diff --git a/ChangeLog.d/fix_ccm_add_length_check.txt b/ChangeLog.d/fix_ccm_add_length_check.txt
new file mode 100644
index 000000000..259399fd4
--- /dev/null
+++ b/ChangeLog.d/fix_ccm_add_length_check.txt
@@ -0,0 +1,5 @@
+Bugfix
+   * Fix an off-by-one error in the additional data length check for
+     CCM, which allowed encryption with a non-standard length field.
+     Fixes #3719.
+
diff --git a/library/ccm.c b/library/ccm.c
index e6ca588ba..424ee77b6 100644
--- a/library/ccm.c
+++ b/library/ccm.c
@@ -175,7 +175,7 @@ static int ccm_auth_crypt( mbedtls_ccm_context *ctx, int mode, size_t length,
     if( iv_len < 7 || iv_len > 13 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
-    if( add_len > 0xFF00 )
+    if( add_len >= 0xFF00 )
         return( MBEDTLS_ERR_CCM_BAD_INPUT );
 
     q = 16 - 1 - (unsigned char) iv_len;
diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data
index 46c172bbb..9ad3b5db6 100644
--- a/tests/suites/test_suite_ccm.data
+++ b/tests/suites/test_suite_ccm.data
@@ -41,9 +41,9 @@ ccm_lengths:5:10:5:18:MBEDTLS_ERR_CCM_BAD_INPUT
 CCM lengths #6 tag length not even
 ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT
 
-CCM lengths #7 AD too long (2^16 - 2^8 + 1)
+CCM lengths #7 AD too long (2^16 - 2^8)
 depends_on:!MBEDTLS_CCM_ALT
-ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT
+ccm_lengths:5:10:65280:8:MBEDTLS_ERR_CCM_BAD_INPUT
 
 CCM lengths #8 msg too long for this IV length (2^16, q = 2)
 ccm_lengths:65536:13:5:8:MBEDTLS_ERR_CCM_BAD_INPUT