diff --git a/src/internal.c b/src/internal.c
index 4a276c6e3..9d6b30d73 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -20931,7 +20931,6 @@ int SendCertificateVerify(WOLFSSL* ssl)
                     NULL
             #endif
                 );
-                ssl->buffers.sig.length = (unsigned int)args->sigSz;
             }
         #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */
         #ifndef NO_RSA
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index a4f3d08cd..37356a7f0 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -6061,7 +6061,8 @@ int wc_AesGcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
                                (byte*)aes->reg, ivOutSz,
                                authTag, authTagSz,
                                authIn, authInSz);
-        IncCtr((byte*)aes->reg, ivOutSz);
+        if (ret == 0)
+            IncCtr((byte*)aes->reg, ivOutSz);
     }
 
     return ret;
@@ -6534,8 +6535,10 @@ int wc_AesCcmEncrypt_ex(Aes* aes, byte* out, const byte* in, word32 sz,
                                (byte*)aes->reg, aes->nonceSz,
                                authTag, authTagSz,
                                authIn, authInSz);
-        XMEMCPY(ivOut, aes->reg, aes->nonceSz);
-        IncCtr((byte*)aes->reg, aes->nonceSz);
+        if (ret == 0) {
+            XMEMCPY(ivOut, aes->reg, aes->nonceSz);
+            IncCtr((byte*)aes->reg, aes->nonceSz);
+        }
     }
 
     return ret;