From 98de51382bd5d4f0ec56d75b37a4671f82c90336 Mon Sep 17 00:00:00 2001
From: radik878 <radikpadik76@gmail.com>
Date: Fri, 23 Jan 2026 15:48:45 +0200
Subject: [PATCH 1/2] fix: align OCB3 decrypt length checks with encrypt

---
 ocb3/src/lib.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ocb3/src/lib.rs b/ocb3/src/lib.rs
index b17338db..0ba84326 100644
--- a/ocb3/src/lib.rs
+++ b/ocb3/src/lib.rs
@@ -286,7 +286,7 @@ where
         buffer: InOutBuf<'_, '_, u8>,
     ) -> aead::Result<aead::Tag<Self>> {
         let max_len = 1 << (L_TABLE_SIZE + 4);
-        if (buffer.len() > max_len) || (associated_data.len() > max_len) {
+        if (buffer.len() >= max_len) || (associated_data.len() >= max_len) {
             return Err(aead::Error);
         }
 

From 4ddb1c0aa604f384cadf1607752ada0d00823f04 Mon Sep 17 00:00:00 2001
From: radik878 <radikpadik76@gmail.com>
Date: Fri, 23 Jan 2026 15:49:00 +0200
Subject: [PATCH 2/2] add test

---
 ocb3/tests/len_check.rs | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ocb3/tests/len_check.rs b/ocb3/tests/len_check.rs
index a1bb20da..2aa7f8be 100644
--- a/ocb3/tests/len_check.rs
+++ b/ocb3/tests/len_check.rs
@@ -22,3 +22,17 @@ fn ocb3_len_check() {
         .encrypt_inout_detached(&nonce, &[], (&mut buf[..MAX_SIZE - 1]).into())
         .unwrap();
 }
+
+#[test]
+fn ocb3_len_check_decrypt() {
+    let key = hex!("000102030405060708090A0B0C0D0E0F").into();
+    let nonce = hex!("BBAA9988776655443322110F").into();
+    let cipher = Ocb3::<Aes128, U12, U16, L_SIZE>::new(&key);
+
+    // Buffer length equal to MAX_SIZE must be rejected with an error, not panic.
+    let mut buf = vec![0u8; MAX_SIZE];
+    let tag = aead::Tag::<Ocb3<Aes128, U12, U16, L_SIZE>>::default();
+    cipher
+        .decrypt_inout_detached(&nonce, &[], (&mut buf[..]).into(), &tag)
+        .unwrap_err();
+}