GcmParams ulIvBits being set to 0 causes issues with Thales HSMs

[jaeparker22]

I've read the comment in the code and understand if there is no intent to fix it, but just so it's documented:

If anyone is coming here while working with a Thales Luna HSM 7 using Firmware version 7.8.4 in FIPS mode and are having issues with AES-GCM, the issue may be related to that field being set to 0.

The specific issue I was having was that I was able to encrypt but not decrypt. Presumably this is due to the HSM, when in FIPS mode, not expecting an IV for AES-GCM encryption, as it provides its own, making ulIvLen 0 as well.

Presumably this is due to the cryptoki library Thales operates with being v2.20 rather than 2.40.

[jaeparker22]

I am happy to make the changes to the file to make setting the ulIvBits value optional as well as handling the CK_ULONG exception a bit more gracefully if that's of interest.

[hug-dev]

YEs absolutely, feel free to send a PR, that would be great!