diff --git a/src/internal.c b/src/internal.c
index 9c574a50c..bda99c84a 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5895,13 +5895,15 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
                                  ssl->keys.aead_enc_imp_IV, AEAD_IMP_IV_SZ);
                     XMEMCPY(nonce + AEAD_IMP_IV_SZ,
                                      ssl->keys.aead_exp_IV, AEAD_EXP_IV_SZ);
-                    wc_AesCcmEncrypt(ssl->encrypt.aes,
+                    ret = wc_AesCcmEncrypt(ssl->encrypt.aes,
                         out + AEAD_EXP_IV_SZ, input + AEAD_EXP_IV_SZ,
                             sz - AEAD_EXP_IV_SZ - ssl->specs.aead_mac_size,
                         nonce, AEAD_NONCE_SZ,
                         out + sz - ssl->specs.aead_mac_size,
                         ssl->specs.aead_mac_size,
                         additional, AEAD_AUTH_DATA_SZ);
+                    if (ret != 0)
+                        return ret;
                     AeadIncrementExpIV(ssl);
                     ForceZero(nonce, AEAD_NONCE_SZ);
                 }
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index 02558fc6b..9487132d0 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -134,13 +134,19 @@ void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
 }
 
 
-void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* nonce, word32 nonceSz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 {
+    /* sanity check on arugments */
+    if (aes == NULL || out == NULL || in == NULL || nonce == NULL
+            || authTag == NULL || nonceSz < 7 || nonceSz > 13)
+        return BAD_FUNC_ARG;
+
     AesCcmEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
                   authIn, authInSz);
+    return 0;
 }
 
 
@@ -3556,7 +3562,8 @@ static INLINE void AesCcmCtrInc(byte* B, word32 lenSz)
 }
 
 
-void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+/* return 0 on success */
+int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                    const byte* nonce, word32 nonceSz,
                    byte* authTag, word32 authTagSz,
                    const byte* authIn, word32 authInSz)
@@ -3575,7 +3582,7 @@ void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
     /* sanity check on arugments */
     if (aes == NULL || out == NULL || in == NULL || nonce == NULL
             || authTag == NULL || nonceSz < 7 || nonceSz > 13)
-        return;
+        return BAD_FUNC_ARG;
 
     #ifdef FREESCALE_MMCAU
         key = (byte*)aes->key;
@@ -3640,6 +3647,8 @@ void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
 
     ForceZero(A, AES_BLOCK_SIZE);
     ForceZero(B, AES_BLOCK_SIZE);
+
+    return 0;
 }
 
 
diff --git a/wolfcrypt/src/port/ti/ti-aes.c b/wolfcrypt/src/port/ti/ti-aes.c
index 91d11a590..857f9c4d7 100644
--- a/wolfcrypt/src/port/ti/ti-aes.c
+++ b/wolfcrypt/src/port/ti/ti-aes.c
@@ -522,12 +522,12 @@ WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz)
     AesAuthSetKey(aes, key, keySz) ;
 }
 
-WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
+WOLFSSL_API int wc_AesCcmEncrypt(Aes* aes, byte* out, const byte* in, word32 inSz,
                               const byte* nonce, word32 nonceSz,
                               byte* authTag, word32 authTagSz,
                               const byte* authIn, word32 authInSz)
 { 
-    AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
+    return AesAuthEncrypt(aes, out, in, inSz, nonce, nonceSz, authTag, authTagSz,
                               authIn, authInSz, AES_CFG_MODE_CCM) ;
 }
 
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 503107bc1..e3e89a73e 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -2955,8 +2955,10 @@ int aesccm_test(void)
 
     wc_AesCcmSetKey(&enc, k, sizeof(k));
     /* AES-CCM encrypt and decrypt both use AES encrypt internally */
-    wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
+    result = wc_AesCcmEncrypt(&enc, c2, p, sizeof(c2), iv, sizeof(iv),
                                                  t2, sizeof(t2), a, sizeof(a));
+    if (result != 0)
+        return -106;
     if (memcmp(c, c2, sizeof(c2)))
         return -107;
     if (memcmp(t, t2, sizeof(t2)))
diff --git a/wolfssl/wolfcrypt/aes.h b/wolfssl/wolfcrypt/aes.h
index 29e18f088..480412a21 100644
--- a/wolfssl/wolfcrypt/aes.h
+++ b/wolfssl/wolfcrypt/aes.h
@@ -166,7 +166,7 @@ WOLFSSL_API int  wc_AesCbcDecrypt(Aes* aes, byte* out,
 #endif /* HAVE_AESGCM */
 #ifdef HAVE_AESCCM
  WOLFSSL_API void wc_AesCcmSetKey(Aes* aes, const byte* key, word32 keySz);
- WOLFSSL_API void wc_AesCcmEncrypt(Aes* aes, byte* out,
+ WOLFSSL_API int  wc_AesCcmEncrypt(Aes* aes, byte* out,
                                    const byte* in, word32 inSz,
                                    const byte* nonce, word32 nonceSz,
                                    byte* authTag, word32 authTagSz,