diff --git a/src/internal.c b/src/internal.c
index bda99c84a..9321a840e 100644
--- a/src/internal.c
+++ b/src/internal.c
@@ -5857,8 +5857,7 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
                                  out + sz - ssl->specs.aead_mac_size,
                                  ssl->specs.aead_mac_size,
                                  additional, AEAD_AUTH_DATA_SZ);
-                    if (ret == 0)
-                        AeadIncrementExpIV(ssl);
+                    AeadIncrementExpIV(ssl);
                     ForceZero(nonce, AEAD_NONCE_SZ);
                 }
                 break;
@@ -5902,8 +5901,6 @@ static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz)
                         out + sz - ssl->specs.aead_mac_size,
                         ssl->specs.aead_mac_size,
                         additional, AEAD_AUTH_DATA_SZ);
-                    if (ret != 0)
-                        return ret;
                     AeadIncrementExpIV(ssl);
                     ForceZero(nonce, AEAD_NONCE_SZ);
                 }
diff --git a/wolfcrypt/src/integer.c b/wolfcrypt/src/integer.c
index 49b3fe195..fa967a6ef 100644
--- a/wolfcrypt/src/integer.c
+++ b/wolfcrypt/src/integer.c
@@ -989,6 +989,12 @@ top:
       goto LBL_ERR;
     }
   }
+  /* too big */
+  while (mp_cmp_mag(&D, b) != MP_LT) {
+      if ((res = mp_sub(&D, b, &D)) != MP_OKAY) {
+         goto LBL_ERR;
+      }
+  }
   mp_exch (&D, c);
   c->sign = neg;
   res = MP_OKAY;
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index 18de2e6d3..6963ed022 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -950,6 +950,10 @@ top:
   while (D.sign == FP_NEG) {
     fp_add (&D, b, &D);
   }
+  /* too big */
+  while (fp_cmp_mag(&D, b) != FP_LT) {
+    fp_sub(&D, b, &D);
+  }
   fp_copy (&D, c);
   c->sign = neg;
   return FP_OKAY;