diff --git a/src/ssl.c b/src/ssl.c
index 7376fc939..18f09bc15 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -17768,15 +17768,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 32;
             ctx->block_size = 1;
+            ctx->ivSz       = 16;
+
+            if (iv)
+                XMEMCPY(ctx->iv, iv, ctx->ivSz);
+            else
+                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
-            if (iv) {
-                ctx->cipher.tweak   = iv;
-                ctx->cipher.tweakSz = 16;
-            }
             if (key) {
                 ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, 
-                    AES_ENCRYPTION, NULL, 0);
+                    ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0);
                 if (ret != 0) {
                     WOLFSSL_MSG("wc_AesXtsSetKey() failed");
                     return ret;
@@ -17793,15 +17796,18 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
             ctx->flags     |= WOLFSSL_EVP_CIPH_XTS_MODE;
             ctx->keyLen     = 64;
             ctx->block_size = 1;
+            ctx->ivSz       = 16;
+
+            if (iv)
+                XMEMCPY(ctx->iv, iv, ctx->ivSz);
+            else
+                XMEMSET(ctx->iv, 0, AES_BLOCK_SIZE);
+
             if (enc == 0 || enc == 1)
                 ctx->enc = enc ? 1 : 0;
-            if (iv) {
-                ctx->cipher.tweak   = iv;
-                ctx->cipher.tweakSz = 16;
-            }
             if (key) {
                 ret = wc_AesXtsSetKey(&ctx->cipher.xts, key, ctx->keyLen, 
-                    AES_ENCRYPTION, NULL, 0);
+                        ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION, NULL, 0);
                 if (ret != 0) {
                     WOLFSSL_MSG("wc_AesXtsSetKey() failed");
                     return ret;
@@ -18093,10 +18099,10 @@ int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
                 WOLFSSL_MSG("AES XTS");
                 if (ctx->enc)
                     ret = wc_AesXtsEncrypt(&ctx->cipher.xts, dst, src, len,
-                            ctx->cipher.tweak, ctx->cipher.tweakSz);
+                            ctx->iv, ctx->ivSz);
                 else
                     ret = wc_AesXtsDecrypt(&ctx->cipher.xts, dst, src, len,
-                            ctx->cipher.tweak, ctx->cipher.tweakSz);
+                            ctx->iv, ctx->ivSz);
                 break;
 #endif /* WOLFSSL_AES_XTS */
 
diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c
index cb8c272ca..2bc22099d 100644
--- a/wolfcrypt/src/evp.c
+++ b/wolfcrypt/src/evp.c
@@ -390,10 +390,10 @@ static int evpCipherBlock(WOLFSSL_EVP_CIPHER_CTX *ctx,
     case AES_256_XTS_TYPE:
         if (ctx->enc)
             ret = wc_AesXtsEncrypt(&ctx->cipher.xts, out, in, inl,
-                    ctx->cipher.tweak, ctx->cipher.tweakSz);
+                    ctx->iv, ctx->ivSz);
         else
             ret = wc_AesXtsDecrypt(&ctx->cipher.xts, out, in, inl,
-                    ctx->cipher.tweak, ctx->cipher.tweakSz);
+                    ctx->iv, ctx->ivSz);
         break;
 #endif
 #endif /* !NO_AES */
diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c
index 8929f8f09..6b1e5e035 100644
--- a/wolfcrypt/test/test.c
+++ b/wolfcrypt/test/test.c
@@ -6763,13 +6763,7 @@ static int aes_xts_128_test(void)
         0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22
     };
 
-    XMEMSET(buf, 0, sizeof(buf));
-    if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION,
-            HEAP_HINT, devId) != 0)
-        return -4900;
-
-#if 0 /* Enable after passes */
-//#ifdef OPENSSL_EXTRA
+#ifdef OPENSSL_EXTRA
     ret = EVP_test(EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_128_xts failed!\n");
@@ -6777,6 +6771,11 @@ static int aes_xts_128_test(void)
     }
 #endif
 
+    XMEMSET(buf, 0, sizeof(buf));
+    if (wc_AesXtsSetKey(&aes, k2, sizeof(k2), AES_ENCRYPTION,
+            HEAP_HINT, devId) != 0)
+        return -4900;
+
     ret = wc_AesXtsEncrypt(&aes, buf, p2, sizeof(p2), i2, sizeof(i2));
 #if defined(WOLFSSL_ASYNC_CRYPT)
     ret = wc_AsyncWait(ret, &aes.aes.asyncDev, WC_ASYNC_FLAG_NONE);
@@ -6945,8 +6944,7 @@ static int aes_xts_256_test(void)
         0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92
     };
 
-#if 0 /* Enable after passes */
-//#ifdef OPENSSL_EXTRA
+#ifdef OPENSSL_EXTRA
     ret = EVP_test(EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2));
     if (ret != 0) {
         printf("EVP_aes_256_xts failed\n");
diff --git a/wolfssl/openssl/evp.h b/wolfssl/openssl/evp.h
index d32a65ce4..1b0260bcb 100644
--- a/wolfssl/openssl/evp.h
+++ b/wolfssl/openssl/evp.h
@@ -178,8 +178,6 @@ typedef union {
     Aes  aes;
 #ifdef WOLFSSL_AES_XTS
     XtsAes xts;
-    const byte*  tweak;
-    word32 tweakSz;
 #endif
 #endif
 #ifndef NO_DES3
@@ -321,7 +319,8 @@ struct WOLFSSL_EVP_CIPHER_CTX {
     int  bufUsed;
     ALIGN16 byte lastBlock[WOLFSSL_EVP_BUF_SIZE];
     int  lastUsed;
-#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA)
+#if !defined(NO_AES) || !defined(NO_DES3) || defined(HAVE_IDEA) || \
+    defined(HAVE_AESGCM) || defined (WOLFSSL_AES_XTS)
 #define HAVE_WOLFSSL_EVP_CIPHER_CTX_IV
     int    ivSz;
     ALIGN16 unsigned char authTag[AES_BLOCK_SIZE];