diff --git a/ocb3/src/lib.rs b/ocb3/src/lib.rs
index b17338db..0ba84326 100644
--- a/ocb3/src/lib.rs
+++ b/ocb3/src/lib.rs
@@ -286,7 +286,7 @@ where
         buffer: InOutBuf<'_, '_, u8>,
     ) -> aead::Result<aead::Tag<Self>> {
         let max_len = 1 << (L_TABLE_SIZE + 4);
-        if (buffer.len() > max_len) || (associated_data.len() > max_len) {
+        if (buffer.len() >= max_len) || (associated_data.len() >= max_len) {
             return Err(aead::Error);
         }
 
diff --git a/ocb3/tests/len_check.rs b/ocb3/tests/len_check.rs
index a1bb20da..2aa7f8be 100644
--- a/ocb3/tests/len_check.rs
+++ b/ocb3/tests/len_check.rs
@@ -22,3 +22,17 @@ fn ocb3_len_check() {
         .encrypt_inout_detached(&nonce, &[], (&mut buf[..MAX_SIZE - 1]).into())
         .unwrap();
 }
+
+#[test]
+fn ocb3_len_check_decrypt() {
+    let key = hex!("000102030405060708090A0B0C0D0E0F").into();
+    let nonce = hex!("BBAA9988776655443322110F").into();
+    let cipher = Ocb3::<Aes128, U12, U16, L_SIZE>::new(&key);
+
+    // Buffer length equal to MAX_SIZE must be rejected with an error, not panic.
+    let mut buf = vec![0u8; MAX_SIZE];
+    let tag = aead::Tag::<Ocb3<Aes128, U12, U16, L_SIZE>>::default();
+    cipher
+        .decrypt_inout_detached(&nonce, &[], (&mut buf[..]).into(), &tag)
+        .unwrap_err();
+}