NIST Special Publication 800-38C Appendix 1 states that the maximum length of payload is determined by the value of q (which in turn is related to the length of the nonce).
It seems as if this condition wasn't previously enforced which could lead to the block b0 exceeding 16 bytes.
NIST Special Publication 800-38C Appendix 1 states that the maximum length of payload is determined by the value of q (which in turn is related to the length of the nonce).
It seems as if this condition wasn't previously enforced which could lead to the block b0 exceeding 16 bytes.