2.1.1 says:
len(P) ≤ 2^39-256
(2^39-256) / 8 = 2^36 - 32
See also RFC 7539 Errata 4858.
[1] http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf