diff --git a/src/ssl.c b/src/ssl.c
index 1d31312da..ebfe969fd 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -29466,12 +29466,12 @@ void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
 #endif /* WOLFSSL_AES_CFB */
 }
 
-#ifdef HAVE_AES_KEYWRAP
+/* wc_AesKey*Wrap_ex API not available in FIPS and SELFTEST */
+#if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
 int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
                  unsigned char *out,
                  const unsigned char *in, unsigned int inlen)
 {
-    Aes* aes;
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
@@ -29481,9 +29481,7 @@ int wolfSSL_AES_wrap_key(AES_KEY *key, const unsigned char *iv,
         return WOLFSSL_FAILURE;
     }
 
-    aes = (Aes*)key;
-
-    ret = wc_AesKeyWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
+    ret = wc_AesKeyWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
 
     return ret < 0 ? WOLFSSL_FAILURE : ret;
 }
@@ -29492,7 +29490,6 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
                    unsigned char *out,
                    const unsigned char *in, unsigned int inlen)
 {
-    Aes* aes;
     int ret;
 
     WOLFSSL_ENTER("wolfSSL_AES_wrap_key");
@@ -29502,13 +29499,11 @@ int wolfSSL_AES_unwrap_key(AES_KEY *key, const unsigned char *iv,
         return WOLFSSL_FAILURE;
     }
 
-    aes = (Aes*)key;
-
-    ret = wc_AesKeyUnWrap_ex(aes, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
+    ret = wc_AesKeyUnWrap_ex((Aes*)key, in, inlen, out, inlen + KEYWRAP_BLOCK_SIZE, iv);
 
     return ret < 0 ? WOLFSSL_FAILURE : ret;
 }
-#endif /* HAVE_AES_KEYWRAP */
+#endif /* HAVE_AES_KEYWRAP && !HAVE_FIPS && !HAVE_SELFTEST */
 #endif /* NO_AES */
 
 #ifndef NO_FILESYSTEM
@@ -49765,7 +49760,14 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
         return 0;
     }
 
-    if (padding != RSA_PKCS1_PADDING && padding != RSA_PKCS1_PSS_PADDING) {
+    if (
+    #ifdef WC_RSA_PSS
+        padding != RSA_PKCS1_PSS_PADDING &&
+    #endif
+    #ifdef WC_RSA_NO_PADDING
+        padding != RSA_NO_PADDING &&
+    #endif
+        padding != RSA_PKCS1_PADDING) {
         WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding");
         return 0;
     }
@@ -49797,7 +49799,33 @@ int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
 #endif
 
     /* size of output buffer must be size of RSA key */
-    sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng);
+    switch (padding) {
+        case RSA_PKCS1_PADDING:
+            sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
+                    key, rng);
+            break;
+    #ifdef WC_RSA_PSS
+        case RSA_PKCS1_PSS_PADDING:
+            sz = wc_RsaPSS_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa),
+                    WC_HASH_TYPE_NONE, WC_MGF1NONE, key, rng);
+            break;
+    #endif
+    #ifdef WC_RSA_NO_PADDING
+        case RSA_NO_PADDING:
+        {
+            word32 outLen = (word32)len;
+            sz = wc_RsaFunction(in, (word32)len, out, &outLen,
+                    RSA_PRIVATE_ENCRYPT, key, rng);
+            if (sz == 0)
+                sz = (int)outLen;
+            break;
+        }
+    #endif
+        default:
+            sz = BAD_FUNC_ARG;
+            break;
+    }
+
     #if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
     if (wc_FreeRng(rng) != 0) {
         WOLFSSL_MSG("Error freeing random number generator");
diff --git a/tests/api.c b/tests/api.c
index e77cb055e..1b884c351 100644
--- a/tests/api.c
+++ b/tests/api.c
@@ -33608,7 +33608,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
 
     #endif
 
-    #ifdef HAVE_AES_KEYWRAP
+    #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
     byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 };
     byte wrapPlain[sizeof(key256)] = { 0 };
     byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 };
@@ -33621,6 +33621,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
     AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
     AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher,
             sizeof(wrapCipher)), sizeof(wrapPlain));
+    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
     printf(resultFmt, "passed");
     XMEMSET(wrapCipher, 0, sizeof(wrapCipher));
     XMEMSET(wrapPlain, 0, sizeof(wrapPlain));
@@ -33633,6 +33634,7 @@ static void test_wolfSSL_AES_cbc_encrypt()
     AssertIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0);
     AssertIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher,
             sizeof(wrapCipher)), sizeof(wrapPlain));
+    AssertIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0);
     printf(resultFmt, "passed");
     #endif /* HAVE_AES_KEYWRAP */
   #endif /* WOLFSSL_AES_256 */
diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c
index cd1e4deff..2d67233cd 100644
--- a/wolfcrypt/src/aes.c
+++ b/wolfcrypt/src/aes.c
@@ -9011,7 +9011,7 @@ int wc_AesKeyUnWrap_ex(Aes *aes, const byte* in, word32 inSz, byte* out,
         0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6
     };
 
-    if (in == NULL || inSz < 3 ||
+    if (aes == NULL || in == NULL || inSz < 3 ||
         out == NULL || outSz < (inSz - KEYWRAP_BLOCK_SIZE))
         return BAD_FUNC_ARG;