diff --git a/src/crypto.c b/src/crypto.c
index ecf35f7d..85de78f3 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -365,11 +365,17 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
 	uint8_t iv[16];
 	uint8_t v[16];
 
+	if (in_len < 16)
+		return false;
+
 	memcpy(iov, ad, sizeof(iov) * num_ad);
 	iov[num_ad].iov_base = (void *)out;
 	iov[num_ad].iov_len = in_len - 16;
 	num_ad++;
 
+	if (in_len == 16)
+		goto check_cmac;
+
 	memcpy(iv, in, 16);
 
 	iv[8] &= 0x7f;
@@ -387,6 +393,7 @@ bool aes_siv_decrypt(const uint8_t *key, size_t key_len, const uint8_t *in,
 
 	l_cipher_free(ctr);
 
+check_cmac:
 	cmac = l_checksum_new_cmac_aes(key, key_len / 2);
 	if (!cmac)
 		return false;