From 3ecd18763b396988f793f18c8de6994233ad5ae1 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Thu, 3 Aug 2017 13:40:57 +0200
Subject: [PATCH] OCBv3: better taglen limitation

---
 src/encauth/ocb3/ocb3_decrypt_verify_memory.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/encauth/ocb3/ocb3_decrypt_verify_memory.c b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c
index 486168d..066b62c 100644
--- a/src/encauth/ocb3/ocb3_decrypt_verify_memory.c
+++ b/src/encauth/ocb3/ocb3_decrypt_verify_memory.c
@@ -51,8 +51,11 @@ int ocb3_decrypt_verify_memory(int cipher,
    /* default to zero */
    *stat = 0;
 
+   /* limit taglen */
+   taglen = MIN(taglen, MAXBLOCKSIZE);
+
    /* allocate memory */
-   buf = XMALLOC(MIN(taglen, MAXBLOCKSIZE));
+   buf = XMALLOC(taglen);
    ocb = XMALLOC(sizeof(ocb3_state));
    if (ocb == NULL || buf == NULL) {
       if (ocb != NULL) {