diff --git a/src/post_modules/Nettle/cipher.cmod b/src/post_modules/Nettle/cipher.cmod
index dd65623b633754e2298f65de3c707ecad917c201..053d7f8c69cd6d91de4ac58ab046b9b2654ce139 100644
--- a/src/post_modules/Nettle/cipher.cmod
+++ b/src/post_modules/Nettle/cipher.cmod
@@ -2154,7 +2154,7 @@ PIKECLASS BlockCipher16
 	      memxor(buf[1]+2, ptr, asize);
 	      asize = 0;
 	    } else {
-	      memxor(buf[1], ptr, 14);
+	      memxor(buf[1]+2, ptr, 14);
 	      ptr += 14;
 	      asize -= 14;
 	    }
diff --git a/src/post_modules/Nettle/testsuite.in b/src/post_modules/Nettle/testsuite.in
index 581efd33edce0fadbe903a3c958b935128f08feb..d01d416b635525c47feb510da7bcc04976a333f1 100644
--- a/src/post_modules/Nettle/testsuite.in
+++ b/src/post_modules/Nettle/testsuite.in
@@ -840,6 +840,15 @@ test_aead(Crypto.AES.CCM,
 	"F3 29 05 B8  8A 64 1B 04  B9 C9 FF B5  8C C3 90 90  0F 3D A1 2A  B1",
 	"6D CE 9E 82  EF A1 6D A6  20 59", 10)
 
+dnl Bug #10074 - Broken digest for authenticated data of lengths 14 - 0xfeff.
+test_aead(Crypto.AES.CCM,
+	"1a44f3550688fddbc1e5041dc98952c0",
+	"5d2904298f668ba95eaa1797",
+	"d55908958b70abee81054cdf3d3df5",
+	"",
+	"",
+	"5c71b4f069cfa13b7634db4b13e7be7d")
+
 cond_resolv( Crypto.AES.GCM, [[
   test_eq( Crypto.AES.GCM()->block_size(), 16 )
   test_eq( Crypto.AES.GCM()->key_size(), 0 )