diff --git a/src/ssl.c b/src/ssl.c
index 88aca2e1a..d284b3e48 100644
--- a/src/ssl.c
+++ b/src/ssl.c
@@ -33495,19 +33495,7 @@ void *wolfSSL_OPENSSL_malloc(size_t a)
 
 int wolfSSL_OPENSSL_hexchar2int(unsigned char c)
 {
-    int ret = -1;
-
-    if ('0' <= c && c <= '9') {
-        ret = c - '0';
-    }
-    else if ('a' <= c && c <= 'f') {
-        ret = c - 'a' + 0x0a;
-    }
-    else if ('A' <= c && c <= 'F') {
-        ret = c - 'A' + 0x0a;
-    }
-
-    return ret;
+    return (int)HexCharToByte((char)c);
 }
 
 unsigned char *wolfSSL_OPENSSL_hexstr2buf(const char *str, long *len)
@@ -50959,9 +50947,6 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str,
 
     /* dump hex */
     if (flags & ASN1_STRFLGS_DUMP_ALL){
-        static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6',
-                                         '7','8', '9', 'A', 'B', 'C', 'D',
-                                         'E', 'F' };
         char hex_tmp[4];
         char *str_ptr, *str_end;
 
@@ -50977,10 +50962,8 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str,
         }
         str_len++;
         if (flags & ASN1_STRFLGS_DUMP_DER){
-            hex_tmp[0] = hex_char[(str->type & 0xf0) >> 4];
-            hex_tmp[1] = hex_char[(str->type & 0x0f)];
-            hex_tmp[2] = hex_char[(str->length & 0xf0) >> 4];
-            hex_tmp[3] = hex_char[(str->length & 0x0f)];
+            ByteToHexStr((byte)str->type, &hex_tmp[0]);
+            ByteToHexStr((byte)str->length, &hex_tmp[2]);
             if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){
                 goto err_exit;
             }
@@ -50991,8 +50974,7 @@ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str,
         str_ptr = str->data;
         str_end = str->data + str->length;
         while (str_ptr < str_end){
-            hex_tmp[0] = hex_char[*str_ptr >> 4];
-            hex_tmp[1] = hex_char[*str_ptr & 0xf];
+            ByteToHexStr((byte)*str_ptr, &hex_tmp[0]);
             if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){
                 goto err_exit;
             }
diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c
index 8163a8528..723a95a33 100644
--- a/wolfcrypt/src/asn.c
+++ b/wolfcrypt/src/asn.c
@@ -12171,7 +12171,7 @@ static mp_int* GetRsaInt(RsaKey* key, int idx)
 int wc_RsaKeyToDer(RsaKey* key, byte* output, word32 inLen)
 {
     int ret = 0, i, j, outLen = 0, mpSz;
-    word32 seqSz = 0, verSz, rawLen, intTotalLen = 0;
+    word32 seqSz = 0, verSz = 0, rawLen, intTotalLen = 0;
     word32 sizes[RSA_INTS];
     byte  seq[MAX_SEQ_SZ];
     byte  ver[MAX_VERSION_SZ];
@@ -16500,15 +16500,6 @@ int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key,
 
 
 #ifdef WOLFSSL_CUSTOM_CURVES
-static void ByteToHex(byte n, char* str)
-{
-    const char hexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
-                                    '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
-
-    str[0] = hexChar[n >> 4];
-    str[1] = hexChar[n & 0xf];
-}
-
 /* returns 0 on success */
 static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
                           word32 inSz, void* heap, int heapType)
@@ -16539,7 +16530,7 @@ static int ASNToHexString(const byte* input, word32* inOutIdx, char** out,
     }
 
     for (i=0; i<len; i++)
-        ByteToHex(input[*inOutIdx + i], str + i*2);
+        ByteToHexStr(input[*inOutIdx + i], str + i*2);
     str[len*2] = '\0';
 
     *inOutIdx += len;
diff --git a/wolfcrypt/src/misc.c b/wolfcrypt/src/misc.c
index cf7b94eb3..3d276b576 100644
--- a/wolfcrypt/src/misc.c
+++ b/wolfcrypt/src/misc.c
@@ -422,6 +422,35 @@ WC_STATIC WC_INLINE word32 btoi(byte b)
 }
 #endif
 
+WC_STATIC WC_INLINE char HexCharToByte(char ch)
+{
+    if (ch >= '0' && ch <= '9')
+        ch -= '0';
+    else if (ch >= 'A' && ch <= 'F')
+        ch -= 'A' - 10;
+    else if (ch >= 'a' && ch <= 'f')
+        ch -= 'a' - 10;
+    else
+        ch = -1; /* error case - return code must be signed */
+    return ch;
+}
+
+WC_STATIC WC_INLINE char ByteToHex(byte in)
+{
+    static const char kHexChar[] = { '0', '1', '2', '3', '4', '5', '6', '7',
+                                     '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+    return (char)(kHexChar[in & 0xF]);
+}
+
+WC_STATIC WC_INLINE int ByteToHexStr(byte in, char* out)
+{
+    if (out == NULL)
+        return -1;
+
+    out[0] = ByteToHex(in >> 4);
+    out[1] = ByteToHex(in & 0xf);
+    return 0;
+}
 
