Cherry-pick from main of eeaa6ccc294530780a2d6b824040fbb85b3d7b98
The previous code used a plaintext buffer that was 16 bytes smaller than the ciphertext buffer, because the ciphertext was known to include a 16-byte tag. However at least SoftHSM requires the plaintext buffer to be at least as big as the ciphertext buffer. So this commit makes it so.
Cherry-pick from main of eeaa6ccc294530780a2d6b824040fbb85b3d7b98
The previous code used a plaintext buffer that was 16 bytes smaller than the ciphertext buffer, because the ciphertext was known to include a 16-byte tag. However at least SoftHSM requires the plaintext buffer to be at least as big as the ciphertext buffer. So this commit makes it so.
Fixes #486