diff --git a/src/encauth/ocb3/ocb3_init.c b/src/encauth/ocb3/ocb3_init.c
index e89cd24..8e0e914 100644
--- a/src/encauth/ocb3/ocb3_init.c
+++ b/src/encauth/ocb3/ocb3_init.c
@@ -114,9 +114,14 @@ int ocb3_init(ocb3_state *ocb, int cipher,
       return CRYPT_INVALID_ARG;
    }
 
-   /* Make sure taglen isn't too long */
-   if (taglen > (unsigned long)cipher_descriptor[cipher].block_length) {
-      taglen = cipher_descriptor[cipher].block_length;
+   /* The blockcipher must have a 128-bit blocksize */
+   if (cipher_descriptor[cipher].block_length != 16) {
+      return CRYPT_INVALID_ARG;
+   }
+
+   /* The TAGLEN may be any value up to 128 (bits) */
+   if (taglen > 16) {
+      return CRYPT_INVALID_ARG;
    }
    ocb->tag_len = taglen;
 
diff --git a/src/encauth/ocb3/ocb3_test.c b/src/encauth/ocb3/ocb3_test.c
index a465b7f..bd30144 100644
--- a/src/encauth/ocb3/ocb3_test.c
+++ b/src/encauth/ocb3/ocb3_test.c
@@ -215,7 +215,7 @@ int ocb3_test(void)
     }
 
     for (x = 0; x < (int)(sizeof(tests)/sizeof(tests[0])); x++) {
-        len = sizeof(outtag);
+        len = 16; /* must be the same as the required taglen */
         if ((err = ocb3_encrypt_authenticate_memory(idx,
                                                    key, sizeof(key),
                                                    nonce, sizeof(nonce),