The routine AES_CCM_inc() keeps propagating the carry from an overflow, which means our implementation fails for large blocks of data.
The following code fragment should address that bug. /*! @brief Increment the CCM CTR, which is variable length, big endian @param counter the counter to increment @param q the number of bytes in the counter */ static void AES_CCM_inc(unsigned char *counter,unsigned q) { int i; for(i = 15; q > 0 ; i--,q--) { counter[i]++; if(0 != counter[i] ) break; } } I'll post a full update to the request tracker when things ease up in my day job. Peter ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org