OCBv3: ocb3_init taglen check

src/encauth/ocb3/ocb3_init.c

@@ -114,9 +114,14 @@ int ocb3_init(ocb3_state *ocb, int cipher,
       return CRYPT_INVALID_ARG;
    }
 
-   /* Make sure taglen isn't too long */
-   if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) {
-      taglen = cipher_descriptor[cipher].block_length;
+   /* The blockcipher must have a 128-bit blocksize */
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* The TAGLEN may be any value up to 128 (bits) */
+   if (taglen > 16) {
+      return CRYPT_INVALID_ARG;
    }
    ocb->tag_len = taglen;
 

src/encauth/ocb3/ocb3_test.c

@@ -215,7 +215,7 @@ int ocb3_test(void)
     }
 
     for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-        len = sizeof(outtag);
+        len = 16; /* must be the same as the required taglen */
         if ((err = ocb3_encrypt_authenticate_memory(idx,
                                                    key, sizeof(key),
                                                    nonce, sizeof(nonce),