diff --git a/node/AES.cpp b/node/AES.cpp
index 145c786d9..8827d7d86 100644
--- a/node/AES.cpp
+++ b/node/AES.cpp
@@ -514,6 +514,7 @@ void AES::CTR::crypt(const void *const input,unsigned int len) noexcept
 		out += totalLen;
 		_len = (totalLen + len);
 
+#if 0
 		// This is the largest chunk size that will fit in SSE registers with four
 		// registers left over for round key data and temporaries.
 		while (len >= 192) {
@@ -672,8 +673,9 @@ void AES::CTR::crypt(const void *const input,unsigned int len) noexcept
 			len -= 192;
 			out += 192;
 		}
+#endif
 
-		while (_len >= 64) {
+		while (len >= 64) {
 			__m128i d0,d1,d2,d3;
 			if (likely(c1 < 0xfffffffffffffffcULL)) {
 				d0 = _mm_set_epi64x((long long)Utils::hton(c1),(long long)c0);
@@ -699,10 +701,10 @@ void AES::CTR::crypt(const void *const input,unsigned int len) noexcept
 				d1 = _mm_xor_si128(d1,k0);
 				d2 = _mm_xor_si128(d2,k0);
 				d3 = _mm_xor_si128(d3,k0);
-				d0 = _mm_xor_si128(d0,k1);
-				d1 = _mm_xor_si128(d1,k1);
-				d2 = _mm_xor_si128(d2,k1);
-				d3 = _mm_xor_si128(d3,k1);
+				d0 = _mm_aesenc_si128(d0,k1);
+				d1 = _mm_aesenc_si128(d1,k1);
+				d2 = _mm_aesenc_si128(d2,k1);
+				d3 = _mm_aesenc_si128(d3,k1);
 				for (int r=2;r<14;r+=2) {
 					k0 = _aes._k.ni.k[r];
 					k1 = _aes._k.ni.k[r+1];
diff --git a/node/Tests.cpp b/node/Tests.cpp
index 1c8cce932..8f69a8704 100644
--- a/node/Tests.cpp
+++ b/node/Tests.cpp
@@ -77,6 +77,11 @@ static const uint8_t AES_TEST_VECTOR_0_KEY[32] = { 0x60,0x3d,0xeb,0x10,0x15,0xca
 static const uint8_t AES_TEST_VECTOR_0_IN[16] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a };
 static const uint8_t AES_TEST_VECTOR_0_OUT[16] = { 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c,0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 };
 
+static const uint8_t AES_CTR_TEST_VECTOR_0_KEY[32] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe,0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81,0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7,0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 };
+static const uint8_t AES_CTR_TEST_VECTOR_0_IV[16] = { 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7,0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff };
+static const uint8_t AES_CTR_TEST_VECTOR_0_IN[64] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96,0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a,0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c,0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51,0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11,0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef,0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17,0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 };
+static const uint8_t AES_CTR_TEST_VECTOR_0_OUT[64] = { 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5,0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28,0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a,0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5,0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c,0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d,0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6,0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 };
+
 static const uint8_t AES_GMAC_VECTOR_0_KEY[32] = { 0xbb, 0x10, 0x10, 0x06, 0x4f, 0xb8, 0x35, 0x23, 0xea, 0x9d, 0xf3, 0x2b, 0xad, 0x9f, 0x1f, 0x2a, 0x4f, 0xce, 0xfc, 0x0f, 0x21, 0x07, 0xc0, 0xaa, 0xba, 0xd9, 0xb7, 0x56, 0xd8, 0x09, 0x21, 0x9d };
 static const uint8_t AES_GMAC_VECTOR_0_IV[12] = { 0x2f, 0x9a, 0xd0, 0x12, 0xad, 0xfc, 0x12, 0x73, 0x43, 0xfb, 0xe0, 0x56 };
 static const uint8_t AES_GMAC_VECTOR_0_IN[16] = { 0xdb, 0x98, 0xd9, 0x0d, 0x1b, 0x69, 0x5c, 0xdb, 0x74, 0x7a, 0x34, 0x3f, 0xbb, 0xc9, 0xf1, 0x41 };
@@ -514,17 +519,34 @@ extern "C" const char *ZTT_crypto()
 			AES aes(AES_TEST_VECTOR_0_KEY);
 			aes.encrypt(AES_TEST_VECTOR_0_IN,out);
 			if (memcmp(AES_TEST_VECTOR_0_OUT,out,16) != 0) {
-				ZT_T_PRINTF("FAILED (test vector 0) ZT_EOL_S");
+				ZT_T_PRINTF("FAILED (test vector 0)" ZT_EOL_S);
 				return "AES test vector 0 failed";
 			}
 			aes.decrypt(out,out);
 			if (memcmp(AES_TEST_VECTOR_0_IN,out,16) != 0) {
-				ZT_T_PRINTF("FAILED (test vector 0 decrypt) ZT_EOL_S");
+				ZT_T_PRINTF("FAILED (test vector 0 decrypt)" ZT_EOL_S);
 				return "AES test vector 0 decrypt failed";
 			}
 			ZT_T_PRINTF("OK" ZT_EOL_S);
 		}
 
+		{
+			uint8_t out[64];
+			ZT_T_PRINTF("[crypto] Testing AES-CTR (hardware acceleration: %s)... ",AES::accelerated() ? "enabled" : "disabled");
+			{
+				AES aes(AES_CTR_TEST_VECTOR_0_KEY);
+				AES::CTR ctr(aes);
+				ctr.init(AES_CTR_TEST_VECTOR_0_IV,out);
+				ctr.crypt(AES_CTR_TEST_VECTOR_0_IN,64);
+				ctr.finish();
+				if (memcmp(out,AES_CTR_TEST_VECTOR_0_OUT,64) != 0) {
+					ZT_T_PRINTF("FAILED (test vector 0)" ZT_EOL_S);
+					return "AES-CTR test vector 0 failed";
+				}
+			}
+			ZT_T_PRINTF("OK" ZT_EOL_S);
+		}
+
 		{
 			uint8_t tag[16];
 			ZT_T_PRINTF("[crypto] Testing AES-GMAC (hardware acceleration: %s)... ",AES::accelerated() ? "enabled" : "disabled");