 #ifndef WOLFSSL_NO_CT_OPS
 /* Constant time - mask set when a > b. */
@@ -516,7 +545,6 @@ WC_STATIC WC_INLINE byte ctSetLTE(int a, int b)
 }
 #endif
 
-
 #undef WC_STATIC
 
 #endif /* !WOLFSSL_MISC_INCLUDED && !NO_INLINE */
diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c
index c4e9c421c..5b0bcbc74 100644
--- a/wolfcrypt/src/sp_int.c
+++ b/wolfcrypt/src/sp_int.c
@@ -12448,17 +12448,8 @@ static int _sp_read_radix_16(sp_int* a, const char* in)
 
     a->dp[0] = 0;
     for (i = (int)(XSTRLEN(in) - 1); i >= 0; i--) {
-        char ch = in[i];
-        if ((ch >= '0') && (ch <= '9')) {
-            ch -= '0';
-        }
-        else if ((ch >= 'A') && (ch <= 'F')) {
-            ch -= 'A' - 10;
-        }
-        else if ((ch >= 'a') && (ch <= 'f')) {
-            ch -= 'a' - 10;
-        }
-        else {
+        int ch = (int)HexCharToByte(in[i]);
+        if (ch < 0) {
             err = MP_VAL;
             break;
         }
@@ -12597,11 +12588,6 @@ int sp_read_radix(sp_int* a, const char* in, int radix)
 
 #if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \
     defined(WC_MP_TO_RADIX)
-/* Hex string characters. */
-static const char sp_hex_char[16] = {
-    '0', '1', '2', '3', '4', '5', '6', '7',
-    '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'
-};
 
 /* Put the big-endian, hex string encoding of a into str.
  *
@@ -12668,11 +12654,11 @@ int sp_tohex(sp_int* a, char* str)
     #endif /* WC_DISABLE_RADIX_ZERO_PAD */
             /* Most-significant word. */
             for (; j >= 0; j -= 4) {
-                *(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
+                *(str++) = ByteToHex(a->dp[i] >> j);
             }
             for (--i; i >= 0; i--) {
                 for (j = SP_WORD_SIZE - 4; j >= 0; j -= 4) {
-                    *(str++) = sp_hex_char[(a->dp[i] >> j) & 0xf];
+                    *(str++) = ByteToHex(a->dp[i] >> j);
                 }
             }
             *str = '\0';
diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c
index ac8725727..01df05e25 100644
--- a/wolfcrypt/src/tfm.c
+++ b/wolfcrypt/src/tfm.c
@@ -5418,7 +5418,7 @@ static wcchar fp_s_rmap = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 static int fp_read_radix_16(fp_int *a, const char *str)
 {
   int     i, j, k, neg;
-  char    ch;
+  int     ch;
 
   /* if the leading digit is a
    * minus set the sign to negative.
@@ -5433,15 +5433,10 @@ static int fp_read_radix_16(fp_int *a, const char *str)
   j = 0;
   k = 0;
   for (i = (int)(XSTRLEN(str) - 1); i >= 0; i--) {
-      ch = str[i];
-      if (ch >= '0' && ch <= '9')
-          ch -= (char)'0';
-      else if (ch >= 'A' && ch <= 'F')
-          ch -= (char)'A' - 10;
-      else if (ch >= 'a' && ch <= 'f')
-          ch -= (char)'a' - 10;
-      else
-          return FP_VAL;
+      ch = (int)HexCharToByte(str[i]);
+      if (ch < 0) {
+        return FP_VAL;
+      }
 
       k += j == DIGIT_BIT;
       j &= DIGIT_BIT - 1;
diff --git a/wolfssl/wolfcrypt/misc.h b/wolfssl/wolfcrypt/misc.h
index 748688fe9..2b0bc06e3 100644
--- a/wolfssl/wolfcrypt/misc.h
+++ b/wolfssl/wolfcrypt/misc.h
@@ -107,6 +107,9 @@ void ato24(const byte* c, word32* u24);
 void ato32(const byte* c, word32* u32);
 word32 btoi(byte b);
 
+WOLFSSL_LOCAL char HexCharToByte(char ch);
+WOLFSSL_LOCAL char ByteToHex(byte in);
+WOLFSSL_LOCAL int  ByteToHexStr(byte in, char* out);
 
 WOLFSSL_LOCAL byte ctMaskGT(int a, int b);
 WOLFSSL_LOCAL byte ctMaskGTE(int a, int b);