diff --git a/wolfcrypt/src/port/caam/wolfcaam_cmac.c b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
index 4ce439941..737f19da0 100644
--- a/wolfcrypt/src/port/caam/wolfcaam_cmac.c
+++ b/wolfcrypt/src/port/caam/wolfcaam_cmac.c
@@ -99,7 +99,8 @@ int wc_CAAM_Cmac(Cmac* cmac, const byte* key, word32 keySz, const byte* in,
                 WOLFSSL_MSG("Error with CMAC buffer size");
                 return -1;
             }
-            add = min(sz, (int)(AES_BLOCK_SIZE - cmac->bufferSz));
+            add = (sz < ((int)(AES_BLOCK_SIZE - cmac->bufferSz))) ? sz :
+                   (int)(AES_BLOCK_SIZE - cmac->bufferSz);
             XMEMCPY(&cmac->buffer[cmac->bufferSz], pt, add);
 
             cmac->bufferSz += add;
diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c
index bffa98501..3d0d3cc7f 100644
--- a/wolfcrypt/src/sha512.c
+++ b/wolfcrypt/src/sha512.c
@@ -1110,9 +1110,12 @@ static int Sha512_Family_Final(wc_Sha512* sha512, byte* hash, int digestSz,
 
 #ifdef WOLF_CRYPTO_CB
     if (sha512->devId != INVALID_DEVID) {
-        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, hash);
-        if (ret != CRYPTOCB_UNAVAILABLE)
+        byte localHash[WC_SHA512_DIGEST_SIZE];
+        ret = wc_CryptoCb_Sha512Hash(sha512, NULL, 0, localHash);
+        if (ret != CRYPTOCB_UNAVAILABLE) {
+            XMEMCPY(hash, localHash, digestSz);
             return ret;
+        }
         /* fall-through when unavailable */
     }
 #endif