Hi, On 07/08/2019 10:15, Pascal Van Leeuwen wrote: > I went through the code a couple of times, but I cannot spot any mistakes in > the lengths I'm using. Is it possible that your application is supplying a > buffer that is just not large enough? Seems there is no mistake in your code, it is some bug in aesni_intel implementation. If I disable this module, it works as expected (with aes generic and aes_i586). Seems something is rewritten in call crypto_skcipher_encrypt(subreq); (after that call, I see rctx->rem_bytes set to 32, that does not make sense...) I'll check that, but not sure that understand that optimized code :) Milan